💫 Summary:
This week we will cover Zero-Knowledge: A-Z, Web3 Security Tools Lists, Mental Models for Smart contract Audits, Bug Bounty, Defcon CTF with Perfect Blue, some awesome GitHub Repositories, and many more.
🔎 Audit Reports Explained
🐦 Sandwich attack due to hardcoded slippage
🐦 Initialize function can be invoked multiple times.
🐦 A Typo leading to locking of Funds
🐦 Centralization RIsk: The owner Of RoyaltyVault Can Take All Funds
🐦 Call Return is executed before ‘require’ check.
🐦 Reentrancy Vulnerability in Rari led to a loss of $80 million.
💡 Interesting Blogs to Read this week:
📌 Zero-Knowledge A-Z: Compilation of Learning Path for Zero-Knowledge Proofs, ZK Rollups, Optimistic Rollups, Snarks, Starks, and lots more.
📌 Beanstalk Governance Attack (with POC Contract): In this article, the vulnerability in the Beanstalk contract is explained, and also you can create your own simplified version of the attack, testing it against a local fork.
📌 Upcoming Vulnerability in Most Governance Contracts: This blog explains a vulnerability that allows users to gain more votes than they should have, but it likely won’t result in full governance takeovers alone yet and only becomes a real pain with upcoming advancements.
📌 Generating secure randomness on Ethereum using SNARKs: In this post, Paradigm proposed designs and reference implementations that utilize SNARKs and VDFs to achieve fully secure randomness on Ethereum.
📺Interviews and Conferences:
⚡Check out NahamSec’s Interview with hackermate_ and learn about An Adversaries Approach to Smart Contracts.
⚡ Check out Dravee’s podcast with Andy Lee’s where he talks about Code4rena Automation, Breaking Through Plateaus, and Auditing Advice for Beginners/Intermediates.
⚡ Joran Honig touches on different approaches, principles, strategies, and forming mental models for a successful audit.
⚡ Another Cool Interview by NahamSec with ret2jazzy where he talks About Bug Bounty, DEFCON CTF wtih Perfect Blue, and Smart Contracts!
🔥 Awesome Tweets and Updates:
📌Patrick Collins Explained about aTokens and cTokens, which are two of the biggest interest-bearing tokens. Check out the tweet for more details.
📌 Trust shared his alpha tips on smart contract auditing.
📌 If you haven’t checked the “Find the bug” Challenge by Bytes32. Do check it out.
📌 Check out one of the most common and easy-to-spot High Severity bugs on Code4rena.
📔Interesting GitHub Repositories:🔥
🔥 Web3 Security Tools Repository by QuillAudits: This repository contains a list of the most popular and widely used tools in web3 security.
🔥 Awesome Web3 Security by AnugrahSR: A curated list of web3Security materials and resources For Pentesters and Bug Hunters.
🔥Audit Helper by HardlyCodeMan: Boilerplate test creation and Foundry initialization for solidity smart contract audits.
👨💻Challenges to try this week:
🐦 Thanks for reading here!
I hope you find this newsletter helpful. Follow me for more updates
Do check out my github repo. for Audit-365 for tracking all previous tweets and newsletters. https://github.com/Sm4rty-1/Audit-365
