Forwarded from EthSecurity
If you see a Solidity method that has an argument of type array, always check for 3 things:
1. What if the array length is 0?
2. What if there are duplicated elements in the array?
3. What if there are zero value elements in the array?
@EthSecurity1
1. What if the array length is 0?
2. What if there are duplicated elements in the array?
3. What if there are zero value elements in the array?
@EthSecurity1
Forwarded from EthSecurity
Heads up! Some Curve ETH pools have a major bug that allows an attacker to manipulate the virtual_price.
https://twitter.com/danielvf/status/1657019677544001536?s=19
@EthSecurity1
https://twitter.com/danielvf/status/1657019677544001536?s=19
@EthSecurity1
X (formerly Twitter)
Daniel Von Fange (@danielvf) on X
Heads up! Some Curve ETH pools have a major bug that allows an attacker to manipulate the virtual_price.
This includes the largest pool on Curve.
1/5
This includes the largest pool on Curve.
1/5
👍1
Audit checklists for CDP( Collaterized Debt Positions)
Give it a star🙏
https://github.com/Decurity/audit-checklists/blob/master/cdp.md
Give it a star🙏
https://github.com/Decurity/audit-checklists/blob/master/cdp.md
👌1
Multichain Auditor
Observations and tips for auditing protocols on multiple chains 🧐
https://github.com/0xJuancito/multichain-auditor
Observations and tips for auditing protocols on multiple chains 🧐
https://github.com/0xJuancito/multichain-auditor
GitHub
GitHub - 0xJuancito/multichain-auditor: Observations and tips checklist for auditing protocols on multiple chains 🧐
Observations and tips checklist for auditing protocols on multiple chains 🧐 - 0xJuancito/multichain-auditor
👍5
Solidity Security: Comprehensive list of known attack vectors and common anti-patterns
This is an in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity developers in an effort to prevent future devs from repeating history.
https://blog.sigmaprime.io/solidity-security.html
@ethers_security
This is an in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity developers in an effort to prevent future devs from repeating history.
https://blog.sigmaprime.io/solidity-security.html
@ethers_security
Sigma Prime
Solidity Security: Comprehensive list of known attack vectors and common anti-patterns
This post aims to be a relatively in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity...
❤3👍2
Typical vulnerabilities in LSD(not a drug, but Liquid Staking Derivatives) protocols. Check it out 😁🙏
https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175
https://mixbytes.io/blog/liquid
@ethers_security
https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175
https://mixbytes.io/blog/liquid
@ethers_security
Medium
Typical vulnerabilities in LSD protocols
In this article, we will examine the security aspects of widely used Liquid Staking Derivatives (LSD) protocols.
🤣5🔥2👍1
Daily Security pinned «Typical vulnerabilities in LSD(not a drug, but Liquid Staking Derivatives) protocols. Check it out 😁🙏 https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175 https://mixbytes.io/blog/liquid @ethers_security»
Forwarded from Vladimir S. | Officer's Channel (officercia)
GM!
This article is a thorough examination of the subject that will teach you what Read-only Reentrancy is, how to detect it, and how to effectively defend your project and users against it!
Check it out:
• blog.pessimistic.io/read-only-reentrancy-in-depth-6ea7e9d78e85?1
#security #audit #web3
This article is a thorough examination of the subject that will teach you what Read-only Reentrancy is, how to detect it, and how to effectively defend your project and users against it!
Check it out:
• blog.pessimistic.io/read-only-reentrancy-in-depth-6ea7e9d78e85?1
#security #audit #web3
Medium
Read-only Reentrancy: In-Depth
This manual is a thorough examination of the subject that will teach you what Read-only Reentrancy is, how to detect it, and how to…
❤1👍1
Forwarded from Vladimir S. | Officer's Channel (officercia)
^ We just optimized the read-only reentrancy detector: github.com/pessimistic-io/slitherin/blob/master/docs/readonly_reentrancy.md!
According to our benchmark the FP rate decreased down to 1%!
#security
According to our benchmark the FP rate decreased down to 1%!
#security
GitHub
slitherin/docs/readonly_reentrancy.md at master · pessimistic-io/slitherin
Slither Detectors by Pessimistic.io. Contribute to pessimistic-io/slitherin development by creating an account on GitHub.
Forwarded from EthSecurity
Here are some key auditing tips and insights :
1. Understand the System: Before starting the audit, it's important to understand the
system you're auditing. This includes understanding the high-level overview of the system, how it works, and what makes it unique. In the case of Asteria, understanding the roles of different players in the system, how vaults exist, how loans are represented, and how liquidations work was crucial.
2. Identify Complexities: Identify the complexities in the system. For example Asteria, the
complexities included calls going back and forth between contracts, the system being almost entirely stateless, and the need for accurate total assets of the vault.
3. Look for Vulnerabilities: Look for vulnerabilities in the system. In the case of Asteria, vulnerabilities were found in the delegate role, the stateless system, the Seaport auctions, and the ERC4626 calculations.
4. Learn from Mistakes: Learn from the mistakes made in the system. For Asteria, mistakes were made in not using EC recover properly, having a lot of data inputted, having many different entry points using shared back-end logic, and not resetting variables when changing hands.
5. Implement Fixes: Implement fixes for the vulnerabilities found. For Asteria, fixes included adding checks, getting rid of certain functions, adding unchecked blocks, and changing the way the Seaport liquidations work.
6. Test Thoroughly: Ensure thorough testing is done to cover all edge cases. In the case of Asteria, while they had done the hard parts of testing, they could have done more thorough testing to ensure all edge cases were covered.
7. Rebuild if Necessary: If the product has evolved a lot and more features have been added, it might be beneficial to rebuild or rethink the system from first principles. This
can help ensure that all functionalities are encoded in shared logic and that all validations are rock solid.
8. Stay Updated: Stay updated with the latest vulnerabilities and fixes in the blockchain and smart contract space. This can help you identify potential vulnerabilities in the system you're auditing.
Remember, auditing is a complex process that requires a deep understanding of the system, a keen eye for detail, and a thorough approach to testing. @EthSecurity1
1. Understand the System: Before starting the audit, it's important to understand the
system you're auditing. This includes understanding the high-level overview of the system, how it works, and what makes it unique. In the case of Asteria, understanding the roles of different players in the system, how vaults exist, how loans are represented, and how liquidations work was crucial.
2. Identify Complexities: Identify the complexities in the system. For example Asteria, the
complexities included calls going back and forth between contracts, the system being almost entirely stateless, and the need for accurate total assets of the vault.
3. Look for Vulnerabilities: Look for vulnerabilities in the system. In the case of Asteria, vulnerabilities were found in the delegate role, the stateless system, the Seaport auctions, and the ERC4626 calculations.
4. Learn from Mistakes: Learn from the mistakes made in the system. For Asteria, mistakes were made in not using EC recover properly, having a lot of data inputted, having many different entry points using shared back-end logic, and not resetting variables when changing hands.
5. Implement Fixes: Implement fixes for the vulnerabilities found. For Asteria, fixes included adding checks, getting rid of certain functions, adding unchecked blocks, and changing the way the Seaport liquidations work.
6. Test Thoroughly: Ensure thorough testing is done to cover all edge cases. In the case of Asteria, while they had done the hard parts of testing, they could have done more thorough testing to ensure all edge cases were covered.
7. Rebuild if Necessary: If the product has evolved a lot and more features have been added, it might be beneficial to rebuild or rethink the system from first principles. This
can help ensure that all functionalities are encoded in shared logic and that all validations are rock solid.
8. Stay Updated: Stay updated with the latest vulnerabilities and fixes in the blockchain and smart contract space. This can help you identify potential vulnerabilities in the system you're auditing.
Remember, auditing is a complex process that requires a deep understanding of the system, a keen eye for detail, and a thorough approach to testing. @EthSecurity1
👍7❤1
Forwarded from nikitakle
Uniswap v4 research, here are some interesting observations that have been noted by our development team so far :
1️⃣ The behavior of a hook can vary.
To ensure the pool works correctly with the hook, it is necessary to deploy the hook in a way that obtains the correct initial bits of its address. This requires mining the addresses for hooks contracts: https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Hooks.sol#L8
2️⃣ Another interesting point: the Uniswap team implemented the SafeTransfer part in a similar way to Algebra V2.0, which caused some integration issues on zksync Era:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/CurrencyLibrary.sol#L36-L56
(Luckily enough, zkSync ended up releasing a compiler update)
3️⃣ It is worth noting that Uniswap chose to keep the bitmap as the data structure for the ticks, while we prefer using a doubly linked list, which makes large swaps cheaper with our model: https://github.com/Uniswap/v4-core/blob/main/contracts/libraries/TickBitmap.sol
Without the doubly linked list, there are additional iterations during the swap, which is not seen in the Algebra V2 code:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L422
4️⃣ What’s more? #UniV4 decided to remove all the side information from the ticks. Previously, it contained additional data that could be used to calculate various statistics, but traders had to pay for it. In the fourth implementation of Uniswap, such data will not be stored:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L80-L89
5️⃣ It is not entirely clear why the #Uni team prefers to initialize this structure in memory with every iteration of the loop, instead of making one and reusing it. Maybe they prefer to sacrifice gas efficiency for a more ‘readable’ code?
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#LL417C37-L417C41
1️⃣ The behavior of a hook can vary.
To ensure the pool works correctly with the hook, it is necessary to deploy the hook in a way that obtains the correct initial bits of its address. This requires mining the addresses for hooks contracts: https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Hooks.sol#L8
2️⃣ Another interesting point: the Uniswap team implemented the SafeTransfer part in a similar way to Algebra V2.0, which caused some integration issues on zksync Era:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/CurrencyLibrary.sol#L36-L56
(Luckily enough, zkSync ended up releasing a compiler update)
3️⃣ It is worth noting that Uniswap chose to keep the bitmap as the data structure for the ticks, while we prefer using a doubly linked list, which makes large swaps cheaper with our model: https://github.com/Uniswap/v4-core/blob/main/contracts/libraries/TickBitmap.sol
Without the doubly linked list, there are additional iterations during the swap, which is not seen in the Algebra V2 code:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L422
4️⃣ What’s more? #UniV4 decided to remove all the side information from the ticks. Previously, it contained additional data that could be used to calculate various statistics, but traders had to pay for it. In the fourth implementation of Uniswap, such data will not be stored:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L80-L89
5️⃣ It is not entirely clear why the #Uni team prefers to initialize this structure in memory with every iteration of the loop, instead of making one and reusing it. Maybe they prefer to sacrifice gas efficiency for a more ‘readable’ code?
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#LL417C37-L417C41
GitHub
v4-core/contracts/libraries/Hooks.sol at 2f9b30663b53c0165cd6d34651d8ff13287667c4 · Uniswap/v4-core
🦄 🦄 🦄 🦄 Core smart contracts of Uniswap v4. Contribute to Uniswap/v4-core development by creating an account on GitHub.
❤1
🔥3🕊1
"Wallet Security Rating Report to make informed choices about your wallet security". Worth a read🙏
Key insights:
▪️ Incident frequency in bug bounty presence
▪️ How to detect the next Atomic Wallet
▪️ Open- & closed-source incidents comparison & more 👇
https://cer.live/post/crypto-wallet-security-rating-report-key-insights-findings
@ethers_security
Key insights:
▪️ Incident frequency in bug bounty presence
▪️ How to detect the next Atomic Wallet
▪️ Open- & closed-source incidents comparison & more 👇
https://cer.live/post/crypto-wallet-security-rating-report-key-insights-findings
@ethers_security