Security

189 bookmarks
Custom sorting
How to Steal $100M from Flawless Smart Contracts — PWNING
How to Steal $100M from Flawless Smart Contracts — PWNING
My blockchains adventure continues! This time I protected Moonbeam network by disclosing a critical design flaw, safeguarding more than $100M assets at risk in various DeFi projects. I was awarded the maximum reward amount of their bug bounty program on Immunefi, $1M, and $50k bonus from Moonwell (I guess that’s also one of the top 10 highest bug bounties?)
·mirror.xyz·
How to Steal $100M from Flawless Smart Contracts — PWNING
EVM Codes
EVM Codes
An interactive reference to Ethereum Virtual Machine Opcodes
·evm.codes·
EVM Codes
Joran Honig on Twitter
Joran Honig on Twitter
“There are some extremely successful bounty hunters in web3. However, nobody tells you how they do it. Until now. Here is how you can become a bug bounty millionaire. 🧵👇”
·twitter.com·
Joran Honig on Twitter
Catching Weird Security Bugs in Solidity Smart Contracts with Invariant Checks | The Rekt Blog
Catching Weird Security Bugs in Solidity Smart Contracts with Invariant Checks | The Rekt Blog
Contract invariants are properties of the program program state that are expected to always be true. In my previous article I discussed the use of Solidity assertions to check contract invariants. This article expands on the use of invariants and provides a couple of additional examples. An interesting feature of invariant checking on the bytecode level is …
·blog.mythx.io·
Catching Weird Security Bugs in Solidity Smart Contracts with Invariant Checks | The Rekt Blog
razzorsec/AuditorsRoadmap
razzorsec/AuditorsRoadmap
Contribute to razzorsec/AuditorsRoadmap development by creating an account on GitHub.
·github.com·
razzorsec/AuditorsRoadmap
The Immunefi team at the Off The Chain Con
The Immunefi team at the Off The Chain Con
Alejandro Munoz-McDonald, Smart Contract Triager at Immunefi, did a presentation on the world's largest bug bounty payouts that were done through Immunefi's ...
·youtube.com·
The Immunefi team at the Off The Chain Con
tamjid0x01/awesome-smartcontract-hacking: Here we collect and discuss for Smart contract security & Blockchain researches and tools - contributions are welcome.
tamjid0x01/awesome-smartcontract-hacking: Here we collect and discuss for Smart contract security & Blockchain researches and tools - contributions are welcome.
Here we collect and discuss for Smart contract security & Blockchain researches and tools - contributions are welcome. - tamjid0x01/awesome-smartcontract-hacking: Here we collect and discus...
·github.com·
tamjid0x01/awesome-smartcontract-hacking: Here we collect and discuss for Smart contract security & Blockchain researches and tools - contributions are welcome.
eugenioclrc/secureum-a-maze-x-challenges
eugenioclrc/secureum-a-maze-x-challenges
Contribute to eugenioclrc/secureum-a-maze-x-challenges development by creating an account on GitHub.
·github.com·
eugenioclrc/secureum-a-maze-x-challenges
So you want to use a price oracle - Paradigm
So you want to use a price oracle - Paradigm
In late 2019, I published a post titled “Taking undercollateralized loans for fun and for profit”. In it, I described an economic attack on Ethereum dApps that rely on accurate
·paradigm.xyz·
So you want to use a price oracle - Paradigm
Price Oracle Manipulation
Price Oracle Manipulation
In this article we look at type of economic attack on DeFi projects in the form of manipulation of price oracles. On Ethereum, where everything is a smart contract, so too are price oracles. As such…
·extropy-io.medium.com·
Price Oracle Manipulation
Pricing LP tokens | Warp Finance hack | cmichel
Pricing LP tokens | Warp Finance hack | cmichel
This article explores the pricing of liquidity pool (LP) tokens and discusses the recent Warp Finance hack that is closely related to it…
·cmichel.io·
Pricing LP tokens | Warp Finance hack | cmichel
QuillAudits Team – Medium
QuillAudits Team – Medium
Read writing from QuillAudits Team on Medium. Smart Contract Auditing Experts , Making DeFi secure . audits@quillhash.com. Every day, QuillAudits Team and thousands of other voices read, write, and share important stories on Medium.
·medium.com·
QuillAudits Team – Medium
The Dangers of Token Integration
The Dangers of Token Integration
Even the most popular tokens can be deceiving, so understanding risks and common pitfalls when integrating them is fundamental in Ethereum’s composable world...
·youtube.com·
The Dangers of Token Integration
A Guide to Reproducing Ethereum Exploits: Fei Protocol
A Guide to Reproducing Ethereum Exploits: Fei Protocol
This guide, written by whitehat Lucash-dev for Immunefi, will help you set up a local environment and reproduce the Fei Protocol exploit…
·medium.com·
A Guide to Reproducing Ethereum Exploits: Fei Protocol
w3bs3c.com - Web3 Security 101s
w3bs3c.com - Web3 Security 101s
A searchable curated repository of Web3 security 101s brought to you buy https://twitter.com/web3sec
·w3bs3c.com·
w3bs3c.com - Web3 Security 101s
Solidity 101
Solidity 101
101 key aspects of Solidity
·secureum.substack.com·
Solidity 101