Security

My blockchains adventure continues! This time I protected Moonbeam network by disclosing a critical design flaw, safeguarding more than $100M assets at risk in various DeFi projects. I was awarded the maximum reward amount of their bug bounty program on Immunefi, $1M, and $50k bonus from Moonwell (I guess that’s also one of the top 10 highest bug bounties?)

An interactive reference to Ethereum Virtual Machine Opcodes

“There are some extremely successful bounty hunters in web3. However, nobody tells you how they do it. Until now. Here is how you can become a bug bounty millionaire. 🧵👇”

Contract invariants are properties of the program program state that are expected to always be true. In my previous article I discussed the use of Solidity assertions to check contract invariants. This article expands on the use of invariants and provides a couple of additional examples. An interesting feature of invariant checking on the bytecode level is …

Semgrep rules for smart contracts based on DeFi exploits - Raz0r/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits

Contribute to razzorsec/AuditorsRoadmap development by creating an account on GitHub.

A Guide on How to Start and Common Bugs you can Find, All in 13 Quick Parts

Alejandro Munoz-McDonald, Smart Contract Triager at Immunefi, did a presentation on the world's largest bug bounty payouts that were done through Immunefi's ...

Here we collect and discuss for Smart contract security & Blockchain researches and tools - contributions are welcome. - tamjid0x01/awesome-smartcontract-hacking: Here we collect and discus...

Contribute to euler-xyz/uni-v3-twap-manipulation development by creating an account on GitHub.

Contribute to eugenioclrc/secureum-a-maze-x-challenges development by creating an account on GitHub.

Background

You are probably safe, but be aware…

This post aims to be a relatively in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity...

In late 2019, I published a post titled “Taking undercollateralized loans for fun and for profit”. In it, I described an economic attack on Ethereum dApps that rely on accurate

Price manipulation, now with 100% more blockchain

In this article we look at type of economic attack on DeFi projects in the form of manipulation of price oracles. On Ethereum, where everything is a smart contract, so too are price oracles. As such…

This article explores the pricing of liquidity pool (LP) tokens and discusses the recent Warp Finance hack that is closely related to it…

Read writing from QuillAudits Team on Medium. Smart Contract Auditing Experts , Making DeFi secure . audits@quillhash.com. Every day, QuillAudits Team and thousands of other voices read, write, and share important stories on Medium.

Hiding actions and generating random numbers

Even the most popular tokens can be deceiving, so understanding risks and common pitfalls when integrating them is fundamental in Ethereum’s composable world...

This guide, written by whitehat Lucash-dev for Immunefi, will help you set up a local environment and reproduce the Fei Protocol exploit…

Get up to speed on Maximum Extractable Value. Contribute to 0xalpharush/awesome-MEV-resources development by creating an account on GitHub.

A searchable curated repository of Web3 security 101s brought to you buy https://twitter.com/web3sec

Research at Protocol Labs. Contribute to protocol/research development by creating an account on GitHub.

A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected - sec-bit/awesome-buggy-erc20-tokens: A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected