Happy noroz and new year 2583 achaemenid
To all kurdish and persians

SSS Hacked on Blast. a kid wrote it. @EthSecurity1

Munchables keys on Blast was compromised. 62 m$ lost but Blast controls the bridge. attacker address : https://blastscan.io/address/0x6e8836f050a315611208a5cd7e228701563d09c5 @EthSecurity1

🔓☁️ unizen_io, a crypto exchange and trading platform, experienced a security breach on March 8 that resulted in the loss of more than $2.1 million.

The attack technique involved authorizing a trading aggregator running on the Ethereum ( $ETH ) blockchain network. The hacker exploited an open external challenge vulnerability in the contract.

Detailed analysis: https://x.com/amlbothq/status/1770102963521867916

#offtopic #security #investigations

1)Understanding Rug Pulls: An In-Depth Behavioral Analysis of Fraudulent NFT Creators 2)Another Solidity Attack Vectors https://github.com/Quillhash/Solidity-Attack-Vectors @EthSecurity1

Prisma Hack post-mortem https://hackmd.io/@PrismaRisk/PostMortem0328 @EthSecurity

A 5y/o Explanation of Ethereum Validation https://mirror.xyz/0xffE49cEe81e8CCa632C000588278eD9c3FeFf205/J0z2S06q7DdFYE6X9TXqjTKCEOBIfbSQSr-olXJbXD8 List of eigenlayer Risks https://x.com/hanni_abu/status/1742976353660531177?s=20 Emerging web3 attack vector: Restake Farming https://x.com/blockaid_/status/1752847514393522260?s=20 @EthSecurity1

Market Manipulation vs. Oracle Exploits
https://chain.link/education-hub/market-manipulation-vs-oracle-exploits Chainlink Oracle DeFi Attacks https://medium.com/cyfrin/chainlink-oracle-defi-attacks-93b6cb6541bf @Ethsecurity1

EIP 3074 approved to go live on next Ethereum Hard fork. EIP Details: https://eips.ethereum.org/EIPS/eip-3074
it has some pitfalls for now:
-malicious invokers could steal funds
-ether in EOAs cannot be spent
-self-sponsoring breaks a weak form of flash-loan protection -invokers can make upgrading ethereum more challenging @EthSecurity1

for more datails EIP 4337 VS EIP 3074 check this https://docs.google.com/presentation/d/1dHE09UCv9YhmbOZ1OGdN9RXi2dwBbeT80M8waVjbjdg/edit#slide=id.g1f519d8aa46_0_432 @EthSecurity1

-Chainge finance Hack for insufficient validation 150 k $

-Curio Defi Hack post-mortem 40 m $ https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024 @EthSecurity1

Zelic found critical vulnerability in Gains network forks

https://x.com/zellic_io/status/1781389554764886289?s=61
@EthSecurity1

Exploiting precision loss vai fuzz testing

https://dacian.me/exploiting-precision-loss-via-fuzz-testing

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

https://github.com/HolyBugx/HolyTips

Immunefi writeups list

https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
@EthSecurity1

Hedgey finance Hacked Post-mortem 44 m $ consider consensys Audited it Earlier https://blog.cube3.ai/2024/04/19/hedgey-finance-hack-flashloan-cube3-postmortem-report/ @EthSecurity1

2 critical vulnerabilities found in fraud proof https://medium.com/offchainlabs/security-disclosure-289a4ad50709 @EthSecurity1

Deploy scripts are now in scope for smart contract audits https://medium.com/cyfrin/deploy-scripts-are-now-in-scope-for-smart-contract-audits-7fbb95788ce7 What is zk audit? https://www.zellic.io/blog/what-is-a-zk-audit/ Astar Critical Vulnerability https://www.zellic.io/blog/finding-a-critical-vulnerability-in-astar/ @ETHSecurity1

in Astar Bug, amount transfered truncate to 0.why is that? The amount argument gets truncated to 0 because of how the read function is implemented in the EvmDataReader struct.

When the read function is called with a type parameter of BalanceOf<Runtime, Instance>, which is a type alias for u128, it reads 32 bytes from the calldata and then uses buffer.copy_from_slice to copy the relevant bytes into a u128 buffer.

However, since the input value is larger than the maximum u128 value, the buffer.copy_from_slice function will only copy the lower 16 bytes of the input value into the buffer, effectively truncating the value.

In this case, when the input value is type(uint128).max + 1, the lower 16 bytes of this value are all zeros. Therefore, the buffer.copy_from_slice function copies these zero bytes into the buffer, resulting in a u128 value of 0.

This is why the amount argument gets truncated to 0, allowing the attacker to exploit this vulnerability. @EthSecurity1

1-Vulnerability Report: Binance PoR Dummy User Attack https://www.leku.blog/binance_vuln/ 2-Rolling in the Shadows: Analyzing the Extraction of MEV Across Layer-2 Rollups https://arxiv.org/abs/2405.00138 3-Patrick collins & txFusion join
to discuss TxFusion, a set of tools and products designed to improve developers' experience on the ZK ecosystem.
Today, at 7 pm UTC on https://www.youtube.com/watch?v=QUmM7LF4ch0 @EthSecurity1

Blast integration Bugs https://nirlinsecurity.xyz/p/blast-integration-bugs-part-1
Hamburger Validity Proof
https://xuwinnie.review/research/hamburger-factory-validity @EthSecurity1

Cosmos IBC Reentrancy Infinite Mint https://www.asymmetric.re/blog/cosmos-ibc-reentrancy-infinite-mint @EthSecurity1

sonneFinance Post-mortem Lost 20 m $
https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06 @EthSecurity1