Ok, Sorry for the bad headline. Back to the topic now… Wintermute was hacked for ~160m a few hours ago. I took a quick look and my best guess is that it was a hot wallet compromise due to the Profanity bug that was publicly disclosed a few days ago by 1inch team. The attack […]
Cream Finance was hacked again on 27th October 2021. Likely for the final time. The attacker stole $130m+ worth of assets from Cream’s lending protocol. The attack was executed over multiple transactions due to block gas limits, but the bulk of it happened in this transaction. This was one of the most sophisticated and cleanly
Creamed Cream – Learn the Secret Recipe (Cream Hack Analysis) Read More »
I will do live security reviews of Ethereum smart contracts and share my approach to auditing on a stream. The live stream is scheduled to start at 3.30 PM GMT on Sunday (22/08/2021). Link: https://www.youtube.com/watch?v=LLiJK_VeAvQ Notes Here are some brief notes that I’ll use as talking points on the stream. A detailed blog post will
The Bug The DutchAuction smart contract inherits the BoringBatchable utility contract that allows callers to batch different calls together. There is a commitEth function in the auction contract that uses msg.value to know the amount of ETH commited by the user. If the user commits more ETH than the contract’s capacity, the contract refunds the
A peek inside the MISO war room – $350m incident response story Read More »
On 10th August 2021, Poly Network suffered from a hack that caused a loss of over 600 million dollars. The hack happened across multiple blockchains including Ethereum, Binance Smart Chain, and Polygon. This is the largest crypto hack yet. Poly Network is a Blockchain interoperability project that allows people to send transactions across blockchains. One
Poly Network Hack Analysis – Largest Crypto Hack Read More »
Solidity is a special language with many little quirks. A lot of things behave differently in Solidity than most other languages as Solidity is created to work on the EVM with its limited feature set. I wrote a blog post with ten tips to save gas in Solidity a few months back and it got a great
Solidity tips and tricks to save gas and reduce bytecode size Read More »
The Görli testnet The Görli testnet is the first cross-client proof-of-authority network for Ethereum. It is based on the Clique PoA protocol. It was launched on 31 January 2019 at the GörliCon. The development is led by Chainsafe Systems + Afri Schoedon from Parity but there are dozens of more contributors that helped in making
The latest version of Solidity kickstarted a season of upgrades in the BUIDL space. The latest version of solidity essentially meant that all your smart contracts are now broken. It all seemed ok though; just a couple day’s work to get caught up. Then, just before Christmas came Truffle 5 with support for solidity 0.5 and web3 beta, and
A dev’s journey from Truffle 4 to the unknown world of Truffle 5 Read More »
Solidity 0.5.X is here with a lot of features and breaking changes. Making all the changes to your solidity code manually, especially adding the explicitness requirements can be really cumbersome (and boring) for large projects. This is why I decided to make a codemod for Solidity that does most of the work for you. It’s
[Tool] Refactor your solidity 0.4.x code to solidity 0.5.x code Read More »
Syncing an Ethereum full node has become painfully slow as the size of a full node folder has increased to over 130 GB and is continually increasing. Optimizing your configuration can save you hours or even days of sync times. I had to sync a few nodes a couple of weeks back, so I started tuning
Optimal Parity Config for Syncing an Ethereum full node quickly Read More »