Halting the Solana Blockchain with Epsilon Stake https://tik-old.ee.ethz.ch/file/9d40dad802dd12d9ba1f1b7c1759920c/Solana___ICDCN_24.pdf
@EthSecurity1
@EthSecurity1
β‘1
what is domain separator?
The domain separator helps prevent signature reuse attacks in DeFi protocols by making signatures unique to a particular contract and message type. Here are some more details:
Without a domain separator, a signature could potentially be reused for different messages or contracts. This enables various attacks.
For example, a signature approving a small transfer amount could be reused to approve a large transfer on another contract.Or a signature meant for a benign callback could be reused to trigger funds transfers.
The domain separator binds a signature to a specific contract address and message type.
It is computed from the contract address, a salt value, and the message EIP-712 typehash.When generating a signature, the signer computes and includes the domain separator.When verifying a signature, the contract recomputes the expected domain separator.If the domain separators don't match, the signature is invalid for that context.
This prevents simply replaying a signature on another contract/message type.
Even a tiny change to the contract address, salt, or message typehash invalidates old signatures.
So attackers cannot trivially transfer or forge signatures between contexts.
some potential pitfalls:
Forgetting to specify the domain separator when verifying signatures. This would allow cross-contract/message replay attacks.
Using a constant/hardcoded domain separator value rather than computing it dynamically. This defeats the purpose of making it context-specific.
Not updating the salt value periodically. Over time, old signatures could potentially be replayed on contracts with the same address.
Computing the domain separator incorrectly, such as omitting important components like the contract address. This could again allow reuse across contexts.
Failing to sanitize or validate input values used in domain separator computation. These should not be attacker-controlled.
Setting domain separators on a per-function rather than per-contract basis. This doesn't fully isolate signatures to a single context.
Not accounting for potential metadata like chain/network ID in domain separators. Signatures may not be cross-chain compatible.
Not versioning the domain separator format or hashing algorithm over time. Old styles could be replayed.
Failing to specify expected calldata/function signature when relevant. Signatures for calls are less isolated.
Not regenerating domain separators when upgrading a contract implementation. Old contexts may be accessible.
β
Insufficient entropy or non-randomness in salt values, compromising uniqueness over time.@EthSecurity1
The domain separator helps prevent signature reuse attacks in DeFi protocols by making signatures unique to a particular contract and message type. Here are some more details:
Without a domain separator, a signature could potentially be reused for different messages or contracts. This enables various attacks.
For example, a signature approving a small transfer amount could be reused to approve a large transfer on another contract.Or a signature meant for a benign callback could be reused to trigger funds transfers.
The domain separator binds a signature to a specific contract address and message type.
It is computed from the contract address, a salt value, and the message EIP-712 typehash.When generating a signature, the signer computes and includes the domain separator.When verifying a signature, the contract recomputes the expected domain separator.If the domain separators don't match, the signature is invalid for that context.
This prevents simply replaying a signature on another contract/message type.
Even a tiny change to the contract address, salt, or message typehash invalidates old signatures.
So attackers cannot trivially transfer or forge signatures between contexts.
some potential pitfalls:
Forgetting to specify the domain separator when verifying signatures. This would allow cross-contract/message replay attacks.
Using a constant/hardcoded domain separator value rather than computing it dynamically. This defeats the purpose of making it context-specific.
Not updating the salt value periodically. Over time, old signatures could potentially be replayed on contracts with the same address.
Computing the domain separator incorrectly, such as omitting important components like the contract address. This could again allow reuse across contexts.
Failing to sanitize or validate input values used in domain separator computation. These should not be attacker-controlled.
Setting domain separators on a per-function rather than per-contract basis. This doesn't fully isolate signatures to a single context.
Not accounting for potential metadata like chain/network ID in domain separators. Signatures may not be cross-chain compatible.
Not versioning the domain separator format or hashing algorithm over time. Old styles could be replayed.
Failing to specify expected calldata/function signature when relevant. Signatures for calls are less isolated.
Not regenerating domain separators when upgrading a contract implementation. Old contexts may be accessible.
β
Insufficient entropy or non-randomness in salt values, compromising uniqueness over time.@EthSecurity1
π6β€3
New year start with new loss. Orbit Bridge ~81.5 m $
Happy new year
Happy new year
β‘8π₯5π’2π1
Twice hack 4.5 m$
https://www.theblock.co/post/270080/radiant-capital-reportedly-hacked-eth?utm_source=telegram1&utm_medium=social
@EthSrcurity1
https://www.theblock.co/post/270080/radiant-capital-reportedly-hacked-eth?utm_source=telegram1&utm_medium=social
@EthSrcurity1
The Block
Radiant Capital reportedly hacked for $4.5 million worth of ETH
Cross-chain lending protocol Radiant Capital was hacked for 1,900 ETH, blockchain security firm PeckShield reported on X today.
π₯2π1
EthSecurity
One common vulnerability with the ecrecover function in Solidity is malleability of signatures. ecrecover is used to recover the address that signed a message from an elliptic curve signature. However, signatures in crypto systems like Ethereum are malleable.β¦
ECRecover and Signature Verification in Ethereum https://coders-errand.com/ecrecover-signature-verification-ethereum/
This blog has great articles about cryptography and ZK
And sure watch this
Ethereum yellow paper
https://youtu.be/e84V1MxRlYs?si=ysB4c21fT9Ce024u
@EthSecurity1
This blog has great articles about cryptography and ZK
And sure watch this
Ethereum yellow paper
https://youtu.be/e84V1MxRlYs?si=ysB4c21fT9Ce024u
@EthSecurity1
Coder's Errand
ECRecover and Signature Verification in Ethereum β’ Coder's Errand
This post explains how Ethereum signatures differ from standard ECDSA signatures, and how to use ECRecover to verify them.
π₯2
DYDX exploite post-mortem
https://www.theblock.co/post/270275/dydx-publishes-post-mortem-9-million-november-attack
Gamma protocol is third hack in 2024
https://twitter.com/GammaStrategies/status/1742882840247779453
@Ethsecurity1
https://www.theblock.co/post/270275/dydx-publishes-post-mortem-9-million-november-attack
Gamma protocol is third hack in 2024
https://twitter.com/GammaStrategies/status/1742882840247779453
@Ethsecurity1
The Block
DeFi exchange dYdX publishes post-mortem on $9 million November attack
The decentralized exchange said it has identified the attacker behind the $9 million attack, and it is reviewing legal options.
gamma exploit post_mortem 6.18 m $ loss https://medium.com/gamma-strategies/post-mortem-remediation-plan-9a62f10d90f3 @EthSecurity1
Medium
Post-Mortem & Remediation Plan
Incident Summary
π4β‘1
Forwarded from Rektoff
We are glad to opensource our holistic security strategy for Solana dev teams.
Here is a Systematic Security Roadmap for a full lifecycle of Solana applications.
https://github.com/Rektoff/Security-Roadmap-for-Solana-applications
https://x.com/rektoff_xyz/status/1744771734782263613?s=20
Here is a Systematic Security Roadmap for a full lifecycle of Solana applications.
https://github.com/Rektoff/Security-Roadmap-for-Solana-applications
https://x.com/rektoff_xyz/status/1744771734782263613?s=20
GitHub
GitHub - Rektoff/Security-Roadmap-for-Solana-applications: We are systematizing everything we know about Solana security into oneβ¦
We are systematizing everything we know about Solana security into one structured resource: the Solana Security Strategy. Itβs a field-tested knowledge base for teams building serious products β pa...
β€5
2023 web3security Facts:
83% of protocols hacked in 2023 was audited
56.7% rugpulls happened in BSC
Certik-Peckshield-slowmist- Quantstamp are firms that performed security audits on exploited projects(before exploit).
62% projects compensated after exploit
34% projects audited after the exploits
78% attackers accepted bug bounty
@EthSecurity1
83% of protocols hacked in 2023 was audited
56.7% rugpulls happened in BSC
Certik-Peckshield-slowmist- Quantstamp are firms that performed security audits on exploited projects(before exploit).
62% projects compensated after exploit
34% projects audited after the exploits
78% attackers accepted bug bounty
@EthSecurity1
π9π₯4β‘1π1
Near smart contract security course https://www.youtube.com/playlist?list=PL7Gwuo_MOL740lhKTvouCJvk4sAyuqZqT
Near protocol lay off 50% of staff
ZKP Series: Principles and
Implementation of Extensibility Attacks on Groth16 Proofs https://slowmist.medium.com/zkp-series-principles-and-implementation-of-extensibility-attacks-on-groth16-proofs-aedcd703323a @EthSecurity1
Near protocol lay off 50% of staff
ZKP Series: Principles and
Implementation of Extensibility Attacks on Groth16 Proofs https://slowmist.medium.com/zkp-series-principles-and-implementation-of-extensibility-attacks-on-groth16-proofs-aedcd703323a @EthSecurity1
Medium
ZKP Series: Principles and Implementation of Extensibility Attacks on Groth16 Proofs
Why Groth16 is Vulnerable to Scalability Attacks?
https://cointelegraph.com/news/trezor-discloses-66k-users-affected-phishing-attack
Seems trustwallet used trezor library too. Code suffers randomness issues
Seems trustwallet used trezor library too. Code suffers randomness issues
Cointelegraph
Trezor discloses 66K users affected by phishing attackpost.title.seo-tail
Hardware wallet Trezor has flagged a security breach that exposed the contact information of nearly 66,000 users, according to a Jan. 20 announcement.
π’4β‘1π€1
Ethereum Smart Contract Auditor's 2023 Rewind https://ventral.digital/posts/2024/1/19/ethereum-smart-contract-auditors-2023-rewind/ Top 10 Blockchain Hacking Techniques of 2023 https://blog.openzeppelin.com/top-10-blockchain-hacking-techniques-of-2023-submissions-open @EthSecurity1
ventraldigital
Ethereum Smart Contract Auditor's 2023 Rewind β’ Ventral Digital
Ventral Digital LLC is a research and consultancy firm specializing in Information Security and Privacy.
π6
In orbit accident I was wondering how keys compromised. This is post-mortem:
https://medium.com/orbit-chain/official-statement-regarding-orbit-bridge-exploit-551928f3dc52
And MIM hack analysis
https://x.com/kankodu/status/1752581744803680680?s=61
@EthSecurity1
https://medium.com/orbit-chain/official-statement-regarding-orbit-bridge-exploit-551928f3dc52
And MIM hack analysis
https://x.com/kankodu/status/1752581744803680680?s=61
@EthSecurity1
Medium
Official Statement Regarding βOrbit Bridge Exploitβ
Hello, Orbit Chain Community.
π₯4
Forwarded from Investigations by ZachXBT
It appears a Ripple insider was hacked for ~213M XRP ($112.5M)
Source address
rJNLz3A1qPKfWCtJLPhmMZAfBkutC2Qojm
So far the stolen funds have been laundered through MEXC, Gate, Binance, Kraken, OKX, HTX, HitBTC, etc
Update: Confirmation of the hack from Chris Larsen (Ripple Co-Founder & Executive Chairman)
Theft addresses
rGhR13XyM43WdDaSMznHd5rZ4cJatybvEg
rHQVKntyfkDCPhEBL2ctryuEAkDZgckmmV
rLsUemhuBZtF44rqqzneb2F9JgyrRYYd4t
rKPERax7t9iFvT3RHXn5nifyNpzp9a4hBa
rpjs4HLX1gJoEenH69PsQmXaXY22QhCYAT
rLRhugR4ysNa2xkt4E6fKN8krs9jatCp6w
rnCyeUNvfDbtTagGEPjBfTCBz6EqJjf2Uj
rHVjfYzTaB8MzSoQGqpzH9barZr85QsZW7
Source address
rJNLz3A1qPKfWCtJLPhmMZAfBkutC2Qojm
So far the stolen funds have been laundered through MEXC, Gate, Binance, Kraken, OKX, HTX, HitBTC, etc
Update: Confirmation of the hack from Chris Larsen (Ripple Co-Founder & Executive Chairman)
Theft addresses
rGhR13XyM43WdDaSMznHd5rZ4cJatybvEg
rHQVKntyfkDCPhEBL2ctryuEAkDZgckmmV
rLsUemhuBZtF44rqqzneb2F9JgyrRYYd4t
rKPERax7t9iFvT3RHXn5nifyNpzp9a4hBa
rpjs4HLX1gJoEenH69PsQmXaXY22QhCYAT
rLRhugR4ysNa2xkt4E6fKN8krs9jatCp6w
rnCyeUNvfDbtTagGEPjBfTCBz6EqJjf2Uj
rHVjfYzTaB8MzSoQGqpzH9barZr85QsZW7
π3π€―2
Forwarded from Crypto Goodreads
Vitalik wrote about risks of restaking in this article from May 2023.
Good to take a step back sometimes and look at the safety too
π
https://vitalik.eth.limo/general/2023/05/21/dont_overload.html
Good to take a step back sometimes and look at the safety too
π
https://vitalik.eth.limo/general/2023/05/21/dont_overload.html
Warpcast is strange! Get approves account keys onchain and store eth keys on it's server :(
Eth keys : hold asset(EOA)
@Ethsecurity1
Eth keys : hold asset(EOA)
@Ethsecurity1
π10π€¬2
- PlayDapp Heist: Attackers minted 200M PLA tokens, valuing a massive $31M loss. A significant portion, $5.9M worth, found its way to the Gate platform. The exploit was due to a security vulnerability. @EthSecurity1
π₯3π2π±2
considering Blast as clone of optimism ToB found only 1 Low on Blast, when Spearbit found 6 Crit, 6 H, 11 M and 14 L https://github.com/trailofbits/publications/blob/master/reviews/2024-01-metalayerblast-securityreview.pdf
https://github.com/spearbit/portfolio/blob/master/pdfs/report-blast-contracts-review-draft.pdf
Blast source code deep dive:
https://twitter.com/jarrodWattsDev/status/1727584394796323042?s=20
@EthSecurity1
https://github.com/spearbit/portfolio/blob/master/pdfs/report-blast-contracts-review-draft.pdf
Blast source code deep dive:
https://twitter.com/jarrodWattsDev/status/1727584394796323042?s=20
@EthSecurity1
GitHub
publications/reviews/2024-01-metalayerblast-securityreview.pdf at master Β· trailofbits/publications
Publications from Trail of Bits. Contribute to trailofbits/publications development by creating an account on GitHub.
π9