EthSecurity

Protocol Diagramming

• ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
• Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
• Solgraph - Generates DOT graphs with function control flow of a solidity contract
• Surya - Generates various visual outputs of function call graphs
• sol-function-profiler - Solidity contract function

Jonatas
Write-up

Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3.

@ethsecurity1

GitHub

GitHub - fergarrui/ethereum-graph-debugger: Ethereum solidity graph plain debugger. To have the whole picture when debugging.

Ethereum solidity graph plain debugger. To have the whole picture when debugging. - fergarrui/ethereum-graph-debugger

🔥3❤1

661 views19:35

EthSecurity

The Vulnerable Nature of Decentralized Governance in DeFi.

The Double-Edged Sword of abi.decode

@EthSecurity1

Medium

The Double-Edged Sword of abi.decode

Solidity ABI decoder is widely used in top tier protocols. In this blog we will understand how it works under the hood and how it can be…

🔥2

571 views20:09

EthSecurity

Forwarded from Vladimir S. | Officer's Channel (officercia)

+ 1 👀

• twitter.com/ylv_io/status/1693706540413276247

#security

501 views20:44

EthSecurity

solidity Decompilers
https://github.com/eveem-org/panoramix — another decompiler
ethervm.io — online decompiler
ABI for unverified contracts
https://github.com/Jon-Becker/heimdall-rs — also includes a decompiler Solidity data representation https://ethdebug.github.io/solidity-data-representation/ Working in Web3: The Handbook https://web3.smsunarto.com/ solidity style Guide https://www.rareskills.io/post/solidity-style-guide /
@ethsecurity1

GitHub

GitHub - eveem-org/panoramix: Decompiler at the heart of Eveem.org

Decompiler at the heart of Eveem.org. Contribute to eveem-org/panoramix development by creating an account on GitHub.

👍4⚡1❤1

710 viewsedited 18:53

EthSecurity

Officercia new post

https://blog.pessimistic.io/auditors-notes-initializing-proxy-oracles-multi-chain-e314ec0694b2

Curve Finance Analysis and Post-mortem

Theft of collateral tokens with fewer than 18 decimals

@EthSecurity1

Medium

Auditor’s Notes: Initializing, Proxy, Oracles & Multi-Chain

We’ll look at some specific advice for/when working with initializing, proxy, oracles and auditing during the development of smart…

❤4🫡2

2.67K viewsedited 19:56

EthSecurity

https://kebabsec.xyz/posts/critical_vulnerability_in_uniswapx/ @EthSecurity1

Kebabsec

Squashing a Pesky Bug in UniswapX

About a week after the launch of UniswapX I submitted a bug report to Uniswap Labs’ bug bounty program. The bug was regarding an unsafe user balance check performed during order settlement. This was a high risk vulnerability that put any user creating an…

🔥3❤1🤯1

1.13K views16:29

EthSecurity

ZKP vulnerabilities

Zcash hash collision

https://www.youtube.com/watch?v=W4zAbEnJQUw

Frozen heart

https://www.youtube.com/watch?v=ffPI0B2l2dY

@EthSecurity1

YouTube

ZK Vulnerability - Zcash Hash Collision

Today on our zero-knowledge-proof learning journey we’re focusing on a ZK hash collision that led to a double-spending vulnerability impacting Zcash (2016)

If you’re interested in crypto security you should subscribe to my weekly newsletter here - http:…

🔥3

707 viewsedited 10:13

EthSecurity

Time to shit on some proxy patterns.

- Beacon: it sucks in performance, antipattern that got psyoped into relevance.

- UUPS: devs need to pollute their implementations.

- Transparent: devs need to deploy 2 extra contracts and verify them everytime. Much captcha.@EthSecurity1

😁5🔥2👍1

662 views08:21

EthSecurity

X users manipulated by ChatGPT bots to visit malicious crypto sites.

Dark days incoming

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

DeFi Hacks Analysis - Root Cause Analysis Part 2 SunSec

@EthSecyrity1

Protos

X users manipulated by ChatGPT bots to visit malicious crypto sites

The 'Fox8' botnet comprises 1,140 X accounts designed to share tweets, retweeted posts, and images to drive traffic to these fake websites.

🔥4

679 viewsedited 18:41

EthSecurity

Web2 Bug Repellant Instructions

Exploring Tornado Cash In-Depth to Reveal Malleability Attacks in ZKP Projects

@EthSecurity1

OtterSec

Web2 Bug Repellant Instructions

An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.

❤1⚡1🔥1

642 viewsedited 19:50

EthSecurity

Essential Auditing Knowledge | What is the Difficult-to-Guard “Read-Only Reentrancy Attack”,

Audit Anomalies Archive

a unique Sandwich Attack against Curve Finance

@EthSecurity1

🔥5⚡1

736 viewsedited 17:54

EthSecurity

DeFi Risk Modelling Awesome

The Specter (and Spectra) of Miner Extractable Value.

@EthSecurity1

GitHub

GitHub - engn33r/DeFi-Risk-Modelling-Awesome: Resources for the budding field of risk modelling and analysis in DeFi

Resources for the budding field of risk modelling and analysis in DeFi - engn33r/DeFi-Risk-Modelling-Awesome

🔥3

619 views19:46

EthSecurity

Typical vulnerabilities in AMM protocols

https://blog.decurity.io/typical-vulnerabilities-in-amm-protocols-9006f7986ba0

How Does Ethereum Manage Data?
https://blog.smlxl.io/how-does-ethereum-manage-data-3ee85263134b?

@EthSecurity1

Medium

Typical vulnerabilities in AMM protocols

This article discusses the fundamental security aspects of the AMM (automatic market maker) protocols.

👍4

651 views20:11

EthSecurity

1-💡Foundry tips

Have you ever tried deploying contracts with different solidity versions with Foundry? https://twitter.com/GiuseppeDeLaZa/status/1699394882941395416

2-Month long DeFi security alpha thread

3-Common Cross-Chain Bridge Vulnerabilities

@Ethsecurity1

X (formerly Twitter)

GiuseppeDeLaZara on X

💡Foundry tips💡

Have you ever tried deploying contracts with different solidity versions with Foundry?

It can be a nightmare to set up🤬

I wish I had known about this cheat earlier 🧵

🔥3⚡1

628 viewsedited 18:05

EthSecurity

TSS Vulnerability Thread by Hein Alberts. A more accessible explanation of the above vulnerability and how it affected THORChain

A summary from the perspective of Sigma Prime on the security GigaSpace: The Future of Web3 Security Reviews.

@EthSecurity1

X (formerly Twitter)

Hein Alberts (@HeinAlberts) on X

THORChain's $RUNE Lending update Paused 🚨🚨 . Delve into the intricate details behind the TSS vulnerability affecting the crypto landscape. Stay informed, navigate the noise.

👍3

601 views19:22

EthSecurity

Structs in Solidity: Best Practices for Gas Efficiency

Cryptanalysis of the DAO exploit

@EthSecurity1

Medium

Structs in Solidity: Best Practices for Gas Efficiency by 0xLazard

How can we save a significant amount of gas in our smart contract, especially when using structs and functions that interact with them?

👍2❤1🔥1

583 views16:57

EthSecurity

Enso Transaction Simulator - Ethereum transaction simulator leveraging Foundry's codebase.

BrokenToken - a tool designed to automatically test smart contracts that interact with ERC20 tokens for unexpected behavior that may result in exploits.

mev-share-rs - ust utils for MEV-share.

Alloy - Fast, battle-tested and well-documented building blocks for Ethereum, in Rust.

Releasing Reth! by Georgios Konstantopoulos (Paradigm).

SmartBugs - A Framework for Analysing Ethereum Smart Contracts.

Titanoboa - A Vyper interpreter with pretty tracebacks, forking, debugging

@EthSecurity1

GitHub

GitHub - EnsoBuild/temper: Temper your expectations - Ethereum Transaction Simulator

Temper your expectations - Ethereum Transaction Simulator - GitHub - EnsoBuild/temper: Temper your expectations - Ethereum Transaction Simulator

👍4⚡1🔥1

791 views17:54

EthSecurity