- 20 Common Solidity Beginner Mistakes - Try Catch and all the ways Solidity can revert @EthSecurity1

New phishing trick in Microsoft store https://x.com/LehmannLorenz/status/1841545179825942991
@EthSecurity1

complete curve audit https://github.com/mixbytes/audits_public/tree/master/Curve%20Finance @EthSecurity1

"We have developed Web3AuthChecker, a dynamic detection tool that interacts with Web3 authentication-related APIs to identify vulnerabilities.

Our evaluation of real-world Web3 applications shows that a staggering 75.8% (22/29) of Web3 authentication deployments are at risk of blind message attacks." https://arxiv.org/pdf/2406.00523 @EthSecurity1

eigenlayer : In an isolated incident this morning, an email thread involving one investor’s transfer of tokens into custody was compromised by a malicious attacker.

As a result, 1,673,645 EIGEN tokens were erroneously transferred to the attacker’s address. The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges. We are in contact with these platforms and law enforcement. A portion of the funds have already been frozen.

The compromise has not impacted the broader ecosystem. There is no known vulnerability in the protocol or token contracts and this compromise was not related to any onchain functionality.

We continue to investigate the situation and will be posting further information once we have it. @EthSecurity1

Unverified contract lost $280k due to sandwich attack.There's a function that can be used for swapping WBNB to EGA token in victim contract. This function has no access control, anyone can call this function with only 1 wei. This is vulnerable to

https://app.blocksec.com/explorer/tx/bsc/0xece4a4ac46660618ecee43826fc6f89fe4beaef87ca5e5786f763892b48bc999

Exploiting EC-Recover For Efficient Borromean Ring Signatures @EthSecurity1

- Retrospecting Arbitrary Position Cancellation Vulnerability in Perpetual Protocol - Upgradeable Smart Contracts (USCs): Exploring The Concept And Security Risks @EthSecurity1

An unknown project lost about 85k(about 150 BNB) https://bscscan.com/address/0x3c4e4fbc17a7caa22570e54b57ba42cf053a777a @EthSecurity1

- DeFi: Stargate v2 Integration Checklist - some immunefi critical bug writeup @EthSecurity1

seems wayback machine has been compromise! @EthSecurity1

- Characterizing Cryptocurrency-themed Malicious Browser Extensions. - An Empirical Study of Smart Contract Decompilers
@EthSecurity1

he claimed FBI wallets doxxed https://x.com/jconorgrogan/status/1844121150676218100 @EthSecurity1

realy exited for OZ movement : ) https://x.com/0xCygaar/status/1844188445691822136 @EthSecurity1

fwdETH phishing attack and loss 35 $million https://www.binance.com/en-TR/square/post/2024-10-11-fwdeth-price-plummets-after-35-million-theft-incident-14711617819490 @EthSecurity1

twice P719 Token Incident
https://app.blocksec.com/explorer/tx/bsc/0x9afcac8e82180fa5b2f346ca66cf6eb343cd1da5a2cd1b5117eb7eaaebe953b3 @EthSecurity1

- A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool — part1, Part 2
- OWASP Smart Contract Security
@EthSecurity1

some checklists: Beirao's Checklist
Decurity's Checklist
ETH Devs's Checklist
Hans's Checklist
Jeffrey's Checklist
Jonas's Checklist
Miguel's Checklist
Nisedo's Checklist
Owen's Checklist
Rahul's Checklist
Rajeev's Resource
Rareskill's Checklist
Roman's Checklist @EthSecurity1