when reviewed Balancer pools critical issues found out everything was free for traders. linear pools ratio was 1:1 + no fees ;( audit giants reviewed it before @EthSecurity1

new patrick collins github course for first runners https://github.com/Cyfrin/security-and-auditing-full-course-s23 @EthSecurity1

We beyond 3000 subscribers.

❌ Error: uint160(uint160 a * uint56 b)

Intermediate result of a * b can overflow uint160
When performing arithmetic operations on uint data types in Solidity, the result takes on the smallest uint type that can hold the result without overflowing.


a is of type uint160
b is of type uint56
Multiplying two uint values performs unchecked arithmetic

So when we multiply a * b:

The result could potentially be up to 160 + 56 = 216 bits wide.
✅ Fix: uint160(uint256(uint160 a) * uint56 b)

Cast to uint256 first then multiply @EthSecurity1

A Deep Dive into 1inch Fusion

x.com/officer_cia/status/1721201204573733305       

Defi Dao gevernanc defi attacks
                                   https://dacian.me/dao-governance-defi-attacks

layerzero vulnerability

https://medium.com/@Heuss/layerzeros-cross-chain-messaging-vulnerability-e5ef48c5ccec

Collected 26 unobvious tips for y’all fam. FYI

http://github.com/OffcierCia/tips-solidity-code-auditors
@Ethsecurity1

TLDR: Attacker can break neutrality guarantees of Chainlink's VRF (verifiable random function). Chainlink confirmed CRITICAL severity and paid us $300K for the finding!🎇

From the Chainlink blog: "malicious VRF subscription

Link to blog: https://blog.chain.link/smart-contract-research-case-study/
…
@EthSecurity1

In this clip, ArthurB
points out that Optimism has not implemented fraud proofs at all https://twitter.com/Justin_Bons/status/1726395238749450722 @EthSecurity1

https://blog.openzeppelin.com/15-billion-rugpull-vulnerability-in-convex-finance-protocol-uncovered-and-resolved @EthSecurity1

Uniswap v4 Lethal Integration: Vulnerabilities in Hooks Due to Risky Interactions
https://phalcon.xyz/blog/lethal-integration-vulnerabilities-in-hooks-due-to-risky-interactions @EthSecurity1

Security Analysis of the Ethereum Fork Choice specification
https://youtu.be/AaoaokIwVWE
Security & Common Pitfalls Of Merkle Trees

https://youtu.be/OLdmqfsmOPY

Ethereum yellow paper

https://youtu.be/e84V1MxRlYs

@EthSecurity1

BAMM #DEFI https://flywheeldefi.com/article/bamm-revolutionary-primative @EthSecurity1

Hello everyone!

I have been actively working with @userw01 on the article lately. In the "Cracks in the Code: Understanding the Vulnerabilities of AMM Protocols" article, we dive deep into the key features of AMM protocols, explore the most popular protocol types, discuss common attack vectors with lots of examples, and provide tips for auditors.

Check out the article here: https://millietez.medium.com/cracks-in-the-code-understanding-the-vulnerabilities-of-amm-protocols-2f5b360e159e

https://mirror.xyz/millietez.eth/ixD3xe-Q7JQowYcIFmGKxkPae_C5tCN9kWn9jXUhnKk

Enjoy the read!

What is the use of the signextend opcode?SIGNEXTEND performs the necessary sign extension when working with two's complement encoded signed integers in EVM. This allows operations on the values to produce the expected results for both positive and negative numbers. when there are negative numbers in calldata it cost more gas because the minor encoding, checking, arithmetic and comparison differences for negative numbers are why they cost slightly more gas than equivalent positive values. The EVM optimizes for the common case of non-negatives. why an int256 variable that stores -1 look like in hex?-1 stored as an int256 in Ethereum would be represented by the full 256-bit hex value ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff.

In binary, -1 is 1111111111111111111111111111111111111111111111111111111111111111

Converting that binary value to hex, we get:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Why is it important to ECDSA sign a hash rather than an arbitrary bytes32? hashing first before signing provides critical security properties like preimage resistance, binding signatures to data, canonical encoding and data integrity that direct signing of arbitrary bytes lacks. It's an important step for ECDSA signatures to provide robust cryptographic protection.
@EthSecurity1

Risks on CEX’s Confirmation Number on Arbitrum and Optimism https://medium.com/chainlight/patch-thursday-risks-on-cexs-confirmation-on-arbitrum-and-optimism-7ee25a1d58bf Post-Mortem Report: Sequencer Downtime and L1 Gas Pricing Issue
https://github.com/ArbitrumFoundation/docs/blob/50ee88b406e6e5f3866b32d147d05a6adb0ab50e/postmortems/15_Dec_2023.md MEV BOOK https://www.monoceros.com/insights/maximal-extractable-value-book

Mev & evolution of crypto exchange
https://archetype.mirror.xyz/DVJFtcEcdTqk4DxC3VX4McgyjfktXF05pCG1LFtB4-E @EthSecurity1

Polynonce: A Tale of a Novel ECDSA Attack and Bitcoin Tears https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/ Encrypted mempools https://joncharbonneau.substack.com/p/encrypted-mempools @EthSecurity1

Halting the Solana Blockchain with Epsilon Stake https://tik-old.ee.ethz.ch/file/9d40dad802dd12d9ba1f1b7c1759920c/Solana___ICDCN_24.pdf
@EthSecurity1

what is domain separator?
                                                                   The domain separator helps prevent signature reuse attacks in DeFi protocols by making signatures unique to a particular contract and message type. Here are some more details:                                                          

Without a domain separator, a signature could potentially be reused for different messages or contracts. This enables various attacks.

For example, a signature approving a small transfer amount could be reused to approve a large transfer on another contract.Or a signature meant for a benign callback could be reused to trigger funds transfers.

The domain separator binds a signature to a specific contract address and message type.

It is computed from the contract address, a salt value, and the message EIP-712 typehash.When generating a signature, the signer computes and includes the domain separator.When verifying a signature, the contract recomputes the expected domain separator.If the domain separators don't match, the signature is invalid for that context.

This prevents simply replaying a signature on another contract/message type.

Even a tiny change to the contract address, salt, or message typehash invalidates old signatures.

So attackers cannot trivially transfer or forge signatures between contexts.
                                                                                                                               
some potential pitfalls: 
            
Forgetting to specify the domain separator when verifying signatures. This would allow cross-contract/message replay attacks.

Using a constant/hardcoded domain separator value rather than computing it dynamically. This defeats the purpose of making it context-specific.

Not updating the salt value periodically. Over time, old signatures could potentially be replayed on contracts with the same address.

Computing the domain separator incorrectly, such as omitting important components like the contract address. This could again allow reuse across contexts.

Failing to sanitize or validate input values used in domain separator computation. These should not be attacker-controlled.

Setting domain separators on a per-function rather than per-contract basis. This doesn't fully isolate signatures to a single context.

Not accounting for potential metadata like chain/network ID in domain separators. Signatures may not be cross-chain compatible.

Not versioning the domain separator format or hashing algorithm over time. Old styles could be replayed.

Failing to specify expected calldata/function signature when relevant. Signatures for calls are less isolated.

Not regenerating domain separators when upgrading a contract implementation. Old contexts may be accessible.
‍
Insufficient entropy or non-randomness in salt values, compromising uniqueness over time.@EthSecurity1

New year start with new loss. Orbit Bridge ~81.5 m $
Happy new year

Twice hack 4.5 m$
https://www.theblock.co/post/270080/radiant-capital-reportedly-hacked-eth?utm_source=telegram1&utm_medium=social
@EthSrcurity1

ECRecover and Signature Verification in Ethereum https://coders-errand.com/ecrecover-signature-verification-ethereum/
This blog has great articles about cryptography and ZK

And sure watch this

Ethereum yellow paper
https://youtu.be/e84V1MxRlYs?si=ysB4c21fT9Ce024u
@EthSecurity1