TWAMM introducing
https://www.paradigm.xyz/2021/07/twamm
L2 Sequencer and Stale Oracle Prices Bug
https://medium.com/@lopotras/l2-sequencer-and-stale-oracle-prices-bug-54a749417277?source=social.tw
Web3 Bug Bounty Collection
https://github.com/JeffCX/collection-web3-bug-bounty
@ethsecurity1
https://www.paradigm.xyz/2021/07/twamm
L2 Sequencer and Stale Oracle Prices Bug
https://medium.com/@lopotras/l2-sequencer-and-stale-oracle-prices-bug-54a749417277?source=social.tw
Web3 Bug Bounty Collection
https://github.com/JeffCX/collection-web3-bug-bounty
@ethsecurity1
Paradigm
TWAMM - Paradigm
Paradigm is a research-driven crypto investment firm that funds companies and protocols from their earliest stages.
❤3
That is one of High level course about ZK Audit i have seen it. Feedback me if it is useful
https://www.youtube.com/playlist?list=PLeUIc0UZxuuF8_ueHNt1TuEyNhcsmzu_g
@ethsecurity1
https://www.youtube.com/playlist?list=PLeUIc0UZxuuF8_ueHNt1TuEyNhcsmzu_g
@ethsecurity1
🔥5⚡1
Protocol Diagramming
• ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
• Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
• Solgraph - Generates DOT graphs with function control flow of a solidity contract
• Surya - Generates various visual outputs of function call graphs
• sol-function-profiler - Solidity contract function
Jonatas
Write-up
Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3.
@ethsecurity1
• ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
• Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
• Solgraph - Generates DOT graphs with function control flow of a solidity contract
• Surya - Generates various visual outputs of function call graphs
• sol-function-profiler - Solidity contract function
Jonatas
Write-up
Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3.
@ethsecurity1
GitHub
GitHub - fergarrui/ethereum-graph-debugger: Ethereum solidity graph plain debugger. To have the whole picture when debugging.
Ethereum solidity graph plain debugger. To have the whole picture when debugging. - fergarrui/ethereum-graph-debugger
🔥3❤1
Forwarded from Vladimir S. | Officer's Channel (officercia)
solidity Decompilers
https://github.com/eveem-org/panoramix — another decompiler
ethervm.io — online decompiler
ABI for unverified contracts
https://github.com/Jon-Becker/heimdall-rs — also includes a decompiler Solidity data representation https://ethdebug.github.io/solidity-data-representation/ Working in Web3: The Handbook https://web3.smsunarto.com/ solidity style Guide https://www.rareskills.io/post/solidity-style-guide /
@ethsecurity1
https://github.com/eveem-org/panoramix — another decompiler
ethervm.io — online decompiler
ABI for unverified contracts
https://github.com/Jon-Becker/heimdall-rs — also includes a decompiler Solidity data representation https://ethdebug.github.io/solidity-data-representation/ Working in Web3: The Handbook https://web3.smsunarto.com/ solidity style Guide https://www.rareskills.io/post/solidity-style-guide /
@ethsecurity1
GitHub
GitHub - eveem-org/panoramix: Decompiler at the heart of Eveem.org
Decompiler at the heart of Eveem.org. Contribute to eveem-org/panoramix development by creating an account on GitHub.
👍4⚡1❤1
Officercia new post
https://blog.pessimistic.io/auditors-notes-initializing-proxy-oracles-multi-chain-e314ec0694b2
Curve Finance Analysis and Post-mortem
Theft of collateral tokens with fewer than 18 decimals
@EthSecurity1
https://blog.pessimistic.io/auditors-notes-initializing-proxy-oracles-multi-chain-e314ec0694b2
Curve Finance Analysis and Post-mortem
Theft of collateral tokens with fewer than 18 decimals
@EthSecurity1
Medium
Auditor’s Notes: Initializing, Proxy, Oracles & Multi-Chain
We’ll look at some specific advice for/when working with initializing, proxy, oracles and auditing during the development of smart…
❤4🫡2
ZKP vulnerabilities
Zcash hash collision
https://www.youtube.com/watch?v=W4zAbEnJQUw
Frozen heart
https://www.youtube.com/watch?v=ffPI0B2l2dY
@EthSecurity1
Zcash hash collision
https://www.youtube.com/watch?v=W4zAbEnJQUw
Frozen heart
https://www.youtube.com/watch?v=ffPI0B2l2dY
@EthSecurity1
YouTube
ZK Vulnerability - Zcash Hash Collision
Today on our zero-knowledge-proof learning journey we’re focusing on a ZK hash collision that led to a double-spending vulnerability impacting Zcash (2016)
If you’re interested in crypto security you should subscribe to my weekly newsletter here - http:…
If you’re interested in crypto security you should subscribe to my weekly newsletter here - http:…
🔥3
Time to shit on some proxy patterns.
- Beacon: it sucks in performance, antipattern that got psyoped into relevance.
- UUPS: devs need to pollute their implementations.
- Transparent: devs need to deploy 2 extra contracts and verify them everytime. Much captcha.@EthSecurity1
- Beacon: it sucks in performance, antipattern that got psyoped into relevance.
- UUPS: devs need to pollute their implementations.
- Transparent: devs need to deploy 2 extra contracts and verify them everytime. Much captcha.@EthSecurity1
😁5🔥2👍1
X users manipulated by ChatGPT bots to visit malicious crypto sites.
Dark days incoming
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
DeFi Hacks Analysis - Root Cause Analysis Part 2 SunSec
@EthSecyrity1
Dark days incoming
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
DeFi Hacks Analysis - Root Cause Analysis Part 2 SunSec
@EthSecyrity1
Protos
X users manipulated by ChatGPT bots to visit malicious crypto sites
The 'Fox8' botnet comprises 1,140 X accounts designed to share tweets, retweeted posts, and images to drive traffic to these fake websites.
🔥4
Web2 Bug Repellant Instructions
Exploring Tornado Cash In-Depth to Reveal Malleability Attacks in ZKP Projects
@EthSecurity1
Exploring Tornado Cash In-Depth to Reveal Malleability Attacks in ZKP Projects
@EthSecurity1
OtterSec
Web2 Bug Repellant Instructions
An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.
❤1⚡1🔥1
Typical vulnerabilities in AMM protocols
https://blog.decurity.io/typical-vulnerabilities-in-amm-protocols-9006f7986ba0
How Does Ethereum Manage Data?
https://blog.smlxl.io/how-does-ethereum-manage-data-3ee85263134b?
@EthSecurity1
https://blog.decurity.io/typical-vulnerabilities-in-amm-protocols-9006f7986ba0
How Does Ethereum Manage Data?
https://blog.smlxl.io/how-does-ethereum-manage-data-3ee85263134b?
@EthSecurity1
Medium
Typical vulnerabilities in AMM protocols
This article discusses the fundamental security aspects of the AMM (automatic market maker) protocols.
👍4
1-💡Foundry tips
Have you ever tried deploying contracts with different solidity versions with Foundry? https://twitter.com/GiuseppeDeLaZa/status/1699394882941395416
2-Month long DeFi security alpha thread
3-Common Cross-Chain Bridge Vulnerabilities
@Ethsecurity1
Have you ever tried deploying contracts with different solidity versions with Foundry? https://twitter.com/GiuseppeDeLaZa/status/1699394882941395416
2-Month long DeFi security alpha thread
3-Common Cross-Chain Bridge Vulnerabilities
@Ethsecurity1
X (formerly Twitter)
GiuseppeDeLaZara on X
💡Foundry tips💡
Have you ever tried deploying contracts with different solidity versions with Foundry?
It can be a nightmare to set up🤬
I wish I had known about this cheat earlier 🧵
Have you ever tried deploying contracts with different solidity versions with Foundry?
It can be a nightmare to set up🤬
I wish I had known about this cheat earlier 🧵
🔥3⚡1
TSS Vulnerability Thread by Hein Alberts. A more accessible explanation of the above vulnerability and how it affected THORChain
A summary from the perspective of Sigma Prime on the security GigaSpace: The Future of Web3 Security Reviews.
@EthSecurity1
A summary from the perspective of Sigma Prime on the security GigaSpace: The Future of Web3 Security Reviews.
@EthSecurity1
X (formerly Twitter)
Hein Alberts (@HeinAlberts) on X
THORChain's $RUNE Lending update Paused 🚨🚨 . Delve into the intricate details behind the TSS vulnerability affecting the crypto landscape. Stay informed, navigate the noise.
👍3
Enso Transaction Simulator - Ethereum transaction simulator leveraging Foundry's codebase.
BrokenToken - a tool designed to automatically test smart contracts that interact with ERC20 tokens for unexpected behavior that may result in exploits.
mev-share-rs - ust utils for MEV-share.
Alloy - Fast, battle-tested and well-documented building blocks for Ethereum, in Rust.
Releasing Reth! by Georgios Konstantopoulos (Paradigm).
SmartBugs - A Framework for Analysing Ethereum Smart Contracts.
Titanoboa - A Vyper interpreter with pretty tracebacks, forking, debugging
@EthSecurity1
BrokenToken - a tool designed to automatically test smart contracts that interact with ERC20 tokens for unexpected behavior that may result in exploits.
mev-share-rs - ust utils for MEV-share.
Alloy - Fast, battle-tested and well-documented building blocks for Ethereum, in Rust.
Releasing Reth! by Georgios Konstantopoulos (Paradigm).
SmartBugs - A Framework for Analysing Ethereum Smart Contracts.
Titanoboa - A Vyper interpreter with pretty tracebacks, forking, debugging
@EthSecurity1
GitHub
GitHub - EnsoBuild/temper: Temper your expectations - Ethereum Transaction Simulator
Temper your expectations - Ethereum Transaction Simulator - GitHub - EnsoBuild/temper: Temper your expectations - Ethereum Transaction Simulator
👍4⚡1🔥1
Haggling With Hackers: Surprising Lessons From 50 Negotiations With Ransomware Gangs.
Advanced Wizard Guide to Dune SQL and Ethereum Data Analytics
• LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Beware cool-looking beta crypto-apps. They may be money-stealing fakes.
@EthSecurity1
Advanced Wizard Guide to Dune SQL and Ethereum Data Analytics
• LABRAT: Stealthy Cryptojacking and Proxyjacking Campaign Targeting GitLab
Beware cool-looking beta crypto-apps. They may be money-stealing fakes.
@EthSecurity1
Cryptodatabytes
Advanced Wizard Guide to Dune SQL and Ethereum Data Analytics
Giving you the frameworks and functions you need to become an archwizard
❤5
Breaking down the Top 50 DeFi hacks 2016-2022
Reports of fake crypto job posting used to spread wallet stealer malware.
Magnate Finance disappears with over $6 million in apparent 'rug pull'.
Sort of professionals creating a web3sec community.Check out the DeFiHackLabs Partnership Application:
forms.gle/M7WiCJiuGkdBxP…
DeFiHackLabs Discord: discord.gg/Akky65mbz9
@EthSecurity1
Reports of fake crypto job posting used to spread wallet stealer malware.
Magnate Finance disappears with over $6 million in apparent 'rug pull'.
Sort of professionals creating a web3sec community.Check out the DeFiHackLabs Partnership Application:
forms.gle/M7WiCJiuGkdBxP…
DeFiHackLabs Discord: discord.gg/Akky65mbz9
@EthSecurity1
👍1