Zelic found critical vulnerability in Gains network forks
https://x.com/zellic_io/status/1781389554764886289?s=61
@EthSecurity1
https://x.com/zellic_io/status/1781389554764886289?s=61
@EthSecurity1
π₯4
Exploiting precision loss vai fuzz testing
https://dacian.me/exploiting-precision-loss-via-fuzz-testing
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
https://github.com/HolyBugx/HolyTips
Immunefi writeups list
https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
@EthSecurity1
https://dacian.me/exploiting-precision-loss-via-fuzz-testing
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
https://github.com/HolyBugx/HolyTips
Immunefi writeups list
https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
@EthSecurity1
in your storage
Exploiting Precision Loss via Fuzz Testing
Fuzz testing is an invaluable tool for finding & maximizing precision loss vulnerabilities..
β€5
Hedgey finance Hacked Post-mortem 44 m $ consider consensys Audited it Earlier https://blog.cube3.ai/2024/04/19/hedgey-finance-hack-flashloan-cube3-postmortem-report/ @EthSecurity1
CUBE3.AI
$48M Hedgey Finance Hack Detected by CUBE3.AI Minutes Before Exploit
CUBE3 detected the attack 5 minutes before the first $1.3M transaction exploit. Our Research Team provides technical vulnerability insights.
π₯3
Deploy scripts are now in scope for smart contract audits https://medium.com/cyfrin/deploy-scripts-are-now-in-scope-for-smart-contract-audits-7fbb95788ce7 What is zk audit? https://www.zellic.io/blog/what-is-a-zk-audit/ Astar Critical Vulnerability https://www.zellic.io/blog/finding-a-critical-vulnerability-in-astar/ @ETHSecurity1
Medium
Deploy scripts are now in scope for smart contract audits
As we see more and more exploits coming from the developer operations side of security, we need to start addressing this issue head-onβ¦
π4
EthSecurity
Deploy scripts are now in scope for smart contract audits https://medium.com/cyfrin/deploy-scripts-are-now-in-scope-for-smart-contract-audits-7fbb95788ce7 β¦
in Astar Bug, amount transfered truncate to 0.why is that? The amount argument gets truncated to 0 because of how the read function is implemented in the EvmDataReader struct.
When the read function is called with a type parameter of BalanceOf<Runtime, Instance>, which is a type alias for u128, it reads 32 bytes from the calldata and then uses buffer.copy_from_slice to copy the relevant bytes into a u128 buffer.
However, since the input value is larger than the maximum u128 value, the buffer.copy_from_slice function will only copy the lower 16 bytes of the input value into the buffer, effectively truncating the value.
In this case, when the input value is type(uint128).max + 1, the lower 16 bytes of this value are all zeros. Therefore, the buffer.copy_from_slice function copies these zero bytes into the buffer, resulting in a u128 value of 0.
This is why the amount argument gets truncated to 0, allowing the attacker to exploit this vulnerability. @EthSecurity1
When the read function is called with a type parameter of BalanceOf<Runtime, Instance>, which is a type alias for u128, it reads 32 bytes from the calldata and then uses buffer.copy_from_slice to copy the relevant bytes into a u128 buffer.
However, since the input value is larger than the maximum u128 value, the buffer.copy_from_slice function will only copy the lower 16 bytes of the input value into the buffer, effectively truncating the value.
In this case, when the input value is type(uint128).max + 1, the lower 16 bytes of this value are all zeros. Therefore, the buffer.copy_from_slice function copies these zero bytes into the buffer, resulting in a u128 value of 0.
This is why the amount argument gets truncated to 0, allowing the attacker to exploit this vulnerability. @EthSecurity1
π4
1-Vulnerability Report: Binance PoR Dummy User Attack https://www.leku.blog/binance_vuln/ 2-Rolling in the Shadows: Analyzing the Extraction of MEV Across Layer-2 Rollups https://arxiv.org/abs/2405.00138 3-Patrick collins & txFusion join
to discuss TxFusion, a set of tools and products designed to improve developers' experience on the ZK ecosystem.
Today, at 7 pm UTC on https://www.youtube.com/watch?v=QUmM7LF4ch0 @EthSecurity1
to discuss TxFusion, a set of tools and products designed to improve developers' experience on the ZK ecosystem.
Today, at 7 pm UTC on https://www.youtube.com/watch?v=QUmM7LF4ch0 @EthSecurity1
www.leku.blog
Vulnerability Report: Binance PoR Dummy User Attack
You can leave comments on the hackMD version of this document here.
This document describes a potential attack on Binance Proof of Reserves (PoR) 123 solution.
TL;DR: According to this attack, Binance has the ability to add dummy (non-existing) users to theirβ¦
This document describes a potential attack on Binance Proof of Reserves (PoR) 123 solution.
TL;DR: According to this attack, Binance has the ability to add dummy (non-existing) users to theirβ¦
β€3π3
Blast integration Bugs https://nirlinsecurity.xyz/p/blast-integration-bugs-part-1
Hamburger Validity Proof
https://xuwinnie.review/research/hamburger-factory-validity @EthSecurity1
Hamburger Validity Proof
https://xuwinnie.review/research/hamburger-factory-validity @EthSecurity1
nirlinsecurity.xyz
Blast Integration Bugs - Part 1
"With each new great protocol, comes new integration bugs" ~ Uncle Nirlin
β€6
Cosmos IBC Reentrancy Infinite Mint https://www.asymmetric.re/blog/cosmos-ibc-reentrancy-infinite-mint @EthSecurity1
Asymmetric Research
Cosmos IBC Reentrancy Infinite Mint
This post discusses a vulnerability in ibc-go, a reference implementation of the Cosmos Inter-Blockchain Communication (IBC) protocol. A reentrancy vulnerability during the handling of timeout messages could have allowed an attacker to mint an infinite amountβ¦
β€4π₯1
sonneFinance Post-mortem Lost 20 m $
https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06 @EthSecurity1
https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06 @EthSecurity1
Medium
Post-mortem, Sonne Finance exploit
We are extremely sorry to announce that Sonne Finance (Optimism)has been exploited with known donation attack to Compound v2 forks.
π4
https://reports.yaudit.dev/reports/05-2023-Sonne/#4-high---unclear-protection-against-hundred-finance-attack-vector
Auditors mentioned their unclear approach! @Ethsecurity1
Auditors mentioned their unclear approach! @Ethsecurity1
yAudit Reports
05-2023-Sonne
Sonne yAudit Report
Forwarded from Vladimir S. | Officer's Channel (officercia)
Uncover how DeFi's lending & borrowing pose security challenges. From unchecked repayments to smart contract exploits, see how you can safeguard against vulnerabilities!
Read more
β’ https://wiki.r.security/wiki/Lending/Borrowing
#audit #solidity #web3 #security
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4π€3β€1π―1
Forwarded from Popeye
π‘ Sonne Finance's Timelock Implementation on Optimism Hack Analysis:
https://x.com/Olympix_ai/status/1792534207769510123
https://medium.com/@olympixai/sonne-finance-exploited-a-detailed-analysis-0b52151d4d2a
https://x.com/Olympix_ai/status/1792534207769510123
https://medium.com/@olympixai/sonne-finance-exploited-a-detailed-analysis-0b52151d4d2a
X (formerly Twitter)
Olympix (@Olympix_ai) on X
On May 14, 2024, @SonneFinance, a non-custodial DEX on @Optimism, suffered a $20M exploit. Thanks to the @_SEAL_Org contributors, a quick response helped save $6.5 million.
πKey Takeaway: Timelock Misalignment Creates Opportunity
The attacker exploitedβ¦
πKey Takeaway: Timelock Misalignment Creates Opportunity
The attacker exploitedβ¦
π4
#Defi_Research Optimized lending protocol for redeemable assets https://gist.github.com/0xngmi/c92ce3fce377a0e72c1e90052db98bf1 Modern DeFi Lending Protocols, how it's made: Euler V2 https://mixbytes.io/blog/modern-defi-lending-protocols-how-its-made-euler-v2 @EthSecurity1
Gist
Lending protocol optimized for redeemable assets
Lending protocol optimized for redeemable assets. GitHub Gist: instantly share code, notes, and snippets.
π3
the problem with eip4337. https://x.com/jtriley_eth/status/1795151789282750481 @EthSecurity1
X (formerly Twitter)
jtriley2p (any/any) (@jtriley2p) on X
the problem with eip4337.
4337 is an account abstraction eip that introduces user operations, bundlers, executors, and a new mempool for propagating user operations across the network to be bundled.
the direction of 4337 is sound. users' actions are movedβ¦
4337 is an account abstraction eip that introduces user operations, bundlers, executors, and a new mempool for propagating user operations across the network to be bundled.
the direction of 4337 is sound. users' actions are movedβ¦
π4β€1
unassigned pool earnings In the context of the Uniswap V3 protocol, the "unassigned pool earnings" How it works:
When a user deposits their assets into the pool, they earn a share of the pool's earnings.
The pool earns rewards in the form of interest, fees, or other incentives.
The pool's earnings are not yet assigned to any specific user, so they are considered "unassigned".
When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them.
Why unassigned pool earnings?
The unassigned pool earnings are a result of the way the Uniswap V3 protocol is designed. When a user deposits their assets into the pool, they earn a share of the pool's earnings. However, the earnings are not yet assigned to any specific user, so they are considered "unassigned".
How are unassigned pool earnings assigned?
When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them. This is done by calculating the user's share of the pool's earnings based on their deposited assets and the pool's earnings.
Why is it important?
The unassigned pool earnings are important because they represent the rewards earned by the pool, which are not yet assigned to any specific user. When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them, ensuring that they receive their fair share of the pool's earnings. in recent audit protocol ignored unassigned pool earnings https://github.com/sherlock-audit/2024-04-interest-rate-model-judging?tab=readme-ov-file#issue-h-2-unassigned-pool-earnings-can-be-stolen-when-a-maturity-borrow-is-liquidated-by-depositing-at-maturity-with-1-principal
@EthSecurity1
When a user deposits their assets into the pool, they earn a share of the pool's earnings.
The pool earns rewards in the form of interest, fees, or other incentives.
The pool's earnings are not yet assigned to any specific user, so they are considered "unassigned".
When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them.
Why unassigned pool earnings?
The unassigned pool earnings are a result of the way the Uniswap V3 protocol is designed. When a user deposits their assets into the pool, they earn a share of the pool's earnings. However, the earnings are not yet assigned to any specific user, so they are considered "unassigned".
How are unassigned pool earnings assigned?
When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them. This is done by calculating the user's share of the pool's earnings based on their deposited assets and the pool's earnings.
Why is it important?
The unassigned pool earnings are important because they represent the rewards earned by the pool, which are not yet assigned to any specific user. When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them, ensuring that they receive their fair share of the pool's earnings. in recent audit protocol ignored unassigned pool earnings https://github.com/sherlock-audit/2024-04-interest-rate-model-judging?tab=readme-ov-file#issue-h-2-unassigned-pool-earnings-can-be-stolen-when-a-maturity-borrow-is-liquidated-by-depositing-at-maturity-with-1-principal
@EthSecurity1
GitHub
GitHub - sherlock-audit/2024-04-interest-rate-model-judging
Contribute to sherlock-audit/2024-04-interest-rate-model-judging development by creating an account on GitHub.
π₯2π1
#Defi_reasearch Typical vulnerabilities in lending and CDP protocols https://blog.decurity.io/typical-vulnerabilities-in-lending-and-cdp-protocols-e778e540e215 Borrowing on Ethereum: Comparing Architecture Evolution of MakerDAO, Yield, Aave, Compound, & Euler https://hackernoon.com/borrowing-on-ethereum-comparing-architecture-evolution-of-makerdao-yield-aave-compound-and-euler Trustless Yield Aggregator protocol with customized risk profiles based on per-user policies https://gist.github.com/0xngmi/653aa70d3162f0ef4a41d56ced602a6c @EthSecurity1
Medium
Typical vulnerabilities in lending and CDP protocols
This article explains the security of a popular pattern in the decentralized financeβββthe CDP (collateralized debt position)
π3β€2
Velocore Incident Post-Mortem 7 m$ loss
https://velocorexyz.medium.com/velocore-incident-post-mortem-6197020ec3e9 @EthSecurity1
https://velocorexyz.medium.com/velocore-incident-post-mortem-6197020ec3e9 @EthSecurity1
π3
Forwarded from Wu Blockchain News
An OKX user disclosed today that hackers purchased his personal information and used AI to create fake videos. Hackers used these to change the victim's OKX passwords and even 2FA. More than $2 million US were stolen. Be wary of Deepfakes and personal data leaks. β link
π€―8π₯3
$1.5M was hacked from the liquidity pool of yolo on blast.
90% funds returned @EthSecurity1
90% funds returned @EthSecurity1
π€3π±3