Summary:
This week we will be covering ZK Series with Port Adams, The vulnerabilities of Tomorrow, Move Language Security, Novel Griefing Attacks, On-chain Transaction Debugging, Auditors Roadmap and much more.
🔎 Audit Reports Explained
🐦 Usage of deprecated ChainLink API
🐦 Lack of Access control over burn function
🐦 Users can get unlimited Votes
🐦 Incorrect number of seconds in ONE_YEAR variable
💡 Interesting Blogs to Read this week:
📌A Vulnerability Perspective Analysis of Move Language Security: In this article, The Vulnerability and security of Move language is discussed. Move is still in the development stage, and the Move ecology is still a certain distance from maturity.
📌 Heartbreaks & Curve LP Oracles: In this article Chain security shares the story of how they discovered a devastating oracle manipulation on Curve, targeting five major protocols.
📌 OMNI Real Estate Project Exploit Analysis: On January 17, 2023, the OMNI Real Estate Project (ORT Token) on the BNB chain was hacked. The main cause of the attack was insufficient checks in their staking pool contract. Check out the blog for more details on it.
📌 0xbaDc0dE MEV Bot Hack Analysis: In this article, we will be analyzing the exploited vulnerability in the 0xbad smart contract without looking at any actual source code. We’ll analyze the massive profit arbitrage transaction and see what we can learn from there.
📺Interviews and Conferences:
- Alpha for Auditors: The Vulnerabilities of Tomorrow, Anton Permenev — DeFi Security Summit 2022
2. Devtooligan discusses about Huff language and how he hacks contracts while diving into low-level code. He is also a Huff language contributor and is here to tell you more about it.
3. Pashov discusses his decision to all in on web3 security as an independent security researcher. Pashov shares alpha on auditing, obtaining clients and building industry connections.
4. Porter Adams shares his knowledge on Zero Knowledge and answers most of the common question related ZK. It’s an introductory lesson on Zero Knowledge series.
🔥 Awesome Tweets and Updates:
✅ Trust shared his second alpha tips on Smart contract Auditing.
✅ Owen Shares a novel“Gas Griefing Exploit” that was previously undocumented in his thread.
✅ SunSec added lesson 5 in the OnChain Transaction Debugging Series.
✅ Totohh_ released a new AI product for auditing smart contracts. This tool uses AI to match codes with previous bugs.
🔥 Miscellaneous Resources:
ZK-Bug-Tracker: A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto.
QuillAudit_Auditor_Roadmap: This repository contains a mindmap and stepwise resource to get started with Smart Contract Auditing.
On-Chain-Investigations-Tools-List: This repository contains details on how one can investigate crypto hacks and security incidents, and collect all the possible tools and manuals!
Challenges to try this week:
🐦 Thanks for reading here!
I hope you find this newsletter helpful. Follow me for more updates
Do check out my github repo. for Audit-365 for tracking all previous tweets and newsletters. https://github.com/Sm4rty-1/Audit-365
