⚠️A critical vulnerability (GHSA-vjh7-7g9h-fjfh) has been discovered in the widely-used elliptic encryption library.

https://slowmist.medium.com/private-key-leakage-in-ecdsa-signatures-analysis-of-malformed-input-vulnerability-in-the-elliptic-24f73c05cac1 @EthSecurity1

someone with a $500 bankroll accidentally discovered we were using an old FTM price to mark Sonic ($0.70 vs $0.50) and looped it $50/time in our UI for twelve hours today and like +40x'ed his port, whoever you are ggwp you deserve it (you should learn how to use an API tho)
https://x.com/tomkysar/status/1897125825889398817 @EthSecurity1

critical vulnerability let in time.fun steal all trading fees and modify metadata (e.g. change "toly's minute" to "vitalik's minute") of every tokens launched.
time.fun provides each new user with a dedicated wallet to deposit USDC for trading. User's private key is securely stored in a third party provider. But SOL is needed to cover gas fees and time.fun wants a seamless interaction for users, the wallet “HW2C...Lo1H” signs every trade transaction alongside the user’s wallet signature. Surprisingly, this same wallet also owns all tokens launched by time.fun. As it is one of the signers, we can act on behalf of “HW2C...Lo1H” if we can let the backend sign arbitrary data.

@EthSecurity1

At 23:00 CET on 05.03.25, the 1inch team discovered a vulnerability in resolver smart contracts using the obsolete Fusion v1 implementation. No end-user funds were at risk—only resolvers using Fusion v1 in their own contracts. @EthSecurity1

1inch market maker @trustedvolumes got hacked for over $4.5M and a few smaller MMs got hacked for $0.5M yesterday.

The root cause is that 1inch calls MM contract’s resolveOrders function to get funds to its settlement contract. Most bots only checked the msg.sender = settlement contract - and unfortunately there was an arbitrary call vulnerability in settlement contract. Thus the hacker could forge resolveOrders call and drain MM contracts.

The funny thing is the hacker incorrectly transferred half of the stolen funds to the 1inch settlement contract, making the funds available for everyone to grab, and he spent quite sometime to get funds back. We were trying to compete but the hacker got it first unfortunately.

By shoucccc



1inch Postmortem by decurity
https://blog.decurity.io/yul-calldata-corruption-1inch-postmortem-a7ea7a53bfd9
@EthSecurity1

No More Bets - How Ctrl+F led to breaking Polymarket's polling markets - link
@EthSecurity1

Trezor Reveals Potential Vulnerability in Older Safe 3 Crypto Wallets !

Trezor disclosed a potential vulnerability in its Safe 3 wallet after Ledger identified a supply chain attack using voltage glitching.

The attack requires physical access and advanced skills, making it unlikely for widespread exploitation. Newer Trezor models, including Safe 5, are unaffected. Users are advised to buy from official sources, use strong PINs, enable passphrases, and keep firmware updated.

• https://www.theblock.co/post/346018/trezor-discloses-vulnerability-safe-3-crypto-wallet-rival-ledger

#opsec #security

Happy nowruz

Issues in Protocols Interacting with Uniswap V3 Liquidity & Cross-Chain Swaps - link

Modern Stablecoins, How They're Made: M^0 - link

Bybit Hack Tracing Dune panel - link


@EthSecurity1

Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!

Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!

Link: t.me/addlist/uesom31GM1I4Yjgy

#telegram #offtopic

Reduce The Risk of Cyber Attacks: Isolated Dev Environments - link

Mapping the DeFi crime landscape: an evidence-based picture - link

Yul Puzzles

@EthSecurity1

Check out this extremely detailed graphical breakdown of “the journey of a smart contract” - 𝕏/@officer_cia

postmortem on HyperledgerBesu had the wrong address for the deposit contract - link

BRC20 Snipping Attack - link

Lessons from OpenZeppelin’s 1000+ Audits - link

@EthSecurity1

KiloEx Perp (https://x.com/KiloEx_perp) REKT
~4.2 million USD loss
Rootcause: price oracle access control issues.

Attacks:
https://basescan.org/tx/0x6b378c84aa57097fb5845f285476e33d6832b8090d36d02fe0e1aed909228edd
https://basescan.org/tx/0xde7f5e78ea63cbdcd199f4b109db2a551b4462dec79e4dba37711f6c814b26e6
https://bscscan.com/tx/0x1aaf5d1dc3cd07feb5530fbd6aa09d48b02cbd232f78a40c6ce8e12c55927d03
https://bscscan.com/tx/0x38b25be14b83fd549d5e0b29ba962db83d41f5f9072d0eac4f692fa8e7110bc0 @EthSecurity1

ImpermaxFinance hacked
The root cause of the ImpermaxFinance attack is the mispricing of Uniswap V3 NFTs.
@EthSecurity1

10 Foundry best practices that every smart contract developer should know. link

One of the simplest and well explained video on Solana Security. link

Uniswap V3 Factory and the Relationship Between Tick Spacing and Fees. link


@EthSecurity1

Loopscale hacked for ~ 5.7M USD and 1200 SOL

Root cause: one stale price feed → under-collateralized loans → exit liquidity.

all stolen funds returned to protcol!

@EthSecurity1