started with solidity, played CTF/Challenge(s) such as HTB & Ethernaut (playing until death 🫡), Learned many things and at this point, i want to start Auditing on the past CodeHawks's First Flights 🦅✈️ and i want to write report at the specified time, then want to check other auditor's submission and compare with myself. hope to learn many things 🥷
🍷 Enjoy The Road
🍷 Enjoy The Road
🦅✈️ First Flight 1️⃣
https://www.codehawks.com/contests/clnuo221v0001l50aomgo4nyn
🔴 [HIGH-0] user can access the value of s_password and s_owner variables beacuse of the storage layout. we can get the value and decode them.
🔴 [HIGH-1] there is not any limit on setPassword() function. user can access the setPassword() function without any limit and can change the value of s_password;
⚪️ [INFO-0] should declare errors out of the contract ( make them global )
⚪️ [INFO-1] should change the name of errors.
🍷 Learned :
1️⃣ sensitive variables mustn't have the default value during deploying. deployer must pass the value to constructor and set the new value there.
https://www.codehawks.com/contests/clnuo221v0001l50aomgo4nyn
🔴 [HIGH-0] user can access the value of s_password and s_owner variables beacuse of the storage layout. we can get the value and decode them.
cast storage $CONTRACT_ADDRESS 0 # s_owner
cast storage $CONTRACT_ADDRESS 1 # s_password
🔴 [HIGH-1] there is not any limit on setPassword() function. user can access the setPassword() function without any limit and can change the value of s_password;
⚪️ [INFO-0] should declare errors out of the contract ( make them global )
⚪️ [INFO-1] should change the name of errors.
🍷 Learned :
1️⃣ sensitive variables mustn't have the default value during deploying. deployer must pass the value to constructor and set the new value there.
📜 About Remappings in foundry ( something like
🔗 https://book.getfoundry.sh/projects/dependencies#remapping-dependencies
alias )🔗 https://book.getfoundry.sh/projects/dependencies#remapping-dependencies
🪖 Glider
1️⃣ Hexens Secureum Workshop
2️⃣ JohnnyTime YT Video
3️⃣ Owen YT Video [1] - [2]
4️⃣ daily-glider
5️⃣ Glider Gitbook
6️⃣ Kasper Zwijsen
7️⃣ Officer CIA
8️⃣ rxyz's YT
1️⃣ Hexens Secureum Workshop
2️⃣ JohnnyTime YT Video
3️⃣ Owen YT Video [1] - [2]
4️⃣ daily-glider
5️⃣ Glider Gitbook
6️⃣ Kasper Zwijsen
7️⃣ Officer CIA
8️⃣ rxyz's YT
YouTube
This Web3 Security Tool Transform a $1,000 to a $1,000,000 Bounty | Glider by Hexens Tutorial
This Web3 Security Tool Changes The Game | Glider by Hexens Tutorial
Glider, a powerful new tool created by Hexens, is here to take your Web3 bug-hunting game to the next level. In this video, I’ll show you how to leverage Glider to uncover vulnerabilities…
Glider, a powerful new tool created by Hexens, is here to take your Web3 bug-hunting game to the next level. In this video, I’ll show you how to leverage Glider to uncover vulnerabilities…
👑 ALΞCTRONA - The Educational Hub for Blockchain & Smart Contract Security!
🔗 https://linktr.ee/alectrona.eth
🔗 https://linktr.ee/alectrona.eth
Linktree
@Alectrona.eth | Twitter | Linktree
ALΞCTRONA - The Educational Hub for Blockchain & Smart Contract Security!
🔥2
📝 Smart Contract Layout
1️⃣ Pragma statements
2️⃣ Import statements
3️⃣ Interfaces
4️⃣ Libraries
5️⃣ Contracts
📝 Inside contract, library or interface :
1️⃣ State variables
2️⃣ Events
3️⃣ Modifiers
4️⃣ Struct, Arrays or Enums
5️⃣ Constructor
6️⃣ Fallback OR Receive function
7️⃣ External functions
8️⃣ Public functions
9️⃣ Internal functions
🔟 Private functions
1️⃣ Pragma statements
2️⃣ Import statements
3️⃣ Interfaces
4️⃣ Libraries
5️⃣ Contracts
📝 Inside contract, library or interface :
1️⃣ State variables
2️⃣ Events
3️⃣ Modifiers
4️⃣ Struct, Arrays or Enums
5️⃣ Constructor
6️⃣ Fallback OR Receive function
7️⃣ External functions
8️⃣ Public functions
9️⃣ Internal functions
🔟 Private functions
💻 Deployed my First contract using thirdweb :
🤩 you can deploy & verify your smart contract just using one command & many other options
🔗 https://sepolia.etherscan.io/address/0xA4B8E72aB7a1BE73470Bd6207774ac2d474700A6
@nxenon54 ❤️😆
npx thirdweb deploy
🤩 you can deploy & verify your smart contract just using one command & many other options
🔗 https://sepolia.etherscan.io/address/0xA4B8E72aB7a1BE73470Bd6207774ac2d474700A6
@nxenon54 ❤️😆
Ethereum (ETH) Blockchain Explorer
AminIsGay | Address 0xA4B8E72aB7a1BE73470Bd6207774ac2d474700A6 | Etherscan
The Contract Address 0xA4B8E72aB7a1BE73470Bd6207774ac2d474700A6 page allows users to view the source code, transactions, balances, and analytics for the contract address. Users can also interact and make transactions to the contract directly on Etherscan.
🍷🥷 Thanks @solidityscan for "SolidityScan Pro Plan trial"
⚙️ Everyone should use this powerful Tool
⚙️ Everyone should use this powerful Tool
🍾1
KS note
🪄 Advices From Konata - white hat hacker🥷
🪄 Advices From Mackenzie - Hacker Success At immunefi
🔗 https://x.com/adrianhetman/status/1610261306761781251
🔗 https://x.com/adrianhetman/status/1610261306761781251
🍾2