1)Understanding Rug Pulls: An In-Depth Behavioral Analysis of Fraudulent NFT Creators 2)Another Solidity Attack Vectors https://github.com/Quillhash/Solidity-Attack-Vectors @EthSecurity1
arXiv.org
Understanding Rug Pulls: An In-Depth Behavioral Analysis of...
The explosive growth of non-fungible tokens (NFTs) on Web3 has created a new frontier for digital art and collectibles, but also an emerging space for fraudulent activities. This study provides an...
π₯4
Prisma Hack post-mortem https://hackmd.io/@PrismaRisk/PostMortem0328 @EthSecurity
π2β€1π€1
A 5y/o Explanation of Ethereum Validation https://mirror.xyz/0xffE49cEe81e8CCa632C000588278eD9c3FeFf205/J0z2S06q7DdFYE6X9TXqjTKCEOBIfbSQSr-olXJbXD8 List of eigenlayer Risks https://x.com/hanni_abu/status/1742976353660531177?s=20 Emerging web3 attack vector: Restake Farming https://x.com/blockaid_/status/1752847514393522260?s=20 @EthSecurity1
π3
Market Manipulation vs. Oracle Exploits
https://chain.link/education-hub/market-manipulation-vs-oracle-exploits Chainlink Oracle DeFi Attacks https://medium.com/cyfrin/chainlink-oracle-defi-attacks-93b6cb6541bf @Ethsecurity1
https://chain.link/education-hub/market-manipulation-vs-oracle-exploits Chainlink Oracle DeFi Attacks https://medium.com/cyfrin/chainlink-oracle-defi-attacks-93b6cb6541bf @Ethsecurity1
chain.link
Market Manipulation vs. Oracle Exploits | Chainlink
Oracles enrich dApps by providing them with access to off-chain data, but they must be implemented correctly to avoid exploitation.
β€7
EIP 3074 approved to go live on next Ethereum Hard fork. EIP Details: https://eips.ethereum.org/EIPS/eip-3074
it has some pitfalls for now:
-malicious invokers could steal funds
-ether in EOAs cannot be spent
-self-sponsoring breaks a weak form of flash-loan protection -invokers can make upgrading ethereum more challenging @EthSecurity1
it has some pitfalls for now:
-malicious invokers could steal funds
-ether in EOAs cannot be spent
-self-sponsoring breaks a weak form of flash-loan protection -invokers can make upgrading ethereum more challenging @EthSecurity1
Ethereum Improvement Proposals
EIP-3074: AUTH and AUTHCALL opcodes
Allow externally owned accounts to delegate control to a contract.
π€4π4
EthSecurity
EIP 3074 approved to go live on next Ethereum Hard fork. EIP Details: https://eips.ethereum.org/EIPS/eip-3074 it has some pitfalls for now: β¦
for more datails EIP 4337 VS EIP 3074 check this https://docs.google.com/presentation/d/1dHE09UCv9YhmbOZ1OGdN9RXi2dwBbeT80M8waVjbjdg/edit#slide=id.g1f519d8aa46_0_432 @EthSecurity1
Google Docs
Demistifying account abstraction ERCs
Demystifying account abstraction All the ERCs, EIPs, RIPs, etc. Ivo Georgiev, @Ivshti on X/Farcaster
π3
-Chainge finance Hack for insufficient validation 150 k $
-Curio Defi Hack post-mortem 40 m $ https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024 @EthSecurity1
-Curio Defi Hack post-mortem 40 m $ https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024 @EthSecurity1
β€5
Zelic found critical vulnerability in Gains network forks
https://x.com/zellic_io/status/1781389554764886289?s=61
@EthSecurity1
https://x.com/zellic_io/status/1781389554764886289?s=61
@EthSecurity1
π₯4
Exploiting precision loss vai fuzz testing
https://dacian.me/exploiting-precision-loss-via-fuzz-testing
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
https://github.com/HolyBugx/HolyTips
Immunefi writeups list
https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
@EthSecurity1
https://dacian.me/exploiting-precision-loss-via-fuzz-testing
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
https://github.com/HolyBugx/HolyTips
Immunefi writeups list
https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
@EthSecurity1
in your storage
Exploiting Precision Loss via Fuzz Testing
Fuzz testing is an invaluable tool for finding & maximizing precision loss vulnerabilities..
β€5
Hedgey finance Hacked Post-mortem 44 m $ consider consensys Audited it Earlier https://blog.cube3.ai/2024/04/19/hedgey-finance-hack-flashloan-cube3-postmortem-report/ @EthSecurity1
CUBE3.AI
$48M Hedgey Finance Hack Detected by CUBE3.AI Minutes Before Exploit
CUBE3 detected the attack 5 minutes before the first $1.3M transaction exploit. Our Research Team provides technical vulnerability insights.
π₯3
Deploy scripts are now in scope for smart contract audits https://medium.com/cyfrin/deploy-scripts-are-now-in-scope-for-smart-contract-audits-7fbb95788ce7 What is zk audit? https://www.zellic.io/blog/what-is-a-zk-audit/ Astar Critical Vulnerability https://www.zellic.io/blog/finding-a-critical-vulnerability-in-astar/ @ETHSecurity1
Medium
Deploy scripts are now in scope for smart contract audits
As we see more and more exploits coming from the developer operations side of security, we need to start addressing this issue head-onβ¦
π4
EthSecurity
Deploy scripts are now in scope for smart contract audits https://medium.com/cyfrin/deploy-scripts-are-now-in-scope-for-smart-contract-audits-7fbb95788ce7 β¦
in Astar Bug, amount transfered truncate to 0.why is that? The amount argument gets truncated to 0 because of how the read function is implemented in the EvmDataReader struct.
When the read function is called with a type parameter of BalanceOf<Runtime, Instance>, which is a type alias for u128, it reads 32 bytes from the calldata and then uses buffer.copy_from_slice to copy the relevant bytes into a u128 buffer.
However, since the input value is larger than the maximum u128 value, the buffer.copy_from_slice function will only copy the lower 16 bytes of the input value into the buffer, effectively truncating the value.
In this case, when the input value is type(uint128).max + 1, the lower 16 bytes of this value are all zeros. Therefore, the buffer.copy_from_slice function copies these zero bytes into the buffer, resulting in a u128 value of 0.
This is why the amount argument gets truncated to 0, allowing the attacker to exploit this vulnerability. @EthSecurity1
When the read function is called with a type parameter of BalanceOf<Runtime, Instance>, which is a type alias for u128, it reads 32 bytes from the calldata and then uses buffer.copy_from_slice to copy the relevant bytes into a u128 buffer.
However, since the input value is larger than the maximum u128 value, the buffer.copy_from_slice function will only copy the lower 16 bytes of the input value into the buffer, effectively truncating the value.
In this case, when the input value is type(uint128).max + 1, the lower 16 bytes of this value are all zeros. Therefore, the buffer.copy_from_slice function copies these zero bytes into the buffer, resulting in a u128 value of 0.
This is why the amount argument gets truncated to 0, allowing the attacker to exploit this vulnerability. @EthSecurity1
π4
1-Vulnerability Report: Binance PoR Dummy User Attack https://www.leku.blog/binance_vuln/ 2-Rolling in the Shadows: Analyzing the Extraction of MEV Across Layer-2 Rollups https://arxiv.org/abs/2405.00138 3-Patrick collins & txFusion join
to discuss TxFusion, a set of tools and products designed to improve developers' experience on the ZK ecosystem.
Today, at 7 pm UTC on https://www.youtube.com/watch?v=QUmM7LF4ch0 @EthSecurity1
to discuss TxFusion, a set of tools and products designed to improve developers' experience on the ZK ecosystem.
Today, at 7 pm UTC on https://www.youtube.com/watch?v=QUmM7LF4ch0 @EthSecurity1
www.leku.blog
Vulnerability Report: Binance PoR Dummy User Attack
You can leave comments on the hackMD version of this document here.
This document describes a potential attack on Binance Proof of Reserves (PoR) 123 solution.
TL;DR: According to this attack, Binance has the ability to add dummy (non-existing) users to theirβ¦
This document describes a potential attack on Binance Proof of Reserves (PoR) 123 solution.
TL;DR: According to this attack, Binance has the ability to add dummy (non-existing) users to theirβ¦
β€3π3
Blast integration Bugs https://nirlinsecurity.xyz/p/blast-integration-bugs-part-1
Hamburger Validity Proof
https://xuwinnie.review/research/hamburger-factory-validity @EthSecurity1
Hamburger Validity Proof
https://xuwinnie.review/research/hamburger-factory-validity @EthSecurity1
nirlinsecurity.xyz
Blast Integration Bugs - Part 1
"With each new great protocol, comes new integration bugs" ~ Uncle Nirlin
β€6
Cosmos IBC Reentrancy Infinite Mint https://www.asymmetric.re/blog/cosmos-ibc-reentrancy-infinite-mint @EthSecurity1
Asymmetric Research
Cosmos IBC Reentrancy Infinite Mint
This post discusses a vulnerability in ibc-go, a reference implementation of the Cosmos Inter-Blockchain Communication (IBC) protocol. A reentrancy vulnerability during the handling of timeout messages could have allowed an attacker to mint an infinite amountβ¦
β€4π₯1
sonneFinance Post-mortem Lost 20 m $
https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06 @EthSecurity1
https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06 @EthSecurity1
Medium
Post-mortem, Sonne Finance exploit
We are extremely sorry to announce that Sonne Finance (Optimism)has been exploited with known donation attack to Compound v2 forks.
π4
https://reports.yaudit.dev/reports/05-2023-Sonne/#4-high---unclear-protection-against-hundred-finance-attack-vector
Auditors mentioned their unclear approach! @Ethsecurity1
Auditors mentioned their unclear approach! @Ethsecurity1
yAudit Reports
05-2023-Sonne
Sonne yAudit Report
Forwarded from Vladimir S. | Officer's Channel (officercia)
Uncover how DeFi's lending & borrowing pose security challenges. From unchecked repayments to smart contract exploits, see how you can safeguard against vulnerabilities!
Read more
β’ https://wiki.r.security/wiki/Lending/Borrowing
#audit #solidity #web3 #security
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4π€3β€1π―1
Forwarded from Popeye
π‘ Sonne Finance's Timelock Implementation on Optimism Hack Analysis:
https://x.com/Olympix_ai/status/1792534207769510123
https://medium.com/@olympixai/sonne-finance-exploited-a-detailed-analysis-0b52151d4d2a
https://x.com/Olympix_ai/status/1792534207769510123
https://medium.com/@olympixai/sonne-finance-exploited-a-detailed-analysis-0b52151d4d2a
X (formerly Twitter)
Olympix (@Olympix_ai) on X
On May 14, 2024, @SonneFinance, a non-custodial DEX on @Optimism, suffered a $20M exploit. Thanks to the @_SEAL_Org contributors, a quick response helped save $6.5 million.
πKey Takeaway: Timelock Misalignment Creates Opportunity
The attacker exploitedβ¦
πKey Takeaway: Timelock Misalignment Creates Opportunity
The attacker exploitedβ¦
π4