Forwarded from EthSecurity
Are you familiar with the challenges borrowing and lending protocols face?
#web3sec #defi
Dive into:
- Illiquid liquidations
- Collateral Safeness
- The dangers of governance
- Oracle risk and cost of manipulation
https://tokeninsight.com/en/research/market-analysis/the-7-deadly-sins-of-lending-protocols
@EthSecurity1
#web3sec #defi
Dive into:
- Illiquid liquidations
- Collateral Safeness
- The dangers of governance
- Oracle risk and cost of manipulation
https://tokeninsight.com/en/research/market-analysis/the-7-deadly-sins-of-lending-protocols
@EthSecurity1
Tokeninsight
The 7 Deadly Sins of Lending Protocols
Lending protocols have been a major target for hacks and attacks over the last few years, as many platforms often fail to ensure the security of their code, while others overestimate the safety of their economic designs. However, the industry has been learning…
Forwarded from EthSecurity
Web3 Dev
1)How do you construct a lending protocol that supports arbitrary collateral, has no oracles, and has no expirations?
Read the whitepaper to find out:
paradigm.xyz/2023/05/blend
2) Web3education.dev brought by patrick collins
@EthSecurity1
1)How do you construct a lending protocol that supports arbitrary collateral, has no oracles, and has no expirations?
Read the whitepaper to find out:
paradigm.xyz/2023/05/blend
2) Web3education.dev brought by patrick collins
@EthSecurity1
Paradigm
Blend: Perpetual Lending With NFT Collateral - Paradigm
Paradigm is a research-driven crypto investment firm that funds companies and protocols from their earliest stages.
👍1
Forwarded from EthSecurity
If you see a Solidity method that has an argument of type array, always check for 3 things:
1. What if the array length is 0?
2. What if there are duplicated elements in the array?
3. What if there are zero value elements in the array?
@EthSecurity1
1. What if the array length is 0?
2. What if there are duplicated elements in the array?
3. What if there are zero value elements in the array?
@EthSecurity1
Forwarded from EthSecurity
Heads up! Some Curve ETH pools have a major bug that allows an attacker to manipulate the virtual_price.
https://twitter.com/danielvf/status/1657019677544001536?s=19
@EthSecurity1
https://twitter.com/danielvf/status/1657019677544001536?s=19
@EthSecurity1
X (formerly Twitter)
Daniel Von Fange (@danielvf) on X
Heads up! Some Curve ETH pools have a major bug that allows an attacker to manipulate the virtual_price.
This includes the largest pool on Curve.
1/5
This includes the largest pool on Curve.
1/5
👍1
Audit checklists for CDP( Collaterized Debt Positions)
Give it a star🙏
https://github.com/Decurity/audit-checklists/blob/master/cdp.md
Give it a star🙏
https://github.com/Decurity/audit-checklists/blob/master/cdp.md
👌1
Multichain Auditor
Observations and tips for auditing protocols on multiple chains 🧐
https://github.com/0xJuancito/multichain-auditor
Observations and tips for auditing protocols on multiple chains 🧐
https://github.com/0xJuancito/multichain-auditor
GitHub
GitHub - 0xJuancito/multichain-auditor: Observations and tips checklist for auditing protocols on multiple chains 🧐
Observations and tips checklist for auditing protocols on multiple chains 🧐 - 0xJuancito/multichain-auditor
👍5
Solidity Security: Comprehensive list of known attack vectors and common anti-patterns
This is an in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity developers in an effort to prevent future devs from repeating history.
https://blog.sigmaprime.io/solidity-security.html
@ethers_security
This is an in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity developers in an effort to prevent future devs from repeating history.
https://blog.sigmaprime.io/solidity-security.html
@ethers_security
Sigma Prime
Solidity Security: Comprehensive list of known attack vectors and common anti-patterns
This post aims to be a relatively in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity...
❤3👍2
Typical vulnerabilities in LSD(not a drug, but Liquid Staking Derivatives) protocols. Check it out 😁🙏
https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175
https://mixbytes.io/blog/liquid
@ethers_security
https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175
https://mixbytes.io/blog/liquid
@ethers_security
Medium
Typical vulnerabilities in LSD protocols
In this article, we will examine the security aspects of widely used Liquid Staking Derivatives (LSD) protocols.
🤣5🔥2👍1
Daily Security pinned «Typical vulnerabilities in LSD(not a drug, but Liquid Staking Derivatives) protocols. Check it out 😁🙏 https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175 https://mixbytes.io/blog/liquid @ethers_security»
Forwarded from Vladimir S. | Officer's Channel (officercia)
GM!
This article is a thorough examination of the subject that will teach you what Read-only Reentrancy is, how to detect it, and how to effectively defend your project and users against it!
Check it out:
• blog.pessimistic.io/read-only-reentrancy-in-depth-6ea7e9d78e85?1
#security #audit #web3
This article is a thorough examination of the subject that will teach you what Read-only Reentrancy is, how to detect it, and how to effectively defend your project and users against it!
Check it out:
• blog.pessimistic.io/read-only-reentrancy-in-depth-6ea7e9d78e85?1
#security #audit #web3
Medium
Read-only Reentrancy: In-Depth
This manual is a thorough examination of the subject that will teach you what Read-only Reentrancy is, how to detect it, and how to…
❤1👍1
Forwarded from Vladimir S. | Officer's Channel (officercia)
^ We just optimized the read-only reentrancy detector: github.com/pessimistic-io/slitherin/blob/master/docs/readonly_reentrancy.md!
According to our benchmark the FP rate decreased down to 1%!
#security
According to our benchmark the FP rate decreased down to 1%!
#security
GitHub
slitherin/docs/readonly_reentrancy.md at master · pessimistic-io/slitherin
Slither Detectors by Pessimistic.io. Contribute to pessimistic-io/slitherin development by creating an account on GitHub.
Forwarded from EthSecurity
Here are some key auditing tips and insights :
1. Understand the System: Before starting the audit, it's important to understand the
system you're auditing. This includes understanding the high-level overview of the system, how it works, and what makes it unique. In the case of Asteria, understanding the roles of different players in the system, how vaults exist, how loans are represented, and how liquidations work was crucial.
2. Identify Complexities: Identify the complexities in the system. For example Asteria, the
complexities included calls going back and forth between contracts, the system being almost entirely stateless, and the need for accurate total assets of the vault.
3. Look for Vulnerabilities: Look for vulnerabilities in the system. In the case of Asteria, vulnerabilities were found in the delegate role, the stateless system, the Seaport auctions, and the ERC4626 calculations.
4. Learn from Mistakes: Learn from the mistakes made in the system. For Asteria, mistakes were made in not using EC recover properly, having a lot of data inputted, having many different entry points using shared back-end logic, and not resetting variables when changing hands.
5. Implement Fixes: Implement fixes for the vulnerabilities found. For Asteria, fixes included adding checks, getting rid of certain functions, adding unchecked blocks, and changing the way the Seaport liquidations work.
6. Test Thoroughly: Ensure thorough testing is done to cover all edge cases. In the case of Asteria, while they had done the hard parts of testing, they could have done more thorough testing to ensure all edge cases were covered.
7. Rebuild if Necessary: If the product has evolved a lot and more features have been added, it might be beneficial to rebuild or rethink the system from first principles. This
can help ensure that all functionalities are encoded in shared logic and that all validations are rock solid.
8. Stay Updated: Stay updated with the latest vulnerabilities and fixes in the blockchain and smart contract space. This can help you identify potential vulnerabilities in the system you're auditing.
Remember, auditing is a complex process that requires a deep understanding of the system, a keen eye for detail, and a thorough approach to testing. @EthSecurity1
1. Understand the System: Before starting the audit, it's important to understand the
system you're auditing. This includes understanding the high-level overview of the system, how it works, and what makes it unique. In the case of Asteria, understanding the roles of different players in the system, how vaults exist, how loans are represented, and how liquidations work was crucial.
2. Identify Complexities: Identify the complexities in the system. For example Asteria, the
complexities included calls going back and forth between contracts, the system being almost entirely stateless, and the need for accurate total assets of the vault.
3. Look for Vulnerabilities: Look for vulnerabilities in the system. In the case of Asteria, vulnerabilities were found in the delegate role, the stateless system, the Seaport auctions, and the ERC4626 calculations.
4. Learn from Mistakes: Learn from the mistakes made in the system. For Asteria, mistakes were made in not using EC recover properly, having a lot of data inputted, having many different entry points using shared back-end logic, and not resetting variables when changing hands.
5. Implement Fixes: Implement fixes for the vulnerabilities found. For Asteria, fixes included adding checks, getting rid of certain functions, adding unchecked blocks, and changing the way the Seaport liquidations work.
6. Test Thoroughly: Ensure thorough testing is done to cover all edge cases. In the case of Asteria, while they had done the hard parts of testing, they could have done more thorough testing to ensure all edge cases were covered.
7. Rebuild if Necessary: If the product has evolved a lot and more features have been added, it might be beneficial to rebuild or rethink the system from first principles. This
can help ensure that all functionalities are encoded in shared logic and that all validations are rock solid.
8. Stay Updated: Stay updated with the latest vulnerabilities and fixes in the blockchain and smart contract space. This can help you identify potential vulnerabilities in the system you're auditing.
Remember, auditing is a complex process that requires a deep understanding of the system, a keen eye for detail, and a thorough approach to testing. @EthSecurity1
👍7❤1
Forwarded from nikitakle
Uniswap v4 research, here are some interesting observations that have been noted by our development team so far :
1️⃣ The behavior of a hook can vary.
To ensure the pool works correctly with the hook, it is necessary to deploy the hook in a way that obtains the correct initial bits of its address. This requires mining the addresses for hooks contracts: https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Hooks.sol#L8
2️⃣ Another interesting point: the Uniswap team implemented the SafeTransfer part in a similar way to Algebra V2.0, which caused some integration issues on zksync Era:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/CurrencyLibrary.sol#L36-L56
(Luckily enough, zkSync ended up releasing a compiler update)
3️⃣ It is worth noting that Uniswap chose to keep the bitmap as the data structure for the ticks, while we prefer using a doubly linked list, which makes large swaps cheaper with our model: https://github.com/Uniswap/v4-core/blob/main/contracts/libraries/TickBitmap.sol
Without the doubly linked list, there are additional iterations during the swap, which is not seen in the Algebra V2 code:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L422
4️⃣ What’s more? #UniV4 decided to remove all the side information from the ticks. Previously, it contained additional data that could be used to calculate various statistics, but traders had to pay for it. In the fourth implementation of Uniswap, such data will not be stored:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L80-L89
5️⃣ It is not entirely clear why the #Uni team prefers to initialize this structure in memory with every iteration of the loop, instead of making one and reusing it. Maybe they prefer to sacrifice gas efficiency for a more ‘readable’ code?
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#LL417C37-L417C41
1️⃣ The behavior of a hook can vary.
To ensure the pool works correctly with the hook, it is necessary to deploy the hook in a way that obtains the correct initial bits of its address. This requires mining the addresses for hooks contracts: https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Hooks.sol#L8
2️⃣ Another interesting point: the Uniswap team implemented the SafeTransfer part in a similar way to Algebra V2.0, which caused some integration issues on zksync Era:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/CurrencyLibrary.sol#L36-L56
(Luckily enough, zkSync ended up releasing a compiler update)
3️⃣ It is worth noting that Uniswap chose to keep the bitmap as the data structure for the ticks, while we prefer using a doubly linked list, which makes large swaps cheaper with our model: https://github.com/Uniswap/v4-core/blob/main/contracts/libraries/TickBitmap.sol
Without the doubly linked list, there are additional iterations during the swap, which is not seen in the Algebra V2 code:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L422
4️⃣ What’s more? #UniV4 decided to remove all the side information from the ticks. Previously, it contained additional data that could be used to calculate various statistics, but traders had to pay for it. In the fourth implementation of Uniswap, such data will not be stored:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L80-L89
5️⃣ It is not entirely clear why the #Uni team prefers to initialize this structure in memory with every iteration of the loop, instead of making one and reusing it. Maybe they prefer to sacrifice gas efficiency for a more ‘readable’ code?
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#LL417C37-L417C41
GitHub
v4-core/contracts/libraries/Hooks.sol at 2f9b30663b53c0165cd6d34651d8ff13287667c4 · Uniswap/v4-core
🦄 🦄 🦄 🦄 Core smart contracts of Uniswap v4. Contribute to Uniswap/v4-core development by creating an account on GitHub.
❤1