Trusting responses from a single AI model and believing it as the source of truth is stupidity just like believing in a religion and taking it as the source of tru... Oh wait. Nvm.
Introducing OpenZeppelin Skills 🤖
In the first of a series of releases, we're dropping 9 skills to give AI agents authoritative, up-to-date knowledge of OpenZeppelin Contracts libraries for secure smart contract development, setup, and safe upgrades.
https://t.co/kS0eTJxPJ1
Cute hack of the week
Did you know that some older compound cTokens return false on failure instead of reverting?
This staking contract discovered that the hard way
https://t.co/LkGtq61KCI
It gets even more fancy: the way Etherscan was tricked showing the wrong implementation contract is based on setting 2 different proxy slots in the same frontrunning tx. So Etherscan uses a certain heuristic that incorporates different storage slots to retrieve the implementation contract.
There is an old proxy by OpenZeppelin who used the following slot: `keccak256("org.zeppelinos.proxy.implementation")` = `0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3`
We now also have the standard EIP-1967 slot `bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1)` = `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
So what happened is that the old OpenZeppelin proxy slot was written to with the benign implementation address _and_ the standard EIP-1967 slot was also written to with the malicious implementation address. Since Etherscan queries first the old proxy slot, it retrieved the benign looking one first and thus displayed it.
This is pretty interesting
Never thought of using the identity precompile to bypass external checks that expect the function selector to be returned
Also, this is the first time I've seen a precompile used in an exploit
.@Safe leads the way in wallet infra, revolutionizing digital asset ownership.
- Over $70B in assets secured
- 67% increase in active users quarterly
- Enhanced security, advanced access control
As dedicated Safe users, we built our own module in-house: zkSafe
What it is ↓
Please do not interact with any https://t.co/Mu1iGI10GA powered applications for now!
We're investigating a potential exploit. If you did not set infinite approval, you are not at risk.
Only users that have manually set infinite approvals seem to be affected.
Revoke all approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae 0x341e94069f53234fE6DabeF707aD424830525715 0xDE1E598b81620773454588B85D6b5D4eEC32573e 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68 https://t.co/1f1foHz5eU
ALERT: The https://t.co/vSAGYl6wwJ URL has been compromised and is currently hosting a phishing site. DO NOT interact with the https://t.co/vSAGYl6wwJ website until further notice.
The Compound protocol itself is not impacted and all smart contract funds are safe.
One of the worst customer service @whirlpool_india !
refrigerator has been broken for more than 1 month and we are told it will be replaced under warranty and yet no update from @whirlpool_india after contacting so many times.
SRN:
AHM18062404578
AHM18062404545
AHM10062460697
Introducing Lumos Macro Stats.
Since the release of Lumos, we've received numerous requests from hacked victims, security researchers, projects, and students for charts showing statistics of hacking incidents by category.
Now, anyone, regardless of their engineering background, can access a customizable chart containing the following information:
→ Total exploited value and incident count
→ Attack vector
→ Destination of exploited funds
→ Estimated value of DPRK-linked hacks
Our goal is simple: to shed light on the shadows of Web3 hacks by providing transparent information on prevalent security incidents involving both smart contracts and project teams.
$1.7B was lost to hacks in 2023.
They can't keep getting away with this.
Seeking seamless batch transactions across various networks without the hassle of manual switches?
Experience the ease of one-click trading across abstract chains with DefiLens. Say goodbye to manual switches and hello to seamless transactions👋
#Defi#DeFiRevolution