Pinned
The first is simple, but it's 22 bytes of bytecode long.
Here's an illustration I made of four different ways to clean up an ethereum address using opcodes on the EVM stack machine.
Daniel Von Fange
3,635 posts
Daniel Von Fange
@danielvf
Skilled Professional (most days). Defends against the bad guys.
East Coast
Joined September 2006
- In a dazzling reverse hack, a substantial chunk of the Playtpus hack stolen funds have been recovered. Here's how it worked: (1/4)
- Yesterday's sophisticated 50 million Radiant Capital hack happened after attacker's trojaned the computers of multiple team members. Team members saw and verified good multisig data on screens, but their hardware wallets signed evil data. 1/7
- The 750 ETH hack from EFLeverVault a few hours ago happened because the contract did not verify that flashloan callbacks where actually initiated by the protocol, allowing the attacker to tell the protocol to withdraw large amounts of funds. 1/4
- I built a tool to visualize the bytecode executed inside a single ethereum transaction.
- Here’s how signature malleability attacks work. Two attacks. If a user signs the same message multiple times, they get a different signature each time. If your code uses a signature as an identifier for blocking actions, users can repeat that action. 1/3
- Today's Inverse Finance hack happened because the protocol used Curve pool balances to calculate the value of their LP tokens. This is bad. As the attacker bends the pool, the sum of the balances goes higher. You think you are richer, but then the attacker can reverse it. 1/n
GIF - Yesterday's complete hack of Wise Lending was far more complex than reported. Very worth examining. The protocol had added explicit defenses against this style of attack, which the attack then either bypassed or used against the protocol. 🧵 1/21
- Found a config bug in multiple projects, totaling billions of dollars in assets, allowing a single key to take over all powers from governance and multi-sigs! 1/7
- Things I tell people about AMMs: (running list)
- 1/2 Found a critical bug today that could have blocked all future actions from a contract-owning governance system. Everyone knows you shouldn't loop over an unbounded array. But this sample contract below can become impossible to run, even without any for loops!
- 🤣🦜🦜Some people say that the code behind Curve is difficult to understand. Hard to grasp and unintuitive in behavior. With the new deploy of the Curve dollar, devs addressed this directly in the comments. 🤣
- After 4.7 years as a security focused smart contract engineer, tomorrow will be my last day at Origin Protocol. 7 products spread out on 5 chains, mid 9-figure TVL, 540+ deploys and upgrades, with 0 user funds lost since I started that role. 1/8
- In the two hour old Platypus hack, it looks the attacker deposited 44 million, borrowed 42 million, and then used the emergencyWithdraw(), which happily gave the attacker the full original deposited funds back - no deductions for the borrow.
