Security

185 bookmarks
Custom sorting
Hickup’s ZK Journey
Hickup’s ZK Journey
A new tool that blends your everyday work apps into one. It's the all-in-one workspace for you and your team
·sunrise-clerk-234.notion.site·
Hickup’s ZK Journey
If you are doing an audit of DeFi protocol (CDP/Lending, LSD, AMM):
If you are doing an audit of DeFi protocol (CDP/Lending, LSD, AMM):
You should read these articles 👇 👉 Typical vulnerabilities in lending and CDP protocols: 🔗 👉 Typical vulnerabilities in LSD protocols: 🔗 👉 Typical… — Shieldify Security (@ShieldifySec)
·x.com·
If you are doing an audit of DeFi protocol (CDP/Lending, LSD, AMM):
33Audits on X: "If you're a Smart Contract Auditor, then you're probably aware of the $2.35 Million dollar contest that @Uniswap @UniswapFND is having on @cantinaxyz next week. However, not many people are sharing how to prepare for the audit. If you're planning on joining the audit next" / X
33Audits on X: "If you're a Smart Contract Auditor, then you're probably aware of the $2.35 Million dollar contest that @Uniswap @UniswapFND is having on @cantinaxyz next week. However, not many people are sharing how to prepare for the audit. If you're planning on joining the audit next" / X
However, not many people are sharing how to prepare for the audit. If you're planning on joining the audit next… — 33Audits (@solidityauditor)
·x.com·
33Audits on X: "If you're a Smart Contract Auditor, then you're probably aware of the $2.35 Million dollar contest that @Uniswap @UniswapFND is having on @cantinaxyz next week. However, not many people are sharing how to prepare for the audit. If you're planning on joining the audit next" / X
0xDanki
0xDanki
Blockchain Developer, Security and DeFi Nerd, a Friendly Donkey
·mirror.xyz·
0xDanki
Synthetix Staking Rewards Issue - Inefficient Reward Distribution
Synthetix Staking Rewards Issue - Inefficient Reward Distribution

The core of the issue lies in the timing between two critical function calls: notifyRewardAmount(): This function is called to start a new reward period and to set the amount of rewards that will be distributed during this period. stake(): This function is used by stakers to stake their tokens and begin earning rewards. The problem arises when there is a delay (Y) between the execution of notifyRewardAmount() and the first call to stake() in a new reward period. Here’s a step-by-step explanation: Step 1: At block timestamp X, notifyRewardAmount() is called, initiating a new reward period intended to last for 2,592,000 seconds (one month). Step 2: There is a delay of Y seconds before the first stake() call is made. For example, if Y is 1,800 seconds (30 minutes), then no tokens are staked to earn rewards during these 1,800 seconds. Step 3: Because the reward distribution is set to end at X + 2,592,000 seconds (the end of the month from the start time), the rewards that would have been distributed during the initial 1,800 seconds (when no tokens were staked) remain undistributed and are essentially locked in the contract until the next reward period begins. Consequences This delay results in: Underutilization of Rewards: The 1,800 tokens that could have been distributed during the initial delay remain unused. This means less overall distribution of rewards during the period, which is inefficient. Locked Rewards: These undistributed rewards are locked in the contract and do not benefit any stakers. They only become relevant or usable in the next reward cycle, which could potentially lead to discrepancies in reward expectations and planning for stakers.

#staking#synthetix#loss-of-funds
·0xmacro.com·
Synthetix Staking Rewards Issue - Inefficient Reward Distribution
Zhuo Zhang | Purdue CS | Offside Labs on X: "1/7 📷 Attention Web3 hackers and developers! Ever hit a snag with a (forked) on-chain contract revert while working on PoC for bug bounties, or found yourself puzzled by complex contracts like Uniswap v3? Check out what we're showcasing in the video! https://t.co/pL0KFG3KXv" / X
Zhuo Zhang | Purdue CS | Offside Labs on X: "1/7 📷 Attention Web3 hackers and developers! Ever hit a snag with a (forked) on-chain contract revert while working on PoC for bug bounties, or found yourself puzzled by complex contracts like Uniswap v3? Check out what we're showcasing in the video! https://t.co/pL0KFG3KXv" / X
1/7 📷 Attention Web3 hackers and developers! Ever hit a snag with a (forked) on-chain contract revert while working on PoC for bug bounties, or found yourself puzzled by complex contracts like Uniswap v3? Check out what we're showcasing in the video!https://t.co/pL0KFG3KXv— Zhuo Zhang | Purdue CS | Offside Labs (@i2huer) April 3, 2024
·twitter.com·
Zhuo Zhang | Purdue CS | Offside Labs on X: "1/7 📷 Attention Web3 hackers and developers! Ever hit a snag with a (forked) on-chain contract revert while working on PoC for bug bounties, or found yourself puzzled by complex contracts like Uniswap v3? Check out what we're showcasing in the video! https://t.co/pL0KFG3KXv" / X
Security Incidents
Security Incidents
This list documents exploit with associated amounts exceeding $100K.
·phalcon.blocksec.com·
Security Incidents
TWAP Oracles For Auditors
TWAP Oracles For Auditors
What is a TWAP? A TWAP oracle is a Time-weighted average price oracle that calculates the average price of an asset over some predetermined period of time. If a user wants to know the price of ETH over 28 days then the TWAP will return the average pr...
·33audits.hashnode.dev·
TWAP Oracles For Auditors
EVM Opcodes & Solidity Gas Mastery Tutorial | Cyfrin Updraft Assembly & Formal Verification Excerpt
EVM Opcodes & Solidity Gas Mastery Tutorial | Cyfrin Updraft Assembly & Formal Verification Excerpt
This is an excerpt from the upcoming Assembly, Opcodes, and Formal Verification course. We go over the following in this video: - How to write a smart contract in Opcodes (with Huff!) - How to disassemble a smart contract - How to read the bytecode of a smart contact (without it even being verified on Etherscan!) - How to write Yul/Inline assembly in Solidity - How to truly become a gas optimization professional using low-level programming languages - How the Opcodes in the EVM work GitHub repo associated with this video: https://github.com/Cyfrin/1-horse-store-s23 GitHub Repo for the coming course: https://github.com/Cyfrin/assembly-evm-opcodes-and-formal-verification-course Security Course on Updraft: https://updraft.cyfrin.io/courses/security Register for Cyfrin Updraft: https://updraft.cyfrin.io/ ⏰ Timestamps ⏰ 0:00:00 | Introduction 0:02:57 | Horse Store - Huff & Opcodes 2:07:39 | Breaking down solidity compiled opcodes 3:24:47 | Yul 3:48:40 | HorseStoreV2 - Huff 4:28:30 | Gas Comparisons & Summary 😸😸Follow Patrick!😸😸 Cyfrin: https://www.cyfrin.io/ YouTube: https://www.youtube.com/@PatrickAlphaC/videos Twitter: https://twitter.com/patrickalphac Medium: https://medium.com/@patrickalphac TikTok: https://www.tiktok.com/@patrickalphac 🛡️ More Cyfrin CodeHawks: https://codehawks.com/ Solodit: https://solodit.xyz/ Updraft: https://updraft.cyfrin.io/ All thoughts and opinions are my own.
·youtube.com·
EVM Opcodes & Solidity Gas Mastery Tutorial | Cyfrin Updraft Assembly & Formal Verification Excerpt