The OpenAI Codex docs include the example "Write unit tests for utils/date.ts." Are tests generated this way good enough? I wrote an article about this.
https://t.co/pcK0nKGtVu
It's really insane that there's no option to use "Enter" for making a new line instead of sending a message in ChatGPT and Claude. It's a standard key behaviour, muscle memory. I end up sending a message when I just want a new line 50% of the time
@CodeHawks@dimulskiatanas@Haxatron1 - How can the possibility to steal (all) swapped user money with a sandwich attack be a known issue and still be invalidated with the explanation that it's a design choice?
Also, don't want to even ask q about oracles (current prod oracle has bugs, ignorance of timeout for CL)
The standard contest on @CodeHawks is finished. 16th place with 1H and 3M.
Congrats @dimulskiatanas with the 1st place (nice catches!) and @Haxatron1 with the fact, that its finally ended :)
@CodeHawks@dimulskiatanas@Haxatron1 BUT! I still have several rhetorical questions.
- How come that report with a clear attacker who can steal money from the protocol is marked as medium? Especially considering that this is an unfixed vuln, which previously caused a pause and disabling of swaps in the protocol.
The Standard contest on @CodeHawks has now officially concluded and the judging phase has wrapped up.
My current results: 5/18 mediums and 5 appeals:
- 1 med -> high
- 4 extractions to a separate issue
-- 3 of them are related to bad debt
The main takeaway for me from The Standard contest on @CodeHawks - you shouldn't waste time on contests with a bad codebase.
There will be lots of obvious findings which will not help you become a better auditor. You will spend a lot of time for a small reward as a result.
@EoghanH @CharlesWangP >A reentrancy attack happens when a function is externally invoked during its execution, allowing it to be run multiple times in a single transaction.
In one tx, not in one block. So, it could be done even with automine
@EoghanH @CharlesWangP Switching off automine in HH is not enough to test reentrancies due to reentrancy should be done in the same tx. And in HH tests, each call is a separate tx (as in real life in js scripts). So, in HH, you need to write contract-helper for this.
@CharlesWangP @EoghanH In Hardhat, automining is enabled by default. Therefore, developers would have had to consider the same block case to find this.
@0xnirlin@Starknet Not everything good with Cairo imo. Very verbose. And current Cairo plugin for vscode doesn't allow to effortlessy navigate through the code.
Done with the Curves project on @code4rena. Spent 17 hours and submitted some findings.
Main goal met: I now get how these protocols work. They're not new, though. Reminds me of the buzz about bonding curves back in 2018.
Heard a lot about friendtech but never looked into it. Planning to spend the weekend on @code4rena's Curves contest. Don't expect to find much in such a short time, but it's a good chance to get to know these kinds of protocols.
A while ago, my former colleague showed me his audit checklist. The first point was 'Check access rules of all functions.'
I looked through the findings of The Standard contest on Codehawks and noticed a HIGH issue that I hadn't reported โ a method without access checks.
I even mentioned this absence of a check in another finding but didn't investigate further due to the need to describe already discovered issues.
Perhaps the most important lesson from this contest is not to overlook the simplest issues.