CharlesWang (@0xcharleswang) 's Twitter Profile
CharlesWang

@0xcharleswang

Securing web3 since 2020 | Over 250 audits conducted | Trusted by the largest protocols | Over 500 high risk findings | Lead auditor @bailsecurity

ID: 1376152818004951041

calendar_today28-03-2021 12:43:01

5,5K Tweet

16,16K Followers

693 Following

CharlesWang (@0xcharleswang) 's Twitter Profile Photo

What are the receive() and fallback() Functions? Smart contracts can receive Ether through different mechanisms, either via direct transfers or by being called with data that doesn't match any existing function signature. Solidity has two specific functions to handle these

What are the receive() and fallback() Functions?

Smart contracts can receive Ether through different mechanisms, either via direct transfers or by being called with data that doesn't match any existing function signature. Solidity has two specific functions to handle these
CharlesWang (@0xcharleswang) 's Twitter Profile Photo

Since I got some questions from actual real-world exploits via ETH denial tweet yesterday, heres an example: Here is a simple example of an auction contract where you can bid and become the highest bidder. Using the ETH denial method, the highestBidder can simply DoS bids.

Since I got some questions from actual real-world exploits via ETH denial tweet yesterday, heres an example:

Here is a simple example of an auction contract where you can bid and become the highest bidder. Using the ETH denial method, the highestBidder can simply DoS bids.
CharlesWang (@0xcharleswang) 's Twitter Profile Photo

Uniswap Labs 🦄 's Universal Router simply explained: Uniswap has a Universal Router which allows users to execute different operations, including but not limited to: - v2 swaps - v3 swaps - wrap/unwrap ETH All of these different operations and more can be invoked the same way: The

<a href="/Uniswap/">Uniswap Labs 🦄</a> 's Universal Router simply explained:

Uniswap has a Universal Router which allows users to execute different operations, including but not limited to:

- v2 swaps
- v3 swaps 
- wrap/unwrap ETH

All of these different operations and more can be invoked the same way:

The
CharlesWang (@0xcharleswang) 's Twitter Profile Photo

Twitter noise is all fun and games but have you ever locked in for 4 years straight doing nothing than audits back to back without >1 day off?* *While not being mentally burned out

Bail Security (@bailsecurity) 's Twitter Profile Photo

Our 4th audit report for defi.money is ready! Thanks for the ongoing trust in Bailsec! Link to the report on Github: github.com/bailsec/BailSe…

Our 4th audit report for <a href="/defidotmoney/">defi.money</a> is ready!

Thanks for the ongoing trust in Bailsec!

Link to the report on Github:
github.com/bailsec/BailSe…
CharlesWang (@0xcharleswang) 's Twitter Profile Photo

Issues with the Uniswap UniversalRouter in Scenarios of Incorrect Operations By leveraging an efficient command-based structure, users can execute a wide variety of actions such as token swaps, NFT transfers, and ERC-20 payments, all within one call. Each operation is executed

Issues with the Uniswap UniversalRouter in Scenarios of Incorrect Operations

By leveraging an efficient command-based structure, users can execute a wide variety of actions such as token swaps, NFT transfers, and ERC-20 payments, all within one call. Each operation is executed
Bail Security (@bailsecurity) 's Twitter Profile Photo

We're excited to share the news of our next long-term security partnership with Robinos Sports Prediction Platform | Mino NFT 🟣 🤝. Robinos is a multi-chain & decentralized prediction platform where sport fans come first. We are dedicated to ensuring the long-term security of their project by building a solid

We're excited to share the news of our next long-term security partnership with <a href="/RobinosPredict/">Robinos Sports Prediction Platform | Mino NFT 🟣</a> 🤝.

Robinos is a multi-chain &amp; decentralized prediction platform where sport fans come first.

We are dedicated to ensuring the long-term security of their project by building a solid
CharlesWang (@0xcharleswang) 's Twitter Profile Photo

Liquid Staking explained using Stader Labs BNBx 1. Staking BNB: When a user delegates BNB to the Stader architecture , the contract stakes the BNB through a StakeHub using an operator registry, which ensures the proper delegation to validators. In return, the user receives

Liquid Staking explained using <a href="/staderlabs/">Stader Labs</a> BNBx 

1. Staking BNB:

When a user delegates BNB to the Stader architecture , the contract stakes the BNB through a StakeHub using an operator registry, which ensures the proper delegation to validators.

In return, the user receives
CharlesWang (@0xcharleswang) 's Twitter Profile Photo

I remember in my early days when I first stumbled across this weird "initializer" modifer ... I will explain it for you so you can quickly get a grasp: The Initializable contract from OpenZeppelin is used to facilitate the creation of upgradeable contracts when deployed behind

I remember in my early days when I first stumbled across this weird "initializer" modifer ...

I will explain it for you so you can quickly get a grasp:

The Initializable contract from OpenZeppelin is used to facilitate the creation of upgradeable contracts when deployed behind
CharlesWang (@0xcharleswang) 's Twitter Profile Photo

Did you know why the DEFAULT_ADMIN_ROLE is actually the default admin in OpenZeppelin 's AccessControl contract? See the onlyRole modifier: .. which is only allowing the corresponding roleAdmin to grant a role .. but the roleAdmin is by default actually ... unset, which

Did you know why the DEFAULT_ADMIN_ROLE is actually the default admin in <a href="/OpenZeppelin/">OpenZeppelin</a> 's AccessControl contract?

See the onlyRole modifier: 

.. which is only allowing the corresponding roleAdmin to grant a role .. but the roleAdmin is by default actually ...

unset, which
Bail Security (@bailsecurity) 's Twitter Profile Photo

We're currently in the process of conducting an audit for Stader Polygon . Bailsec was tasked with an audit for MaticX which allows users to participate in POL staking while receiving the liquid MaticX token which can be used in various defi applications. Be sure to keep

We're currently in the process of conducting an audit for <a href="/stader_polygon/">Stader Polygon</a> .

Bailsec was tasked with an audit for MaticX which allows users to participate in POL staking while receiving the liquid MaticX token which can be used in various defi applications.

Be sure to keep