SecLat

Nos vemos en el Ethereum Security Day en CDMX

New post in the blog Solving Ethernaut 10 challenge, here we gonna learn about reentrancy and how to detect, attack and patch vulnerable contracts https://t.co/ZeMMzDYJvw

Security takeaway: Zero slippage protection ≠ convenience. Zero slippage protection = permissionless value extraction. One hardcoded 0 can silently transfer value from your users to MEV bots on every transaction. Audit your integrations. (13/13)

🚨 Developers are still shipping this Uniswap bug in production. A single hardcoded 0 can allow MEV bots to steal value from every swap your users make. Not a protocol bug. Not a Uniswap bug. An integration bug. Here's how it works 🧵👇 (1/13)

Never trust the current pool price. Between transaction submission and execution: Prices move Arbitrage happens MEV bots compete Markets change Your contract must defend users. (12/13)

🧵 The dangerous block.timestamp anti-pattern in Uniswap swaps that silently enables MEV attacks and how to solve it 👇 Most devs think deadlines protect users. In reality, many implementations accidentally remove that protection entirely. - 1/12

For automated systems or router wrappers: → use bounded future expiries → avoid infinite deadlines → combine with MEV protection/private mempools when possible Takeaway: block.timestamp as a Uniswap deadline is not a harmless shortcut. 11/12