Forwarded from nikitakle
Uniswap v4 research, here are some interesting observations that have been noted by our development team so far :
1️⃣ The behavior of a hook can vary.
To ensure the pool works correctly with the hook, it is necessary to deploy the hook in a way that obtains the correct initial bits of its address. This requires mining the addresses for hooks contracts: https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Hooks.sol#L8
2️⃣ Another interesting point: the Uniswap team implemented the SafeTransfer part in a similar way to Algebra V2.0, which caused some integration issues on zksync Era:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/CurrencyLibrary.sol#L36-L56
(Luckily enough, zkSync ended up releasing a compiler update)
3️⃣ It is worth noting that Uniswap chose to keep the bitmap as the data structure for the ticks, while we prefer using a doubly linked list, which makes large swaps cheaper with our model: https://github.com/Uniswap/v4-core/blob/main/contracts/libraries/TickBitmap.sol
Without the doubly linked list, there are additional iterations during the swap, which is not seen in the Algebra V2 code:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L422
4️⃣ What’s more? #UniV4 decided to remove all the side information from the ticks. Previously, it contained additional data that could be used to calculate various statistics, but traders had to pay for it. In the fourth implementation of Uniswap, such data will not be stored:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L80-L89
5️⃣ It is not entirely clear why the #Uni team prefers to initialize this structure in memory with every iteration of the loop, instead of making one and reusing it. Maybe they prefer to sacrifice gas efficiency for a more ‘readable’ code?
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#LL417C37-L417C41
1️⃣ The behavior of a hook can vary.
To ensure the pool works correctly with the hook, it is necessary to deploy the hook in a way that obtains the correct initial bits of its address. This requires mining the addresses for hooks contracts: https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Hooks.sol#L8
2️⃣ Another interesting point: the Uniswap team implemented the SafeTransfer part in a similar way to Algebra V2.0, which caused some integration issues on zksync Era:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/CurrencyLibrary.sol#L36-L56
(Luckily enough, zkSync ended up releasing a compiler update)
3️⃣ It is worth noting that Uniswap chose to keep the bitmap as the data structure for the ticks, while we prefer using a doubly linked list, which makes large swaps cheaper with our model: https://github.com/Uniswap/v4-core/blob/main/contracts/libraries/TickBitmap.sol
Without the doubly linked list, there are additional iterations during the swap, which is not seen in the Algebra V2 code:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L422
4️⃣ What’s more? #UniV4 decided to remove all the side information from the ticks. Previously, it contained additional data that could be used to calculate various statistics, but traders had to pay for it. In the fourth implementation of Uniswap, such data will not be stored:
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#L80-L89
5️⃣ It is not entirely clear why the #Uni team prefers to initialize this structure in memory with every iteration of the loop, instead of making one and reusing it. Maybe they prefer to sacrifice gas efficiency for a more ‘readable’ code?
https://github.com/Uniswap/v4-core/blob/2f9b30663b53c0165cd6d34651d8ff13287667c4/contracts/libraries/Pool.sol#LL417C37-L417C41
GitHub
v4-core/contracts/libraries/Hooks.sol at 2f9b30663b53c0165cd6d34651d8ff13287667c4 · Uniswap/v4-core
🦄 🦄 🦄 🦄 Core smart contracts of Uniswap v4. Contribute to Uniswap/v4-core development by creating an account on GitHub.
❤1
🔥3🕊1
"Wallet Security Rating Report to make informed choices about your wallet security". Worth a read🙏
Key insights:
▪️ Incident frequency in bug bounty presence
▪️ How to detect the next Atomic Wallet
▪️ Open- & closed-source incidents comparison & more 👇
https://cer.live/post/crypto-wallet-security-rating-report-key-insights-findings
@ethers_security
Key insights:
▪️ Incident frequency in bug bounty presence
▪️ How to detect the next Atomic Wallet
▪️ Open- & closed-source incidents comparison & more 👇
https://cer.live/post/crypto-wallet-security-rating-report-key-insights-findings
@ethers_security
New toys
ZK Bugs Tracker.
"A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto"
https://github.com/0xPARC/zk-bug-tracker
Auditing zkEVM and it's attack surfaces
https://www.youtube.com/watch?v=cxx7PJ4vhZM
Algebraic attacks on zk hash functions
https://www.zellic.io/blog/algebraic-attacks-on-zk-hash-functions
@ethers_security
ZK Bugs Tracker.
"A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto"
https://github.com/0xPARC/zk-bug-tracker
Auditing zkEVM and it's attack surfaces
https://www.youtube.com/watch?v=cxx7PJ4vhZM
Algebraic attacks on zk hash functions
https://www.zellic.io/blog/algebraic-attacks-on-zk-hash-functions
@ethers_security
GitHub
GitHub - 0xPARC/zk-bug-tracker: A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto.
A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto. - 0xPARC/zk-bug-tracker
👍5
A Diffusc tool from TrailOfBits for Differential fuzzing
"It's a differential fuzzer built on top of Echidna and Slither to ease the review of smart contracts upgrades"
https://blog.trailofbits.com/2023/07/07/differential-fuzz-testing-upgradeable-smart-contracts-with-diffusc/
@ethers_security
"It's a differential fuzzer built on top of Echidna and Slither to ease the review of smart contracts upgrades"
https://blog.trailofbits.com/2023/07/07/differential-fuzz-testing-upgradeable-smart-contracts-with-diffusc/
@ethers_security
The Trail of Bits Blog
Differential fuzz testing upgradeable smart contracts with Diffusc
On March 28, 2023, SafeMoon, a self-styled “community-focused DeFi token” on Binance Smart Chain, lost the equivalent of $8.9 million in Binance Coin BNB to an exploit in a liquidity pool. The exploit leveraged a simple error introduced in an upgrade to SafeMoon’s…
🔥6🍌2
Arbiter is a tool build by Primitivefinance in order to rigorously test the performance and security of their own protocol. Arbiter is pure Rust. It uses a Rust-based EVM called revm in order to run smart contracts directly (revm is used inside of the Anvil testnet and RETH client).
They use revm without any overhead of a network, thus providing a speed benefit and allowing to directly test contracts so that you:
- Do not have to re-implement a copy protocol in another language
- Can test every aspect of the protocol with EVM parity
- See how contracts behave in a realistic on-chain-like scenarios with agents and other contracts
@ethers_security
The tool: https://github.com/primitivefinance/arbiter
They use revm without any overhead of a network, thus providing a speed benefit and allowing to directly test contracts so that you:
- Do not have to re-implement a copy protocol in another language
- Can test every aspect of the protocol with EVM parity
- See how contracts behave in a realistic on-chain-like scenarios with agents and other contracts
@ethers_security
The tool: https://github.com/primitivefinance/arbiter
GitHub
GitHub - harnesslabs/arbiter: Multi-agent framework for design, simulation, and auditing.
Multi-agent framework for design, simulation, and auditing. - harnesslabs/arbiter
👍2
Forwarded from EthSecurity
Arbiter - EVM logic simulator for security and performance testing @EthSecurity1
YouTube
Arbiter - EVM logic simulator for security and performance testing
Arbiter is a tool build by Primitivefinance in order to rigorously test the performance and security of their own protocol. Arbiter is pure Rust. It uses a Rust-based EVM called revm in order to run smart contracts directly (revm is used inside of the Anvil…
It is a mutation testing tool designed for the circom programming language.
This tool primarily revolves around the source-based rewrite of circom code lines to generate mutations.
Currently, it operates by utilizing regular expressions to treat the code as text. This methodology may evolve in the future, potentially incorporating the transpiling of circom circuits into an intermediate representation to enable deeper analyses.
The majority of mutators are based on:
- 0xPARC's ZK Bug Tracker
- Circomspect's analysis passes
- yAcademy ZK Fellowship audits
For instance, certain circuits may permit an attacker to create fake witnesses by randomly selecting edge cases (such as zero point, points at infinity, or additions with p & -p). These circuits will expect app developers to perform these verifications.
Nevertheless, it remains important to verify that failures detected by circom-mutator are indeed false positives, rather than a result of insufficient test coverage
@ethers_security
https://github.com/aviggiano/circom-mutator#readme
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - 0xPARC/zk-bug-tracker: A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto.
A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto. - 0xPARC/zk-bug-tracker
❤3
What is Caracal?
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.
What about its Features?
👉Detectors to detect vulnerable Cairo code
👉Printers to report information
👉Taint analysis
👉Data flow analysis framework
👉Easy to run in Scarb projects
Any overview of its detectors?
1) controlled-library-call
Library calls with a user controlled class hash
2) unchecked-l1-handler-from
Detect L1 handlers without from address check
3) reentrancy
Detect when a storage variable is read before an external call and written after
4) unused-events
Events defined but not emitted
5) unused-return
Unused return values
6) unenforced-view
Function has view decorator but modifies state
7) unused-arguments
Unused arguments
8) reentrancy-benign
Detect when a storage variable is written after an external call but not read before
9) reentrancy-events
Detect when an event is emitted after an external call leading to out-of-order events
10) dead-code
Private functions never used
More info on how to install it and its limitations can be found in the repo below 👇
https://github.com/crytic/caracal
@ethers_security
Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts.
What about its Features?
👉Detectors to detect vulnerable Cairo code
👉Printers to report information
👉Taint analysis
👉Data flow analysis framework
👉Easy to run in Scarb projects
Any overview of its detectors?
1) controlled-library-call
Library calls with a user controlled class hash
2) unchecked-l1-handler-from
Detect L1 handlers without from address check
3) reentrancy
Detect when a storage variable is read before an external call and written after
4) unused-events
Events defined but not emitted
5) unused-return
Unused return values
6) unenforced-view
Function has view decorator but modifies state
7) unused-arguments
Unused arguments
8) reentrancy-benign
Detect when a storage variable is written after an external call but not read before
9) reentrancy-events
Detect when an event is emitted after an external call leading to out-of-order events
10) dead-code
Private functions never used
More info on how to install it and its limitations can be found in the repo below 👇
https://github.com/crytic/caracal
@ethers_security
GitHub
GitHub - crytic/caracal: Static Analyzer for Starknet smart contracts
Static Analyzer for Starknet smart contracts. Contribute to crytic/caracal development by creating an account on GitHub.
Forwarded from Sun (Will never DM first)
Web3 DevSecOps is very important!
https://twitter.com/1nf0s3cpt/status/1684573117765898242
https://twitter.com/1nf0s3cpt/status/1684573117765898242
X (formerly Twitter)
SunSec (@1nf0s3cpt) on X
Web3 DevSecOps is very important!
I have learned a lot during the process of deploying the Protocol to the Mainnet recently.
I will share some thoughts on how to protect your protocol in🧵
#web3sec #devops #sre
I have learned a lot during the process of deploying the Protocol to the Mainnet recently.
I will share some thoughts on how to protect your protocol in🧵
#web3sec #devops #sre
❤3
Some people are still unaware of this masterpiece. Hopefully, you ain't one of them. If you are, it's not too late to start using it 🙏
https://medium.com/cyfrin/the-best-security-education-tool-in-web3-dd23717fbe58
@ethers_security
https://medium.com/cyfrin/the-best-security-education-tool-in-web3-dd23717fbe58
@ethers_security
Medium
The Best Security Education Tool in Web3
The Birth of Solodit, the best smart contract security audit tool in Web3
NFTek News 🗞️ NFTek.eth
https://nftnow.com/news/sim-swap-attacks-rising-in-web3/
GitHub
GitHub - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap: Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec…
Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome. - OffcierCia/Crypto-OpSec-SelfGuard-RoadMap
🔥2❤1👍1
Forwarded from Vladimir S. | Officer's Channel (officercia)
2nd part is out 👀
Link: officercia.mirror.xyz/AoRdvL3Lp5K5JHjlgpWaOHo_CehH-amZSAm9pxuFdwQ
More at @officercia 🫡️️
#security #audit
Link: officercia.mirror.xyz/AoRdvL3Lp5K5JHjlgpWaOHo_CehH-amZSAm9pxuFdwQ
More at @officercia 🫡️️
#security #audit
👍3