a is a uint8, and 16777215 is a constant of type uint24 as uint24 is the smallest type that can fit this value. When these are added together, the Solidity compiler implicitly casts a to uint24 thus performing uint24 + uint24. The cast is happening regardless of the declared type of output as that cast will occur *after* the addition operation. @EthSecurity1 #overflowπ5β€3
after exploit protocol in scroll, they halted chain. Do not hold your assets on L2, they can steal your funds. @EthSecurity1
π«‘6π€5
Singapore court ruling fans suspicions the $125m Multichain hack was an inside job @EthSecurity1
β‘2π2π₯1
Top 5 Security Vulnerabilities Cosmos Developers Need to Watch Out For https://www.halborn.com/blog/post/top-5-security-vulnerabilities-cosmos-developers-need-to-watch-out-for beacon proxy explained https://www.rareskills.io/post/beacon-proxy
Storage slots in solidity:
https://www.rareskills.io/post/evm-solidity-storage-layout
@EthSecurity1
Storage slots in solidity:
https://www.rareskills.io/post/evm-solidity-storage-layout
@EthSecurity1
Halborn
Top 5 Security Vulnerabilities Cosmos Developers Need to Watch Out For
Web3 security firm Halborn provides an overview of the top 5 most common vulnerabilities and issues to look for in a Cosmos project.
π4
Alchemix bounty boost results
https://github.com/immunefi-team/Bounty_Boosts/tree/main/Alchemix
Understanding voting escrows
https://x.com/deadrosesxyz/status/1752639255090798947?s=61
@EthSecurity1
https://github.com/immunefi-team/Bounty_Boosts/tree/main/Alchemix
Understanding voting escrows
https://x.com/deadrosesxyz/status/1752639255090798947?s=61
@EthSecurity1
GitHub
Past-Audit-Competitions/Alchemix at main Β· immunefi-team/Past-Audit-Competitions
Bug reports from Immunefi Bounty Boosts. Contribute to immunefi-team/Past-Audit-Competitions development by creating an account on GitHub.
π3β‘1
Spectra was hacked, $550K loss
The root cause is an arbitrary call in their router contract. @EthSecurity1
The root cause is an arbitrary call in their router contract. @EthSecurity1
π’6π2π1π―1
Full of sad story
http://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md
@EthSecurity1
http://github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md
@EthSecurity1
GitHub
physical-bitcoin-attacks/README.md at master Β· jlopp/physical-bitcoin-attacks
A list of known attacks against Bitcoin / crypto asset owning entities that occurred in meatspace. - jlopp/physical-bitcoin-attacks
β‘2
Nft Attack vectors https://0xvolodya.hashnode.dev/nft-attacks?https://0xvolodya.hashnode.dev/nft-attacks?1687205930 Web3 Wallet Security Audit checklist https://slowmist.medium.com/slowmist-web3-wallet-security-audit-upgrade-657c2486d811 @EthSecurity1
π₯3β€2
Lowest-paying findings on Code4rena, Sherlock https://0xvolodya.hashnode.dev/lowest-paying-findings-on-code4rena-sherlock Mempool Masterclass - Mempool Monitoring https://www.youtube.com/watch?v=TQqCCuh7x_E @EthSecurity1
π3π€―1
disclosing a significant bug,which could potentially jeopardize the entire project, involving $60 million in funds. For more details, visit: https://x.com/AstraSecAI/status/1820633823195148467. Learn more here: https://dashboard.hackenproof.com/reports/DPSC-62 @EthSecurity1
X (formerly Twitter)
AstraSec (@AstraSecAI) on X
We're thrilled to announce that we received a bug bounty from @DeltaPrimeDefi on @HackenProof ! On July 24th, we discovered a critical vulnerability that could have let a malicious actor take control of the project owner's account and potentially drain aroundβ¦
β€3β‘1
π4π₯4π±2
EthSecurity
Seems Ronin bridge hacked again MEV BOTS frontrun it 4000 ETH @EthSecurity1
Rootcause: submit some signatures
Oh! you have 4000 ether https://app.blocksec.com/explorer/tx/eth/0x2619570088683e6cc3a38d93c3d98899e5783864e15525d5f5810c11189ba6cb?line=15&debugLine=15
@EthSecurity1
Oh! you have 4000 ether https://app.blocksec.com/explorer/tx/eth/0x2619570088683e6cc3a38d93c3d98899e5783864e15525d5f5810c11189ba6cb?line=15&debugLine=15
@EthSecurity1
π7
iVest finance hacked for $172k. Attack TX: https://bscscan.com/tx/0x12f27e81e54684146ec50973ea94881c535887c2e2f30911b3402a55d67d121d
@EthSecurity1
@EthSecurity1
π±3
Aave v 3.1.0 audit (3 low severity) https://github.com/mixbytes/audits_public/blob/master/AAVE/Aave%20v%203.1.0/README.md
@Ethsecurity1
@Ethsecurity1
π6
vow protocol hacked for $1.2 m. seems admin private key has leaked and hacker changed usdRate to mint $vusd. @EthSecurity1
π₯4π’4π±2πΎ1
-Smart Contract Migration: Security Analysis and Recommendations from Ethereum to Arbitrum -Shared Vulnerabilities Between ERC-4626 Vaults and Vault-Like Contracts @EthSecurity1
arXiv.org
Security Analysis of Smart Contract Migration from Ethereum to Arbitrum
When migrating smart contracts from one blockchain platform to another, there are potential security risks. This is because different blockchain platforms have different environments and...
a victim was drained for 55.4M DAI
Transaction hash
0xf70042bf3ae7c22f0680f8afa078c38989ed475dfbe5c8d8f30a50d4d2f45dc4
Theft address
0x5D4b2A02c59197eB2cAe95A6Df9fE27af60459d4 @EthSecurity1
Transaction hash
0xf70042bf3ae7c22f0680f8afa078c38989ed475dfbe5c8d8f30a50d4d2f45dc4
Theft address
0x5D4b2A02c59197eB2cAe95A6Df9fE27af60459d4 @EthSecurity1