Sam Eiderman (sameid.eef)

Verified account

@_eiderman

CTO @ Utila Opinions are mayo

Joined January 2019

166 Following

60 Followers

49 Posts

Sam Eiderman (sameid.eef)

2 months ago

Before I go in depth to explain the booster rocket stage of the Durable Nonces and how some architectural design of this feature played a crucial part in the exploit, I would just like to bring attention to the fact that wallet software should do more and invest more in the display of the transactions being signed. If you can’t read the “fine print” of the transaction payload you are signing - might as well just sign with your eyes closed. Read more on our blog: https://t.co/lvB423tRFJ Stay safe

0

0

0

0

19

Sam Eiderman (sameid.eef)

2 months ago

🚨 Drift Protocol on Solana - Compromised, 250M$ Stolen 🚨 Statement from Drift: "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution."

1

1

1

0

191

Sam Eiderman (sameid.eef)

2 months ago

A quick recap of the Bybit hack to show the remarkable resemblance. Bybit’s treasury, secured by a multi-sig account (Gnosis Safe), on Ethereum - hacked ($1.4B) by compromising the Gnosis Safe UI, delivering an obfuscated payload instead of a legitimate transaction to signers - the transaction looked like a regular transfer, but was in fact reassigning the ownership of the entire Safe to the attacker. This was amplified by the use of an “advanced feature” of the Gnosis Safe. The use of this advanced feature probably went unnoticed by the signers, most likely because the wallet software did not emphasize it (link in comments for previous post). Now, Drift’s treasury, secured by a multi-sig account (Squads), on Solana - hacked by making 2 out of the 5 Squads admins sign a transaction that reassigned the ownership of the entire Squads mutil-sig to the attacker. This was amplified by the use of an “advanced feature” of Solana - Durable Nonces. And again, the use of this advanced feature probably went unnoticed by the signers, again - most likely because the wallet software did not emphasize its usage.

1

1

0

0

64

Sam Eiderman (sameid.eef)

over 1 year ago

@YaelSherer בינתיים כל העכבישים עזבו לי את הבית

0

0

0

0

116

Who to follow

Protecting stuff @utila_io | bentzi.eth | Vinyl collector, average swimmer

Verified account

Enabling organizations to securely manage & build on digital assets.

Verified account

Cybersecurity, cryptography, and privacy R&D at Breaks & Ciphers

Sam Eiderman (sameid.eef)

over 1 year ago

@YaelSherer זה נכון גם לביצי תרנגולות שקרפדה דגרה עליהם?

1

1

0

0

128

Sam Eiderman (sameid.eef)

over 1 year ago

IMO this is an insecure design choice by the @safe team, `operation` should have never been a parameter to execTransaction method but should have been moved to its own execDangerousTransaction method to avoid UI/phishing attacks.

1

1

0

0

105

Sam Eiderman (sameid.eef)

over 1 year ago

Holy sh!t @safe multisig simulations are hard, especially when done in STDv4 setting, in those cases simulators should use the embedded `to`, `value` and `data` parameters - a zero value transfer(address,uint256) in this case - no simulation effects even, HOWEVER...

_eiderman's tweet photo. Holy sh!t

@safe multisig simulations are hard, especially when done in STDv4 setting, in those cases simulators should use the embedded `to`, `value` and `data` parameters - a zero value transfer(address,uint256) in this case - no simulation effects even, HOWEVER... https://t.co/FqRbCkWkCE

over 1 year ago

Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address. Please rest assured that all other cold wallets are secure. All withdraws are NORMAL. I will keep you guys posted as more develops, If any team can help us to track the stolen fund will be appreciated. https://t.co/ckwZgma8Lf

4K

18K

3K

2K

8M

3

3

0

0

392

Sam Eiderman (sameid.eef)

over 1 year ago

There's only one thing worse than "no simulation" and that's "wrong simulation", I wonder how many wallets that simulate Safe's contract calls, flag contract calls with "operation = 1" as a parameter (instead 0). This was literally a one bit attack. 🤯

1

1

0

0

121

_eiderman retweeted

Sam Eiderman (sameid.eef)

over 1 year ago

@LindellYehuda I agree, it's a purist approach The alternative from UX perspective is to tell users: "just keep those keys somewhere less safe forever", which is always worse. Better to allow import and set "imported: true; attestation: null"

0

1

1

0

288

Sam Eiderman (sameid.eef)

over 1 year ago

@LindellYehuda I agree, it's a purist approach The alternative from UX perspective is to tell users: "just keep those keys somewhere less safe forever", which is always worse. Better to allow import and set "imported: true; attestation: null"

0

1

1

0

288

Sam Eiderman (sameid.eef)

over 1 year ago

Now can someone explain to me how USDT, the most popular stablecoin, does not get upgraded to support such capabilities as well...

0

0

0

0

147

Sam Eiderman (sameid.eef)

over 1 year ago

UPDATE: PYUSD now migrated from betaDelegatedTransfer to transferWithAuthorization - consolidating the capabilities offered by USDC - a small win for standardization. Even added transferWithAuthorization[Batch] to making batching simpler and not use an external contract.

Sam Eiderman (sameid.eef)

almost 3 years ago

PayPal's PYUSD For some reason, they implemented their own betaDelegatedTransfer[Batch] for gasless transfers instead of just implementing a 3-years old EIP-3009 - TransferWithAuth which does not use nonces I would rather pay for that extra memslot than use nonces.

0

2

0

0

382

1

0

0

0

230

_eiderman retweeted

TON 💎 @ton_blockchain

over 1 year ago

Secure, seamless, and institutional-grade staking is now more accessible on TON with @utila_io

33

251

170

2

25K

_eiderman retweeted

@hinkal_protocol

almost 2 years ago

We're excited to have @utila_io and @Protokols_io at our X Spaces 📡 Pre-save the link for tomorrow! 👇 https://t.co/JTE2GUixac

4

10

4

0

1K

_eiderman retweeted

@hinkal_protocol

almost 2 years ago

Get ready for our X Spaces with @utila_io, save the link for tomorrow! 👉 https://t.co/7u90KacToD @Protokols_io will also join our discussion on privacy in DeFi and the Hinkal Lords Challenge 🗣️ PS: You can learn more about the challenge from @prz_chojecki's video! Click ⤵️

hinkal_protocol's tweet photo. Get ready for our X Spaces with @utila_io, save the link for tomorrow!

👉 https://t.co/7u90KacToD

@Protokols_io will also join our discussion on privacy in DeFi and the Hinkal Lords Challenge 🗣️

PS: You can learn more about the challenge from @prz_chojecki's video! Click ⤵️ https://t.co/iCys1qTkjO

9

21

6

0

2K

Sam Eiderman (sameid.eef)

about 2 years ago

@ZacharyDeWitt 😍

0

1

0

0

33

Sam Eiderman (sameid.eef)

almost 3 years ago

PayPal's PYUSD For some reason, they implemented their own betaDelegatedTransfer[Batch] for gasless transfers instead of just implementing a 3-years old EIP-3009 - TransferWithAuth which does not use nonces I would rather pay for that extra memslot than use nonces.

0

2

0

0

382

Sam Eiderman (sameid.eef)

almost 3 years ago

נשמה זה לא אני פוסל אותך אלו הם חוקי הפרומפט

_eiderman's tweet photo. נשמה זה לא אני פוסל אותך
אלו הם חוקי הפרומפט https://t.co/gqFPBwSrWM

1

3

0

0

162

Last Seen Users on Sotwe

Trends for you

Most Popular Users