- A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool — part1, Part 2
- OWASP Smart Contract Security
@EthSecurity1
- OWASP Smart Contract Security
@EthSecurity1
Medium
A deep dive into the main components of ERC-4337: Account Abstraction Using Alt Mempool — Part 1
Account abstraction has been a highly desired feature within the Ethereum developer community for years, and it is seen by many as a…
👍3
some checklists: Beirao's Checklist
Decurity's Checklist
ETH Devs's Checklist
Hans's Checklist
Jeffrey's Checklist
Jonas's Checklist
Miguel's Checklist
Nisedo's Checklist
Owen's Checklist
Rahul's Checklist
Rajeev's Resource
Rareskill's Checklist
Roman's Checklist @EthSecurity1
Decurity's Checklist
ETH Devs's Checklist
Hans's Checklist
Jeffrey's Checklist
Jonas's Checklist
Miguel's Checklist
Nisedo's Checklist
Owen's Checklist
Rahul's Checklist
Rajeev's Resource
Rareskill's Checklist
Roman's Checklist @EthSecurity1
GitHub
audit-checklist/ref/beirao.md at main · Cyfrin/audit-checklist
Aggregated audit checklist. Contribute to Cyfrin/audit-checklist development by creating an account on GitHub.
❤7
Radiant hacked 51 $m loss
Seems private keys compromised
Exploited on BSC, ARBITRUM
Root cause: looks like the attacker just had control of 3 multisig signers allowing them to transfer ownership.
as owner, they could then call
@EthSecurity1
Seems private keys compromised
Exploited on BSC, ARBITRUM
Root cause: looks like the attacker just had control of 3 multisig signers allowing them to transfer ownership.
as owner, they could then call
setLendingPoolImpl on the addresses provider to upgrade the implementation@EthSecurity1
❤1👍1
https://www.justice.gov/usao-dc/pr/fbi-arrests-alabama-man-january-2024-sec-x-hack-spiked-value-bitcoin
@EthSecurity1
@EthSecurity1
www.justice.gov
FBI Arrests Alabama Man in the January 2024 SEC X Hack that Spiked the
WASHINGTON – Eric Council Jr., 25, of Athens, Alabama, was arrested this morning, in Athens, in connection with a January 2024 unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account, formerly known as Twitter, in…
Tapioca DAO hacked
vesting contract ownership transferred to exploiter, and then all vesting tokens emergency released
https://arbiscan.io/token/0x2c650dab03a59332e2e0c0c4a7f726913e5028c1?a=0x70285a11489bed93686410ebc727057cafb8129d
@EthSecurity1
vesting contract ownership transferred to exploiter, and then all vesting tokens emergency released
https://arbiscan.io/token/0x2c650dab03a59332e2e0c0c4a7f726913e5028c1?a=0x70285a11489bed93686410ebc727057cafb8129d
@EthSecurity1
Arbitrum One (ETH) Blockchain Explorer
TapToken (TAP) Token Tracker | Arbitrum One
TapToken (TAP) Token Tracker on Arbitrum One shows the price of the Token $0.0021, total supply 47,500,000, number of holders 5,074 and updated information of the token. The token tracker page also shows the analytics and historical data.
👍5
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Looks like $20M of seized funds tied to the US Government was likely stolen in the past hour. - @investigations
RT for visibility: x.com/officer_cia/status/1849534839319302453
#security #opsec
RT for visibility: x.com/officer_cia/status/1849534839319302453
#security #opsec
$150,000 Evmos Vulnerability Through Reading Documentation
https://medium.com/@jjordanjjordan/150-000-evmos-vulnerability-through-reading-documentation-d26328590a7a [12 hours] Ethereum code line-by-line
https://youtu.be/gPQ-uXj03iQ?feature=shared @EthSecurity1
https://medium.com/@jjordanjjordan/150-000-evmos-vulnerability-through-reading-documentation-d26328590a7a [12 hours] Ethereum code line-by-line
https://youtu.be/gPQ-uXj03iQ?feature=shared @EthSecurity1
Medium
$150,000 Evmos Vulnerability Through Reading Documentation
Life as a Web3 security researcher often consists of deep diving into technical subjects that can be difficult to grasp. Because of this…
🔥5🍾1
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers!
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers!
👍6👏1
- Aztec Multiple-Spend Error Bugfix Review - Alchemix Missing Solvency Check Bugfix Review - CurveFinance price anomaly - Defi fork bugs @EthSecurity1
Medium
Aztec Multiple-Spend Error Bugfix Review
On September 12th, 2023, the security researcher LonelySloth responsibly disclosed a Critical severity vulnerability from the Aztec Network…
👍3
- A detailed write-up Fuel critical vulnerability Immunefi Attackathon, 150 $k paid - An exploration of low-level Solana VM behavior. How to escalate from a powerful memory corruption primitive to full program control. - Foundry tips @EthSecurity1
GitHub
GitHub - minato7namikazi/Fuel-Blockchain-Critical-Vulnerability: A detailed write-up of a solo critical vulnerability discovered…
A detailed write-up of a solo critical vulnerability discovered during the Immunefi Attackathon, before the mainnet launch - minato7namikazi/Fuel-Blockchain-Critical-Vulnerability
🔥10
BGM TOKEN. The reward logic can reduce the token in LP, leading to price inflation when there is limited token in the LP. loss : 500k $ hack trx: https://app.blocksec.com/explorer/tx/bsc/0x8580825008800b9e13266f40b41a838a521e4d0bb4abc1cb78684253b7bc9fd1?line=26&debugLine=26 @EthSecurity1
❤3
deltaprime incident The exploit is made possible due to the lack of input validation in claiming possible rewards. Specifically, the exploiter provides an evil pair in order to change the collateral asset into reward asset. By doing so, the initial collateral to borrow funds can be stolen out while leaving the debt unpaid.
the exploiter has added liquidity (~$1.3M) to #LFJ (formerly Trader Joe) & farmed $USDC on #Stargate @EthSecurity1
the exploiter has added liquidity (~$1.3M) to #LFJ (formerly Trader Joe) & farmed $USDC on #Stargate @EthSecurity1
❤5
thala was hacked for 25 m$ but seal911 exposed hacker identity and he accepted 300 k$ bounty. rootcause: https://x.com/moon_shiesty/status/1857886309580157260 @EthSecurity1
X (formerly Twitter)
moon shiesty (@moonshiesty) on X
here's a timeline and technical explanation of the @ThalaLabs exploit:
first the exploiter funded their account with 10 APT from bybit
first the exploiter funded their account with 10 APT from bybit
🔥7