Hamid list
Imagine we have a custom factory contract. This contract has a method that takes a salt as input and deploys a contract using create2. The logic of the deployed contract includes a self-destruct method. Now, the question is: Can we deploy a contract withβ¦
Consider the scenario where the answer is affirmative. Given the existence of TStore and TRead opcodes, what potential use cases can arise?
Is it possible to generate a temporary contract that remains valid for just a single transaction?
( In my thoughts I think we should adapt the T opcode mindset for the create2 opcode too)
Is it possible to generate a temporary contract that remains valid for just a single transaction?
( In my thoughts I think we should adapt the T opcode mindset for the create2 opcode too)
π2
Report on USDT Phishing on Polygon network:
The attacker's strategy was based on obtaining approval for a contract address that hadn't been deployed yet.
Here's a step-by-step breakdown:
1- The attacker used a phishing technique to gain approval on the Tether (USDT) token.
2- They then invoked the Factory Contract to deploy a contract on the approved address.
3- Finally, they executed a function from the newly deployed child contract to transfer the USDT tokens.
The attacker utilized a vanity address for the External Owned Account (EOA) and the Contract to decrease gas costs. However, they transferred the stolen assets to a non-vanity address to avoid the risks associated with vanity addresses.
The core concept behind this attack was the use of Create2 and the ability to predict a contract address, thereby luring the user into granting approval on a contract that hasn't been deployed yet.
Users indeed have the option to verify the address they're planning to grant approval to on a blockchain explorer.
No legitimate decentralized finance (DeFi) application should ever ask you to give approval to an External Owned Account (EOA).
As a regular user, you should NEVER grant approval to unverified contracts. Always ensure that the contract you're interacting with is verified and trustworthy.
#dapp
#phising
The attacker's strategy was based on obtaining approval for a contract address that hadn't been deployed yet.
Here's a step-by-step breakdown:
1- The attacker used a phishing technique to gain approval on the Tether (USDT) token.
2- They then invoked the Factory Contract to deploy a contract on the approved address.
3- Finally, they executed a function from the newly deployed child contract to transfer the USDT tokens.
The attacker utilized a vanity address for the External Owned Account (EOA) and the Contract to decrease gas costs. However, they transferred the stolen assets to a non-vanity address to avoid the risks associated with vanity addresses.
The core concept behind this attack was the use of Create2 and the ability to predict a contract address, thereby luring the user into granting approval on a contract that hasn't been deployed yet.
Users indeed have the option to verify the address they're planning to grant approval to on a blockchain explorer.
No legitimate decentralized finance (DeFi) application should ever ask you to give approval to an External Owned Account (EOA).
As a regular user, you should NEVER grant approval to unverified contracts. Always ensure that the contract you're interacting with is verified and trustworthy.
#dapp
#phising
π3
Hamid list
Report on USDT Phishing on Polygon network: The attacker's strategy was based on obtaining approval for a contract address that hadn't been deployed yet. Here's a step-by-step breakdown: 1- The attacker used a phishing technique to gain approval on theβ¦
During This Investigation for a friend i saw weird approach on the polygon for charging user for the gas cost
https://polygonscan.com/address/0x0000000000000000000000000000000000001010#code
every polygon transaction contain event from this contract, because the polygon has pre-deployed contract on this address for Matic Token and in every transaction people pay their fee buy using the token transfer in polygon
but this contract is pre-deployed contract and transferring through it doesn't make extra charge on the fee.
they call it MRC20 standard
https://www.reddit.com/r/0xPolygon/comments/sfx4o2/matic_as_a_mrc20_token_versus_just_matic_on_the/
https://polygonscan.com/address/0x0000000000000000000000000000000000001010#code
every polygon transaction contain event from this contract, because the polygon has pre-deployed contract on this address for Matic Token and in every transaction people pay their fee buy using the token transfer in polygon
feeTransfer but this contract is pre-deployed contract and transferring through it doesn't make extra charge on the fee.
they call it MRC20 standard
https://www.reddit.com/r/0xPolygon/comments/sfx4o2/matic_as_a_mrc20_token_versus_just_matic_on_the/
π3
https://github.com/opentimestamps/opentimestamps-server/blob/master/doc/merkle-mountain-range.md
Merkle Mountain Ranges
Merkle Mountain Ranges
GitHub
opentimestamps-server/doc/merkle-mountain-range.md at master Β· opentimestamps/opentimestamps-server
OpenTimestamps Calendar Server. Contribute to opentimestamps/opentimestamps-server development by creating an account on GitHub.
π2
Hamid list
Imagine we have a custom factory contract. This contract has a method that takes a salt as input and deploys a contract using create2. The logic of the deployed contract includes a self-destruct method. Now, the question is: Can we deploy a contract withβ¦
Ethereum Stack Exchange
Is it possible to deploy a contract on the same address after self-destruct?
As far as I understand self-destruct simply deletes the code from a contract and turns it into a regular wallet + it sends all funds to caller/argument. But is there a way to recreate the contract? I
π2
Forwarded from Joris Koopman
HackMD
Aztec - HackMD
Best way to write and share your knowledge in markdown.
π2π₯1
Forwarded from deepcode.eth β’ Roman P
ABDul Rehman TradMod
CreateX? Whats that?
GitHub
GitHub - pcaversaccio/createx: Factory smart contract to make easier and safer usage of the `CREATE` and `CREATE2` EVM opcodesβ¦
Factory smart contract to make easier and safer usage of the `CREATE` and `CREATE2` EVM opcodes as well as of `CREATE3`-based (i.e. without an initcode factor) contract creations. - pcaversaccio/cr...
π2
Labs Community Call (session 7)
Topics:
1- Create3 Opcode ( EIP review)
2- Auth Call ( EIP review)
3- Zk email (Project Review/ Code review)
4- Lookup tables in ZKP proving systems
(Is it hard to discuss all topics in 1 hour but we try our best π )
Time & Link:
Nobitex labs community call
Tuesday, December 5 Β· 5:00 β 6:00pm
Time zone: Asia/Tehran
Google Meet joining info
Video call link: https://meet.google.com/pka-urvn-ynd
Topics:
1- Create3 Opcode ( EIP review)
2- Auth Call ( EIP review)
3- Zk email (Project Review/ Code review)
4- Lookup tables in ZKP proving systems
(Is it hard to discuss all topics in 1 hour but we try our best π )
Time & Link:
Nobitex labs community call
Tuesday, December 5 Β· 5:00 β 6:00pm
Time zone: Asia/Tehran
Google Meet joining info
Video call link: https://meet.google.com/pka-urvn-ynd
Google
Real-time meetings by Google. Using your browser, share your video, desktop, and presentations with teammates and customers.
π1