A critical in git released yesterday that can be triggered by git clone of untrusted repo. That's the dream vector to pwn auditors and steal their bounties / audit money. Patch your systems before quoting any new clients! And expect visitors in your inbox in coming weeks...
@shealtielanz@code4rena@zksync There was no reasonable explanation. I will tell the whole story when the report is out.
Tip of the ice:
In the past zkSync contest, HIEM's issue(https://t.co/hQmP52nnds) was accepted by judge while it's obviously invalid. This invalid solo medium issue received ~$20K payment
@0xnevi@sherlockdefi Totally agree with you.
I believe @sherlockdefi judging is far superior to other platforms(10 times better) and people involved in judging workflow should be awarded more for their great work.
@akshaysrivastv@0xHE1M Hard to believe it, but yes.
get banned for trying to reveal(https://t.co/PYpyozehTQ) the scam some other warden+sponsor were doing.
Instead of giving me a medal for uncovering this scam, they banned me and as a matter of the fact HE1M is not banned yet!
@0xHE1M in this contest, HE1M increased attack level. facts shows that there were multiple sponsors and multiple wardens that performed malicious actions.
zkSync & C4 & judge performed questionable actions(while breaking the CoC) that favored the HE1M and his accomplices.
2/3
@0xHE1M Yes, what happened was far beyond the things zkSync & C4 mentioned in their announcements(it's not just some inside knowledge advantages or some implanted bugs).
In the past zkSync contest, HE1M's issue(https://t.co/hQmP52mPnU) was accepted while it is obviously invalid.
1/3
@DevDacian@zkSyncDevs@code4rena In the past zkSync contest, HE1M's issue(https://t.co/hQmP52mPnU) was accepted by sponsor and judge while it is obviously invalid.
HE1M received $20K for that invalid issue!!!
@zkSyncDevs@code4rena I found out about the malicious actions and tried to warn the C4 and zkSync and judge by:
1- contacting with another sponsor.
2- publicly saying in the channel.
3- showing facts in scalations.
As I was investigating more, I get banned from C4 and contest without any valid reason