seems certik(The blackhat team) will going to jail. some people think they are same Lazarus.
🤯8
EthSecurity
seems certik(The blackhat team) will going to jail. some people think they are same Lazarus.
Post the @krakenfx breach, have detected similar activity on @base, @BNBCHAIN, @Optimism, @arbitrum, @avax, @LineaBuild and @0xPolygon trying to target @okx, @BingXOfficial, @gate_io, and @binance and others and some unknown addresses.
Here is poc: https://x.com/danielvf/status/1803780167027871878?s=61
@Ethsecurity1
Here is poc: https://x.com/danielvf/status/1803780167027871878?s=61
@Ethsecurity1
❤2👍2
THREAD: How are Thefts from Mt. Gox, the Blockchain Bandit, Ethereum Foundation all tied to one another?
https://x.com/BoringSleuth/status/1800407010611003903
@EthSecurity1
https://x.com/BoringSleuth/status/1800407010611003903
@EthSecurity1
X (formerly Twitter)
TruthLabs 🫡 (@BoringSleuth) on X
🚨THREAD: How are Thefts from Mt. Gox, the Blockchain Bandit, Ethereum Foundation all tied to one another? Read thru until the end, as there are new Revelations.
I cannot stress this enough. Ethereum's foundation was built on the corrosive nature of corruption.…
I cannot stress this enough. Ethereum's foundation was built on the corrosive nature of corruption.…
👍1
Two blazing web3sec repos
https://github.com/immunefi-team/Bounty_Boosts
https://github.com/SunWeb3Sec/DeFi-Security-Breach-RCA
@Ethsecurity1
https://github.com/immunefi-team/Bounty_Boosts
https://github.com/SunWeb3Sec/DeFi-Security-Breach-RCA
@Ethsecurity1
GitHub
GitHub - immunefi-team/Past-Audit-Competitions: Bug reports from Immunefi Bounty Boosts
Bug reports from Immunefi Bounty Boosts. Contribute to immunefi-team/Past-Audit-Competitions development by creating an account on GitHub.
⚡3🔥1
Guest Spotlight Article: How to analyze reports and become a great auditor
https://hatsfinance.medium.com/guest-spotlight-article-how-to-analyze-reports-and-become-a-great-auditor-8429e20df2c2
Concentrated liquidity Managers vulners
https://dacian.me/concentrated-liquidity-manager-vulnerabilities @ethsecurity1
https://hatsfinance.medium.com/guest-spotlight-article-how-to-analyze-reports-and-become-a-great-auditor-8429e20df2c2
Concentrated liquidity Managers vulners
https://dacian.me/concentrated-liquidity-manager-vulnerabilities @ethsecurity1
Medium
Guest Spotlight Article: How to analyze reports and become a great auditor
The following content has been kindly guest contributed by bogo, as part of the Security Researcher Content Contributor Programme.
🦄5⚡2
When call and delegatecall return false
A crucial point to understand is when the success value will be true or false. Essentially, it depends on whether the function being executed will revert or not. There are three ways an execution can revert:
• if it encounters a REVERT opcode,
• if it runs out of gas,
• if it attempts something prohibited, such as dividing by zero.
If the function being executed via delegatecall (or call) encounters any of these conditions, it will revert, and the return value of the delegatecall will be false
A question that often confuses developers is why a delegatecall for a non-existent contract doesn't revert and still reports that the execution was successful. an empty address will never meet one of the three conditions for reverting, so it will never revert.
@EthSecurity1
A crucial point to understand is when the success value will be true or false. Essentially, it depends on whether the function being executed will revert or not. There are three ways an execution can revert:
• if it encounters a REVERT opcode,
• if it runs out of gas,
• if it attempts something prohibited, such as dividing by zero.
If the function being executed via delegatecall (or call) encounters any of these conditions, it will revert, and the return value of the delegatecall will be false
A question that often confuses developers is why a delegatecall for a non-existent contract doesn't revert and still reports that the execution was successful. an empty address will never meet one of the three conditions for reverting, so it will never revert.
@EthSecurity1
❤3
in Solidity if you make a delegate call to an Externally Owned Account the return value is always true @Ethsecurity1
🦄4🔥2
scroll token hacked in may, Root cause was underflow beside using solidity 0.8.19. anybody knows why this happend? POC: https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/2024-05/SCROLL_exp.sol Attacker : 0x55Db954F0121E09ec838a20c216eABf35Ca32cDD
// Attack Contract : 0x55f5aac4466eb9b7bbeee8c05b365e5b18b5afcc
// Vulnerable Contract : 0xe51D3dE9b81916D383eF97855C271250852eC7B7
// Attack Tx : https://etherscan.io/tx/0x661505c39efe1174da44e0548158db95e8e71ce867d5b7190b9eabc9f314fe91
// Vulnerable Contract Code : https://etherscan.io/address/0xe51D3dE9b81916D383eF97855C271250852eC7B7#code @EthSecurity1
// Attack Contract : 0x55f5aac4466eb9b7bbeee8c05b365e5b18b5afcc
// Vulnerable Contract : 0xe51D3dE9b81916D383eF97855C271250852eC7B7
// Attack Tx : https://etherscan.io/tx/0x661505c39efe1174da44e0548158db95e8e71ce867d5b7190b9eabc9f314fe91
// Vulnerable Contract Code : https://etherscan.io/address/0xe51D3dE9b81916D383eF97855C271250852eC7B7#code @EthSecurity1
GitHub
DeFiHackLabs/src/test/2024-05/SCROLL_exp.sol at main · SunWeb3Sec/DeFiHackLabs
Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.
🤔4
Forwarded from DL News | News Feed
DL News
A CertiK-linked platform posts bug reports publicly. Researchers say it’s ‘insanely irresponsible’
A bug bounty platform has been posting bug reports publicly. It's "insanely irresponsible," a security researcher says. The platform also lists projects' bug bounties without their permission.
😱2⚡1😁1
DefiPlaza hacked for 200 $K. original attack front-runned by MEV bot. Root cause was miscalculation in OutputAmount . @EthSecurity1
🔥7
Forwarded from pcaversaccio
Please don't interact with the Compound Finance website for now. It seems to be hijacked.
👍7
Standard abstract contracts written by 0x52 https://github.com/IAm0x52/AuditNoteSharing/tree/main
An alias bug in Circom (or any ZK circuit language)
https://www.rareskills.io/post/circom-aliascheck
@EthSecurity1
An alias bug in Circom (or any ZK circuit language)
https://www.rareskills.io/post/circom-aliascheck
@EthSecurity1
GitHub
GitHub - IAm0x52/AuditNoteSharing
Contribute to IAm0x52/AuditNoteSharing development by creating an account on GitHub.
🔥5❤1👍1
Minterest hacked $1.4M loss.
Attackers can lend tokens inside flashloan callbacks and then redeem more tokens after the flashloan.
https://mantlescan.xyz/tx/0xb3c4c313a8d3e2843c9e6e313b199d7339211cdc70c2eca9f4d88b1e155fd6bd
@EthSecurity1
Attackers can lend tokens inside flashloan callbacks and then redeem more tokens after the flashloan.
https://mantlescan.xyz/tx/0xb3c4c313a8d3e2843c9e6e313b199d7339211cdc70c2eca9f4d88b1e155fd6bd
@EthSecurity1
❤4
EthSecurity
Post the @krakenfx breach, have detected similar activity on @base, @BNBCHAIN, @Optimism, @arbitrum, @avax, @LineaBuild and @0xPolygon trying to target @okx, @BingXOfficial, @gate_io, and @binance and others and some unknown addresses. Here is poc: http…
X (formerly Twitter)
Daniel Von Fange (@danielvf) on X
I call it a "two parser bug".
Two different implementations tracking the same input, and parsing differences cause diverging behavior from different parts of a system. Here's two recent examples used in hacks, and how to avoid.
🧵1/5
Two different implementations tracking the same input, and parsing differences cause diverging behavior from different parts of a system. Here's two recent examples used in hacks, and how to avoid.
🧵1/5
👍4
Please revoke approval to 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae (LI.FI: LiFi Diamond) asap!
@EthSecurity1
@EthSecurity1
⚡4
Seems jumper exchange hacked
https://x.com/jumperexchange/status/1813196813333094526?s=46
@EthSecurity1
https://x.com/jumperexchange/status/1813196813333094526?s=46
@EthSecurity1
🦄5⚡1🔥1
A critical vulnerability was identified and reported by a whitehat. in the Raydium protocol .A bounty of $505,000 https://medium.com/immunefi/raydium-tick-manipulation-bugfix-review-c6aae4527ed6 @EthSecurity1
Medium
Raydium Tick Manipulation Bugfix Review
Summary
🔥8🎉2
Wazirx hacked. $ 290 million loss
Hacker has $ 92 million shiba
https://etherscan.io/address/0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4#tokentxns
@Ethsecurity1
Hacker has $ 92 million shiba
https://etherscan.io/address/0x27fd43babfbe83a81d14665b1a6fb8030a60c9b4#tokentxns
@Ethsecurity1
Ethereum (ETH) Blockchain Explorer
WazirX 2 | Address: 0x27fd43ba...30a60c9b4 | Etherscan
Contract: Verified | Balance: $105.27 across 3 Chains | Transactions: 31,731 | As at Nov-12-2025 11:14:04 AM (UTC)
😢5🔥1
a is a uint8, and 16777215 is a constant of type uint24 as uint24 is the smallest type that can fit this value. When these are added together, the Solidity compiler implicitly casts a to uint24 thus performing uint24 + uint24. The cast is happening regardless of the declared type of output as that cast will occur *after* the addition operation. @EthSecurity1 #overflow👍5❤3