BlockChain

On the 30th of July, 2023, multiple Curve.Fi liquidity pools were exploited as a result of a latent vulnerability in the Vyper compiler, specifically in versions 0.2.15, 0.2.16, and 0.3.0. While bug was identified and patched by the v0.3.1 release, the impact to protocols using the vulnerable compilers was not realized at the time and they were not explicitly notified. The vulnerability itself was an improperly implemented re-entrancy guard that could be bypassed under certain conditions which we will delve into in this report.

“Watchdog analyses operate on the actual bytecode of contracts (via decompilation as seen here) As a result, compiler bugs can also be caught by these analyses Yesterday's @CurveFinance hack could have been prevented had a cross-reentrancy analysis on this codebase been run”

Join Gilbert G of Macro for a talk titled, "Demystifying EVM Opcodes." This workshop is part of ETHNewYork 2022, a three-day in person hackathon that will fe...

Fill out a RareSkills blockchain application form & enroll in one of our many solidity and Web3 blockchain programming developer courses to do your dream job.

Learn & Contribute on previously exploited vulnerabilities across several EVM projects. - coinspect/learn-evm-attacks: Learn & Contribute on previously exploited vulnerabilities acr...

Practical fuzzing examples for the mastering fuzzing talk - Elpacos/mastering-fuzzing: Practical fuzzing examples for the mastering fuzzing talk

An Ultimate, In-depth Explanation of How EVM Works.

This course was created by Dominik Teiml, Ethereum Tech Lead at Ackee Blockchain, and is intended for anyone interested in an advanced, in-depth study of the...

A bunch of notes for beginners learning solidity

Chainlink price feeds are reliable, but it is crucial to have circuit breakers to prevent any issues from a single source. Using a single entity is not ideal from a decentralization perspective as well, and it is better to have backup plans in case of system failure. Many developers were

I was never a good student at math. Math made me uncomfortable. But investing in Defi gets me to re-study it. And this time, I found its…

Fuzz testing is an invaluable tool for finding & maximizing precision loss vulnerabilities..

This article is an overview of Kurt Barry's seminar at Spearbit on performing numerical analysis on DeFi projects to identify vulnerabilities. Spearbit is a decentralized and industry-leading blockchain security services firm pairing protocols with top security researchers with deep subject matter e

We review how DeFi protocols facilitate borrowing and lending.

MEV / Sandwich / Front-run & Back-run:

Code examples in Yul. Contribute to Perelyn-sama/yul_by_example development by creating an account on GitHub.

Awesome list of all things oracle manipulation. Creating to help spread a better understanding of oracles and oracle manipulation. - 0xcacti/awesome-oracle-manipulation: Awesome list of all things ...

A new tool for teams & individuals that blends everyday work apps into one.

This article is the result of reviewing the technical details from many of this year's Smart Contract Vulnerabilities and Exploits in and around the Ethereum ecosystem.

“Here is how you can get an easy H/M on @code4rena or @sherlockdefi. A 🧵 about the CREATE2 optcode👇”

Observations and tips for auditing protocols on multiple chains 🧐 - 0xJuancito/multichain-auditor: Observations and tips for auditing protocols on multiple chains 🧐

“1/9:🔒✨Attention auditors! Don't overlook this crucial step in upgradable contracts. Discover why reviewing constructors and initialize functions is crucial You can use your Solidity contracts with OpenZeppelin Upgrades without modifications... Wait, without any modification?”

Contribute to pashov/audits development by creating an account on GitHub.

Contribute to dragonfly-xyz/useful-solidity-patterns development by creating an account on GitHub.

Here we collect and discuss the best DeFI & Blockchain researches and tools. Feel free to DM me on Twitter or open pool request. - OffcierCia/ultimate-defi-research-base: Here we collect a...