🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The root cause of the Impermax attack is the mispricing of Uniswap V3 NFTs. The way it's pricing its NFT is using fair-pricing (which is robust against flashloan attacks!), but the fees' value are directly calculated: price = (amount0_after_fair_pricing + fee0) *

Shout out immeas Jorgect.uni.eth fantastic work on Cyfrin Audits YieldFi CCIP private audit! YieldFi added CCIP to their existing LayerZero; we found 2 Crits & 4 Lows related to their CCIP integration plus a bunch of other findings mostly related to ERC4626🚀 Report👇

To make contests and audits easier for SRs, I have created a VS code boilerplate with 500+ test ideas for Yield, Staking, and Bridge vulnerabilities. These ideas are based on 30+ public & private security reviews, aggregated via Solodit 🟪. x.com/0xShaedyW/stat…

Most full-time auditors quit their lives to go all into security, imagine how bad it gets when the overall compensation crashes because of misaligned incentives and exploitation. Money moves this space, it does its own marketing, decides Leaderboards, let’s keep the rewards fair

🚨 Heads up, Web3 developers! 🚨 As you adopt EIP-7702 Delegation patterns, you should pay attention to how access controls are implemented. Check out this vulnerable DummyDelegation example below:

After 4 years in DeFi, deploying dozens of smart contracts & securing over $1B: We've now open-sourced our handbook, with ALL our best practices, from onboarding guides to security processes Our goal: Help raise the ecosystem's standard handbook.defi.sucks Read below 🧵

This is the entire POC for an EIP-7702 type 4 SIGNATURE to destroy all your tokens. You don't even have to send a transaction. In this POC you'd spend 0 gas, and a hacker could steal everything! The good news is that most wallets don't support doing what's shown here 👇

Was looking for a clear cryptography guide. Couldn’t find one — so I made one. No SEO, no links, just pure knowledge in one place. Check it out. medium.com/@tomarpari90/c…

A zero-day on Solana nearly enabled unlimited token minting via forged ZK proofs. Coordinated validator response patched it in under 48 hours. Here's the post-mortem of a bug that could’ve nuked trust in Confidential Transfers:

We're finally announcing the winners for our track at the [redacted] hackathon! Our track was about Reverse Engineering Closed Source Solana Programs. We were seeking improvements to Solana's reverse engineering tooling and knowledge ecosystem -- anything that would help a

🧵How memory works under the hood in the EVM and how this knowledge led me to recently discover a ✨critical vulnerability✨ Oh and if you're new to assembly, don't worry, it's simpler than you think Memory Layout Starting with the basics, Solidity reserves the following 4

Just released evmstate, a TypeScript library to trace & visualize state changes on EVM chains, with human-readable labels (variable names, mapping keys, decoded values, etc).

Seeing the first malicious EIP-7702 delegators being added to private key leaked victim addresses that revert on ETH transfers to prevent an "easy" rescue of locked funds. They first drain all the ETH and then authorise such a malicious delegator contract with a permissioned

After investigating the Cetus exploit transaction, I believe I have identified the root cause of the bug. The issue stems from a type casting from u256 to u64 within the get_amount_by_liquidity function.

A great blog explaining how to fetch Prices from Oracles. Explaining all possible scenarios, best practices, etc... I recommend checking it. 0xmacro.com/blog/how-to-co…

.Usual encountered arbitrage exploitation, NOT a vulnerability exploit, with a total loss of about $40,000. This time, the impact of public opinion seems more severe than the issue itself. Specifically, this is because the exchange ratios for $USD0++ and $USD0 differ

Things I tell people about AMMs: (running list)

guys?

Today, we introduce a new thesis: MEV has become the dominant limit to scaling blockchains. Spectacularly wasteful onchain searching is starting to consume most of the capacity of most high-throughput blockchains. This is a market failure we can no longer ignore.

[1/5] I FOUND CRITICAL BUG IN BUY FUNCTION🚨 INNOCENT CODE: rate = ((sqrtPriceX96 * 1e18)>>96) * ((sqrtPriceX96 * 1e18)>>96); rate = rate * 10**12 / 10**36; Looks Good, right? Just some math operations... WRONG. This code misunderstands Uniswap V3's sqrtPriceX96. Poc Below 👇