Today, we want to share with you couple repos that will help you master blockchain pentesting and smart contract dev. github.com/bkrem/awesome-… - Contains a huge amount of information, updated regularly github.com/openblocksec/b… - All known blockchain incidents, updated regularly

At 2 AM UTC on Aug 4, Wault Finance‘s WUSD on BSC was exploited and drained $800k (370 ETH) out of the WUSD/BUSD LP. WUSD is a stable coin backed by USDT and WEX. We believe it's an economic attack rooted in the design of WUSD. Read our analysis: watchpug.medium.com/wault-wusd-min…

The Poly Network hack explained

WATCHPUG is proud to have received a quarter million ($250K) bug bounty award from pancakebunny.finance for a critical bug in the Zap function. Thank you! pancakebunny.finance Immunefi

⚠️ Oct 20, 9 AM UTC, an attacker exploited PancakeHunny and stole 2.3M The root cause: inappropriate usage of a low liquidity pool makes it vulnerable to price manipulation to create artificial profits Read more: watchpug.medium.com/pancakehunny-f…

Here is my submission to the Gelato Vernissage: forum.gelato.network/t/gelatos-art-…

We are honored to introduce the new ReportingDAO member, .WATCHPUG, a team of web3 security professionals! In combination with WATHPUG, InsureDAO will be able to elevate security, privacy, and usability even more!! link.medium.com/VpyPPrsUBnb #InsureDAO #DeFi

currently building a chrome ext which will show you a tooltip with a human readable name (from your address book) whenever you select an address. it supports ENS reverse resolution; tells if it's a contract or EOA, + the ether balance. this chrome ext is gonna be called: 0xWho?

This happened in etherscan.io/tx/0x958236266…: the problem was them rolling a vulnerable LP token price oracle (sers, we have the correct one also!). Conclusion: if ever in the future you feel like rolling your price oracle for our pools - ask us to check please

0xWho is an open-sourced Chrome extension: github.com/jack-the-pug/0…

a frontend hijacking attack on Convex this is exactly why the wallet should display a human-readable ENS name for the smart contract address they are interacting with; and the reason I added this feature to @TallyCash 3 months ago: github.com/tallycash/exte…

Dear Velora (Moved to @VeloraDEX), could you please display the full address in the warning box? So that 0xWho can reverse resolve the address to a readable name, which I rely on it to confirm the address.

The E in Solidity stands for easy.