Olivia
Online
flashfish
@flashfish0x
⚡️🐠
Joined August 2021
236 Following
4.9K Followers
185 Posts
Many sophisticated MEV bot contracts use control flow obfuscation techniques to protect their logic. However, this also causes existing tools to struggle with analyzing obfuscated smart contracts, leaving critical vulnerabilities hidden.
Excited to share our solution: SKANF (1/n)
Interesting challenge. Even if you’re not looking for a job it’s useful for anyone wanting to improve their improve their on chain skills.
1/6
Today, we’re launching The Alpha Challenge, a two-week experiment for the crypto community to test their on-chain analysis skills and for Wintermute to hire top talent
We've also collaborated with six companies to provide exciting awards for those who will not be hired👇
To expand. Medium liquidity on the curve pool is a feature not a flaw. It is easier to maintain peg (cheap to incentivise, smaller swaps to repair) and stops large single swap dumps (due to exponential price curve). While allowing reasonable trades to happen with no price impact
Worth saying that historically cvxCRV has had a worse peg than ycrv. Yes ycrv has less liquidity, but in reality a dca exit strategy of 3m exiting ycrv would probably net a better result that cvxCRV. I liked the rest of your thread though
2.5 a really obvious one is convex (and we going to deploy at least half of our CRV there today actually). It’s good yield, battle tested and, very importantly - you can exit from cvxCRV with relatively low slippage fairly quickly - 1% slippage on 3 mil if you are desperate
@LefterisJP The relay is a trusted intermediary. The relay ‘should’ give you the best block proposed by all builders. And even more importantly ‘should’ be checking the builder is behaving, because if they make you sign an invalid block you’ll be slashed. So yeh, lots of trust in the relay
@LefterisJP Remember the proposer doesn’t see the contents of the block the builder proposes. They only get it once they’ve signed the header.
As a side note it can sometimes be a worse deal for the proposer than building themselves because of the burnt gas costs of the mev payment tx
@LefterisJP That’s one way builders make money. Provide a superior block where they keep part of the fees and still provide more to the proposer than they would get otherwise. Easiest example of how is private transactions. The proposer wouldn’t see those txs if they built themselves
@pashov @iearnfinance Deployment is a really dangerous step. So easy to make a mistake and the dance you have to play to get things verified on etherscan makes it really easy to mess up. Also easy to hide something malicious in the constructor.
Looks like it was possible because of a bug with mevboost relay. It didn’t verify the validator signed the head correctly before revealing the internal block. So no double signing slashing and no risk of reorg
Block 16964664: A user managed to drain five MEV bots by exploiting a bug in mev-boost-relay.
Here's the block: https://t.co/ruSz8YzAJR
Here's the user: https://t.co/VY4gpmX0L8
Here's the patch: https://t.co/TPO80i3dz5
Here's the longer explanation:
My guess at how this was done.
Sandwichers submit their bundle to flashbots (or another builder) who build it into a block and send that block to a trusted relay.
The relay sends the block head to the validator for signing. Only after signing does the validator see inside
Dusk for sandwich bots? A few top mev bots were targetted in block
https://t.co/tnlx5tAX1G
@peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb
This is normally safe as there are slashing penalties if the validator validates a block with a different head. Due to having now signed two heads.
But what happens if it is worth paying the slashing cost for the opportunity to exploit the block? Maybe that’s what happened here
Block 16964664: A user managed to drain five MEV bots by exploiting a bug in mev-boost-relay.
Here's the block: https://t.co/ruSz8YzAJR
Here's the user: https://t.co/VY4gpmX0L8
Here's the patch: https://t.co/TPO80i3dz5
Here's the longer explanation:
@junorouse @punk3155 @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb maybe because that transaction includes has a very high priority fee so some extra free money for attacker
@punk3155 @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb So validator can sign the head of the flashbots bundle to see it’s internals. If potential profit > slashing penalty then 💵. Any risk of being reorged if you do this?
@punk3155 @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb How do you think it was done?
Know when your validator is going to be chosen. Do an easily sandwichable trade and wait for flashbots builder blocks to roll in. But then what? Sign it and then validate a different block and take the slashing?
@ObadiaAlex Pretty sure we have. There have been some very strange sized blocks and it’s definitely worth it if you have a bunch of high gas usage transactions you want to get done
Really feeling for Euler and the team at the moment. A project doing some real innovation. Sometimes I hate this space.
@zachxbt Sending love. You've been a huge positive force we all owe you a lot. Look after yourself
@storming0x Thanks for the shoutout, but big props to @murderteeth who’s been the main contributor working on it recently
In a dazzling reverse hack, a substantial chunk of the Playtpus hack stolen funds have been recovered.
Here's how it worked: (1/4)
Last Seen Users on Sotwe
SINIH SAMA TANTE
Seen from Indonesia
El Pinch3 cabrÓN 🥵 
Top boy
Seen from Germany
@Jelly
Seen from Vietnam
Vanderlei Bosco
Seen from Thailand
KOLEKSI INDO
Seen from Indonesia
Wes Brody
Seen from Brazil
xHamster
Seen from Turkey
Phúc Vĩnh
Seen from Vietnam
อยากลองนั่งว่าวดูเมียโดนเย็ดหี
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers