EthSecurity – Telegram
EthSecurity
@EthSecurity1
5.21K subscribers
112 photos
20 files
745 links
https://x.com/EthSecurity
@Web3privacyy
Download Telegram
About
Blog
Apps
Platform
Join
EthSecurity
5.21K subscribers
EthSecurity
https://www.theblock.co/post/225364/zksync-unfreeze-millions-stuck
The Block
ZkSync develops 'solution' to unfreeze $1.7 million stuck in smart contract
zkSync has found a solution to release the 921 ETH ($1.7 million) locked in Gemholic's smart contract on the Ethereum Layer 2 network, it claimed.
86 views
EthSecurity
Mev-boost is now semi-permissioned.

A validator blacklist was added as part of the fix last week.

I'm highlighting it because I can find no public announcement or community discussion about this.
github.com/flashbots/mev-
@EthSecurity1
78 viewsedited  
EthSecurity
It seems the @SushiSwap RouterProcessor2 contact has an approve-related bug, which leads to the loss of >$3.3M loss (about 1800 eth)

If you have approved etherscan.io/address/0x044b…, please *REVOKE* ASAP!

One example hack tx: etherscan.io/tx/0xea3480f1f
@EthSecurity1
etherscan.io
Ethereum Account (Invalid Address)
The Ethereum BlockChain Explorer, API and Analytics Platform
86 viewsedited  
EthSecurity
https://ebookfoundation.github.io/free-programming-books/
free-programming-books
List of Free Learning Resources In Many Languages
:books: Freely available programming books
92 views
EthSecurity
Tether geting blacklisting mevbots
🤬1
76 viewsedited  
EthSecurity
FTX held 100 million $ ETH in simple txt :))))
76 views
EthSecurity
Proxy tools for pentesters https://github.com/ph4ntonn/Stowaway/blob/master/README_EN.md
GitHub
Stowaway/README_EN.md at master · ph4ntonn/Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters. Contribute to ph4ntonn/Stowaway development by creating an account on GitHub.
79 views
EthSecurity
Check out new tool: SourceGPT a source code analyzer and prompt manager built on top of ChatGPT as the oracle. Then a set of prompt for security purposes can be found at the link provided below

https://github.com/NightmareLab/SourceGPT/tree/main/use_cases
@EthSecurity1
GitHub
SourceGPT/use_cases at main · NightmareLab/SourceGPT
SourceGPT - prompt manager and source code analyzer built on top of ChatGPT as the oracle - NightmareLab/SourceGPT
78 viewsedited  
EthSecurity
Hacking play-to-earn blockchain games: The case of Manarium

https://www.blazeinfosec.com/post/hacking-play-2-earn-blockchain-games-manarium/

@secuelydevv
Blaze Information Security
Hacking Play-to-Earn Blockchain Games: The Case Of Manarium
This post provides an overview of hacking play-to-earn blockchain games and common security pitfalls affecting P2E. It explains in detail how several vulnerabilities were discovered in a P2E game named Manarium.
80 views
EthSecurity
There was misconfigured in yearnfinance. It made 10 m $ hack today

It seems like the iearn USDT token (yUSDT) has been broken since deploy, which was *checks notes* over 1000 days ago. It was misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.
🔥1
93 views
EthSecurity
https://github.com/edoardottt/awesome-hacker-search-engines
GitHub
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing,…
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more - edoardottt/awesome-hacker-search-engines
98 views
EthSecurity
Are you familiar with the challenges borrowing and lending protocols face?
#web3sec #defi
Dive into:
- Illiquid liquidations
- Collateral Safeness
- The dangers of governance
- Oracle risk and cost of manipulation

https://tokeninsight.com/en/research/market-analysis/the-7-deadly-sins-of-lending-protocols
@EthSecurity1
Tokeninsight
The 7 Deadly Sins of Lending Protocols
Lending protocols have been a major target for hacks and attacks over the last few years, as many platforms often fail to ensure the security of their code, while others overestimate the safety of their economic designs. However, the industry has been learning…
2
374 viewsedited  
EthSecurity
https://l2beat.com/scaling/risk
L2BEAT
Risk Analysis - L2BEAT
Understand the risks of Ethereum scaling solutions using L2BEAT’s assessments.
129 views
EthSecurity
Channel name was changed to «EthSecurity»
EthSecurity
The #Cairo Programming Language Book, a comprehensive documentation of the Cairo 1 programming language cairo-book.github.io
Blockchain dark forest selfguard handbook. Master these, master the security of your #cryptocurrency. #web3sec #web3 #DeFi
darkhandbook.io
@EthSecurity1
👍1
139 views
EthSecurity
https://gist.github.com/Amxx/ec7992a21499b6587979754206a48632
Gist
ERC4626 offset explainer
ERC4626 offset explainer. GitHub Gist: instantly share code, notes, and snippets.
121 views
EthSecurity
sort of great DB https://dune.com/pcaversaccio/smart-contract-deployment-statistics https://dune.com/pcaversaccio/minimal-proxies https://dune.com/pcaversaccio/selfdestruct @EthSecurity1
Dune
Smart Contract Deployment Statistics
Dune is the all-in-one crypto data platform — query with SQL, stream data via APIs & DataShare, and publish interactive dashboards across 100+ blockchains.
121 views
EthSecurity
https://ethresear.ch/t/equivocation-attacks-in-mev-boost-and-epbs/15338
Ethereum Research
Equivocation attacks in mev-boost and ePBS
Equivocation attacks in mev-boost and ePBS authors (alphabetically) francesco d’amato & mike neuder – April 18, 2023 cross posted at Equivocation attacks in mev-boost and ePBS - HackMD tl;dr; We analyze “equivocation” attacks, in which a malicious proposer…
👍1
120 views
EthSecurity
https://github.com/0xsequence/create3
GitHub
GitHub - 0xsequence/create3: CREATE3 (see EIP-3171) implemented in Solidity
CREATE3 (see EIP-3171) implemented in Solidity. Contribute to 0xsequence/create3 development by creating an account on GitHub.
118 views
EthSecurity
If a protocol uses any of the OpenZeppelin libraries, always check that the latest released version is used. Thus, you will be sure the most optimized version is used.

You can find vulnerabilities associated with previous versions here👇 https://security.snyk.io/package/npm/%40openzeppelin%2Fcontracts @EthSecurity1
Find detailed information and remediation guidance for vulnerabilities and misconfigurations.
@openzeppelin/contracts vulnerabilities | Snyk
Learn more about known vulnerabilities in the @openzeppelin/contracts package.
131 viewsedited  
EthSecurity
https://t.co/GAkD1dblod
mirror.xyz
The zk-ECDSA Landscape
This post was authored by grantee Blake M Scurr. His mandate was to explore zk-ECDSA, build applications with zk-ECDSA, and contribute to ZKPs to make this vision come true.
135 views