https://ethnoscriptions.com
It's cheaper and more decentralized than using contract storage.
Also protocol guarantees global uniqueness of the content of all valid Ethnoscriptions!
Plus it's skating to where the puck is going in an L2 world. https://ethereumpunks.net
@EthSecurity1
It's cheaper and more decentralized than using contract storage.
Also protocol guarantees global uniqueness of the content of all valid Ethnoscriptions!
Plus it's skating to where the puck is going in an L2 world. https://ethereumpunks.net
@EthSecurity1
🔥3
EthSecurity
https://ethnoscriptions.com It's cheaper and more decentralized than using contract storage. Also protocol guarantees global uniqueness of the content of all valid Ethnoscriptions! Plus it's skating to where the puck is going in an L2 world. https://ethereumpunks.net…
ESIP-1: Smart Contract Support
Specification
Incorporate two new smart contract events into the Ethnoscriptions Protocol:
- TransferEthnoscription(address indexed recipient, bytes32 indexed ethnoscriptionTxHash)
- CreateEthnoscription(address indexed initialOwner, string dataURI)
When a contract emits TransferEthnoscription, the protocol should register a valid ethnoscription transfer from the contract to
When a contract emits CreateEthnoscription, the protocol should register a valid ethnoscription creation, provided the dataURI is valid and unique. The initial owner will be
Rationale
Ethnoscriptions can be transferred to any address, which means smart contracts can own them. However, smart contracts cannot currently transfer or create ethnoscriptions themselves.
This inhibits the creation of protocol-native apps that require smart contracts, such as marketplaces. Further, it makes the protocol difficult to use for smart contract wallet users.
This proposal lays out a simple and low gas mechanism for enabling smart contracts to transfer and create ethnoscriptions, thereby creating parity between smart contracts and EOAs under the protocol.
Indexing these events across all contracts increases the burden of operating an indexer, but this extra cost is incremental given that indexers must inspect the calldata of every transaction anyway.
⚙️what triggers the creation would be the calldata of the transaction where you told the contract to do that—only that transaction gets a real transaction hash, which is the ethnoscription id.
@EthSecurity1
Specification
Incorporate two new smart contract events into the Ethnoscriptions Protocol:
- TransferEthnoscription(address indexed recipient, bytes32 indexed ethnoscriptionTxHash)
- CreateEthnoscription(address indexed initialOwner, string dataURI)
When a contract emits TransferEthnoscription, the protocol should register a valid ethnoscription transfer from the contract to
recipient of the ethnoscription created in transaction hash ethnoscriptionTxHash, provided the contract owns that ethnoscription when emitting the event.When a contract emits CreateEthnoscription, the protocol should register a valid ethnoscription creation, provided the dataURI is valid and unique. The initial owner will be
initialOwner.Rationale
Ethnoscriptions can be transferred to any address, which means smart contracts can own them. However, smart contracts cannot currently transfer or create ethnoscriptions themselves.
This inhibits the creation of protocol-native apps that require smart contracts, such as marketplaces. Further, it makes the protocol difficult to use for smart contract wallet users.
This proposal lays out a simple and low gas mechanism for enabling smart contracts to transfer and create ethnoscriptions, thereby creating parity between smart contracts and EOAs under the protocol.
Indexing these events across all contracts increases the burden of operating an indexer, but this extra cost is incremental given that indexers must inspect the calldata of every transaction anyway.
⚙️what triggers the creation would be the calldata of the transaction where you told the contract to do that—only that transaction gets a real transaction hash, which is the ethnoscription id.
@EthSecurity1
⚡2❤1
Bridge Bug Tracker https://github.com/0xDatapunk/Bridge-Bug-Tracker
Alloy: Fast, battle-tested and well-documented building blocks for Ethereum, in Rust https://github.com/alloy-rs/core/releases/tag/v0.2.0
@EthSecurity1
Alloy: Fast, battle-tested and well-documented building blocks for Ethereum, in Rust https://github.com/alloy-rs/core/releases/tag/v0.2.0
@EthSecurity1
GitHub
GitHub - 0xDatapunk/Bridge-Bug-Tracker: Hacks/Vulns/Audits Compilation
Hacks/Vulns/Audits Compilation. Contribute to 0xDatapunk/Bridge-Bug-Tracker development by creating an account on GitHub.
👍3
Vulnerability Detection with Automatic Semantical Oracles
Finding Permission Bugs in Smart Contracts with Role Mining Access Control
AChecker: Statically Detecting Smart Contract Access Control Vulnerabilities Access Control
@EthSecurity1
Finding Permission Bugs in Smart Contracts with Role Mining Access Control
AChecker: Statically Detecting Smart Contract Access Control Vulnerabilities Access Control
@EthSecurity1
Last week, Shido Global was exploited on BSC through a flash loan attack, allowing the attacker to steal around 977 WBNB from the pool. https://explorer.phalcon.xyz/tx/bsc/0x72f8dd2bcfe2c9fbf0d933678170417802ac8a0d8995ff9a56bfbabe3aa712d6I
@EthSecurity1
@EthSecurity1
🔥4😢1
Mastering Fuzzing
https://github.com/Elpacos/mastering-fuzzing
It provides several practical examples of fuzzing using both Echidna & Foundry, two popular property based testing tools @EthSecurity1
https://github.com/Elpacos/mastering-fuzzing
It provides several practical examples of fuzzing using both Echidna & Foundry, two popular property based testing tools @EthSecurity1
GitHub
GitHub - Elpacos/mastering-fuzzing: Practical fuzzing examples for the mastering fuzzing talk
Practical fuzzing examples for the mastering fuzzing talk - Elpacos/mastering-fuzzing
❤3
These results are from a 1-hour long bot-race & not a full-fledged audit.
Wake up to the reality anon, ChatGPT & bots will soon eradicate the lower rungs of bugs from any codebase.
Only the auditors that dare to dive deep will survive this battlefield.
https://gist.github.com/liveactionllama/27513952718ec3cbcf9de0fda7fef49c
@Ethsecurity1
Wake up to the reality anon, ChatGPT & bots will soon eradicate the lower rungs of bugs from any codebase.
Only the auditors that dare to dive deep will survive this battlefield.
https://gist.github.com/liveactionllama/27513952718ec3cbcf9de0fda7fef49c
@Ethsecurity1
Gist
Winning bot race submission
Winning bot race submission. GitHub Gist: instantly share code, notes, and snippets.
❤5
This POC shows you how to perform view-only reentrancy
Just copy paste the code into your tests as an integration test
For Auditors: Apply the check to test if an oracle is safe or not (test against all uses, see sturdy) https://github.com/sherlock-audit/2022-12-sentiment-judging/issues/7
@EthSecurity1
Just copy paste the code into your tests as an integration test
For Auditors: Apply the check to test if an oracle is safe or not (test against all uses, see sturdy) https://github.com/sherlock-audit/2022-12-sentiment-judging/issues/7
@EthSecurity1
GitHub
GalloDaSballo - H-01 wstETH-ETH Curve LP Token Price can be manipulated to Cause Unexpected Liquidations · Issue #7 · sherlock…
GalloDaSballo high H-01 wstETH-ETH Curve LP Token Price can be manipulated to Cause Unexpected Liquidations Summary The wsteETH-ETH LP token is priced via it's virtual_price Through what Chaina...
❤2
poly chain hack https://dedaub.com/blog/poly-chain-hack-postmortem
security alerts channel because of twitter restriction https://news.1rj.ru/str/web3_security_alerts @EthSecurity1
security alerts channel because of twitter restriction https://news.1rj.ru/str/web3_security_alerts @EthSecurity1
Dedaub
Poly Network Hack Postmortem
Poly Network Hack | GPTPoly Network's $34b notional hack on July 2, 2023, was due to misused private keys, not a smart contract bug.
❤2
EthSecurity
Vulnerability Detection with Automatic Semantical Oracles Finding Permission Bugs in Smart Contracts with Role Mining Access Control AChecker: Statically Detecting Smart Contract Access Control Vulnerabilities Access Control @EthSecurity1
Vulnerability Detection with Automatic Semantical Oracles
Towards Automated Verification of Smart Contract Fairness Fairness Property
Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts @EthSecurity1
Towards Automated Verification of Smart Contract Fairness Fairness Property
Clockwork Finance: Automated Analysis of Economic Security in Smart Contracts @EthSecurity1
❤3👍3
common Smart contract vulnerabilities by Raiders
https://blog.web3sec.news/posts/common-smart-contract-vulnerabilities-audit-checklist/
https://crosschainriskframework.github.io
Crosschain Risk Framework @EthSecurity1
https://blog.web3sec.news/posts/common-smart-contract-vulnerabilities-audit-checklist/
https://crosschainriskframework.github.io
Crosschain Risk Framework @EthSecurity1
❤6👍1
How to diff contracts against Etherscan verified code https://blog.theredguild.org/how-to-diff-smart-contracts-etherscan/
https://github.com/lidofinance/diffyscan
@EthSecurity1
https://github.com/lidofinance/diffyscan
@EthSecurity1
The Red Guild
How to diff contracts against Etherscan verified code
How to compare smart contracts in GitHub against verified code in Etherscan using Diffyscan.
🔥6
The zero-knowledge attack of the year might just have happened, or how Nova got broken @EthSecurity1
www.zksecurity.xyz
The zero-knowledge attack of the year might just have happened, or how Nova got broken - ZKSECURITY
Last week, a strange paper (by Wilson Nguyen et al.) came out: Revisiting the Nova Proof System on a Cycle of Curves. Its benign noscript might have escaped the attention of many, but within its pages lied one of the most impressive and devastating attack on…
Forwarded from Rektoff
Gm Rektoffians!
We’ve prepared an alpha-only web3 security telegram pack so you can always stay up to date with market trends, cool articles and useful groups 👥
Add it with the following link:
https://news.1rj.ru/str/addlist/b0NZzSm3Q9gxYTMy
And feel free to share your gem channels under this post in case we missed something.
Stay Rektoff😀
We’ve prepared an alpha-only web3 security telegram pack so you can always stay up to date with market trends, cool articles and useful groups 👥
Add it with the following link:
https://news.1rj.ru/str/addlist/b0NZzSm3Q9gxYTMy
And feel free to share your gem channels under this post in case we missed something.
Stay Rektoff
Please open Telegram to view this post
VIEW IN TELEGRAM
🫡5
BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack.
2 Hours Web3 Smart Contract Security Interview with Dravee.
@EthSecurity1
2 Hours Web3 Smart Contract Security Interview with Dravee.
@EthSecurity1
YouTube
2 Hours Web3 Smart Contract Security Interview with Dravee
Join the Blockchain Security Academy,
GET 100$ Discount on the Smart Contract Hacking Course:
https://johnnytime.xyz/smart-contract-hacker
An awesome interview with our special guest, Dravee. In this interview, we'll delve deep into Dravee's experiences…
GET 100$ Discount on the Smart Contract Hacking Course:
https://johnnytime.xyz/smart-contract-hacker
An awesome interview with our special guest, Dravee. In this interview, we'll delve deep into Dravee's experiences…
❤3
still stuck using csv? well there’s a new tool for anyone that enjoys rust, parquet, or crypto data…
❄️🧊cryo🧊❄️
you can use cryo to easily extract:
- blocks
- txs
- logs
- call traces
- slot traces
- balance traces
- nonce traces
- code traces
- vm traces
cryo can extract all historical uniswap trades with this command:
cryo logs --topic0 0xc42079f94a6350d7e6235f29174924f928cc2ac818eb64fed8004e115fbcca67
@EthSecurity1
❄️🧊cryo🧊❄️
you can use cryo to easily extract:
- blocks
- txs
- logs
- call traces
- slot traces
- balance traces
- nonce traces
- code traces
- vm traces
cryo can extract all historical uniswap trades with this command:
cryo logs --topic0 0xc42079f94a6350d7e6235f29174924f928cc2ac818eb64fed8004e115fbcca67
@EthSecurity1
GitHub
GitHub - paradigmxyz/cryo: cryo is the easiest way to extract blockchain data to parquet, csv, json, or python dataframes
cryo is the easiest way to extract blockchain data to parquet, csv, json, or python dataframes - paradigmxyz/cryo
🔥6👍2