This effectively makes # of unsolved challenges to be 0 for The Duck :) It was a fun weekend activity that allowed Theori researchers to show off their deep knowledge and strong skills in Web3 security.
Thanks to
@paradigm_ctf
for hosting the CTF!
I summarized the entire exploit step.
Exploit steps:
1. Attacker repaid entire loan from aUSDT to set the borrowRate to 0.
2. Attacker minted yUSDT
3. Attacker minted iUSDC
4. Attacker sent iUSDC to yUSDT
5. yUSDT miscalculated its pool ratio (calcPoolValueInToken)
a. ROOT
It seems like the iearn USDT token (yUSDT) has been broken since deploy, which was *checks notes* over 1000 days ago. It was misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.
Angry defender from Confidence 2020 CTF Write Up: also unintended solution of two rust sandbox challs in the same directory.
@t0nk42
thanks for good slide and research, it was very helpful. :D
Last weekend, me and
@jinmo123
took 4th place in the mev-share CTF with
@chainlight_io
.
It was fun, and I think the CTF material could be a good resource for Mevshare beginners.
There's a lot of great writing about each challenge, so I've prepared a few key takeaways 🧵
New MEV-Share CTF leaderboard is up!
Had a bit of fun coding this up last minute. Pure html/css/js 🤓 (as if anyone cares lol).
Shoutout to
@deadpine_xyz
for designing it! This my amateur implementation of her (even better-looking) design.
Disable Javascript by default: Really simple/efficient thing that prevents the exploit and the phishing.
- 99.999%of web browser exploits use Javascript.
- Can notice the phishing page, since I wouldn't have allowed.
🫡🚀🦀
We are excited to announce that we are releasing our 150-page internal research to the public. This report includes:
→ 112 hacks' scale, root cause, and underlying chain analysis
→ Correlation between security audits and hacks.
→ Post-incident responses from the team
→
My friend, and legendary hacker
@tjbecker_x
has given up trying to recover his own
@x
account, created a new one. Follow him to learn cutting-edge hacking skills (ZK, Advanced Ethereum Knowledges, Browser pwn, etc.)
I uploaded the source code of our DEFCON 27 CTF exploit framework! Enjoy it.
cc.
#SeoulPlusBadass
,
@aka_saika
-- I made the front page a day before the CTF, please understand dirty codes ㅠ_ㅠ
Saving $1.9B.
On September 15th, we discovered and reported a critical bug in
@zkSync
Era's ZK-Circuits that could have drained all the tokens passing through the bridge.
This bug allows a malicious prover to produce "proofs" for invalidly executed blocks, which the verifier
We are running our cutting-edge skill CTF with
@POC_Crew
.
You can get a "FREE" POC 2021 TICKET as a prize!
The challenges are based on "Real-World" vulns in the automobility systems, home IOT, Apache CVE-2021-41773, Intel AVX instruction sets, and so on. Enjoy!
This is slide for Ethereum (geth) bug that my team found a few months ago. (only Korea, sry) -- simple bug & simple exploit --> dont need to explain more :D enojoy
🚨 ChainLight Patch Thursday, the first week of July!
The content we introduce in this Patch Thursday is "Identifying Vulnerabilities in
#TON
: Killing All Nodes"!
✨ ChainLight has uncovered a Denial-of-Service (DoS) vulnerability in the TON network’s node that can lead to the
We,
@chainlight_io
,
@tjbecker_
solved it in 2 ways.
Part 1: Reuse the signature from the previous transaction. (
@shunduquar
also mentioned)
Part 2: hash=0, r=P.x, s=P.x
Part 3: “Faketoshi Signature” from
@shunduquar
Here is the first writeup for Part 1 and Part 2 the Alpha Goat NFT CTF by auditing firm
@kebabsec
Moral of the story:
this is unsafe:
signer == bytes32(data).recover(signature);
this is safe:
signer == data.toEthSignedMessageHash().recover(signature);
Our team at
@theori_io
got 10k points from the Ethereum bug bounty program - approx. $10k in USD!
-- We will write the details as soon as possible under responsible disclosure.
Nice weather/ Talk/Food/AV all the things are amazing in
@summit_defi
Committee's response time in food is super fast 😋
I hope I can share my experience in web3 security next year!!
🎉 Congrats to
@Blur
for launching their new NFT lending feature!
We audited
#Blend
's contract to ensure the safety for
#Blur
users. We found total of 9 issues, including 2 high severity issues. All of them have been addressed.
✅ Check out our report:
This may be our hardest challenge yet!
We got many questions for our December challenge - but no winner!
You still have a chance to send us a script that retrieves the flag to contact
@ssd
-disclosure.com and win a $100 Amazon gift card!
🚩 How
@chainlight_io
solved the
@curta_ctf
's
#6
puzzle in a nutshell:
TL;DR: kinda meet-in-the-middle attack
1. brute-force a proper gas limit which meets "0000ABCD", the return value of the first call of gamma fn. (1/65535 opportunity)
2. another brute-force a proper
We are thrilled to announce that we have received a commendation plaque from the Minister of Public Administration and Security of South Korea in honor of the 78th Police Day.
We are witnessing an exponential growth in the use of blockchain technology for criminal activities.
[hitb-lockdown-a/d-ctf]
I was playing for team "The Duck". (8th) It was my first online a/d style ctf, and also I only have a few experience on a/d styles. (three times of defcon, ctfzone, hitb singapore and some national ctfs) Because of this we didn't have a good grade. (1/n)
I've sent a bug bounty report to
@PancakeSwap
via
@immunefi
, please have a look. BTW, i have no idea why I was banned from official telegram after submitting a report 🧐🤨
How was Enterprise Blockchain? It is created with
@setuid0x0_
,
@minebuu_
. Sorry for the unintended solution btw. We forgot to change sendMessage's visibility to internal. 😭
If anyone can solve it without using public sendMessage function, DM ME!
We hope you find our write-up helpful and have enjoyed solving the "Suspicious Charity" and "Enterprise Blockchain" challenges authored by us.
Good game,
see you next year🫡
(5/5)
Today, I lost over $10k while beating with MEV flashbots. I learned a lot, and I agree with Ethereum is a "dark forest". 🙈IMO the best way to learn something is just spending lots of money 💵🤷♂️🌳🤷.
The journey to loosing money gonna be a interesting talk/blog post.
Today I recognized the reason I cannot win the lottery, I am spending all luck on solving the CTF challs.
And.. Yes we won. this is rehearsal for defcon prequal with new teammates, it seems not bad. Can we get a black-badge this year? lol
Security of your assets is our top priority.
@certik_io
and
@theori_io
are conducting
@BiFi_lending
's BTC lending smart contract security audits.
We’re in the final testing and audit phases of BTC lending, so just hang on a little bit more. We're almost there 💪
The First Ingonyama
#ZK
CTF Event has Concluded🦁
🥇 1st Place - ChainLight
🥈 2nd Place - rbtree fan club
🥉 3rd Place - LDGR
🟣 4th Place - baby step forward, giant step backward
🟢 5th place - King of the Jungle
Stats + More information below 🧵👇
1/5
The final two challenges for tonight have been released! Test your Solana skills with otter-world and otterswap! Remaining challenges will be released tomorrow
Blend (blur's NFT lending platform) has been audited by
@chainlight_io
The audit report is available on the blur docs site
ChainLight is a winner of the 2022
@paradigm
CTF and has many experienced security experts
Check out:
I found a race-condition uxss bug, but i failed to exploit since the bug needs target sites' elements id. And I was trying to find an extension's url, I missed it simply adds its resource url on my context html, it was my fault :(
I just published the source for "Save Our Planet", a hard XSS challenge from
@hack_lu
CTF 2019! I won't do a whole writeup for this one, but my reference exploit is highly commented, so I hope that is enough. If you have questions, DM me!
#CTF
#Hack_lu
Theori는 Web3 보안을 위해 무엇을 하고 있을까요?
#블록체인 데이터를 살피고 위험 관리를 하며 Web3 세상을 안전하게 만드는 팀입니다.
#Web3
세상을 밝게 비추는
@chainlight_io
팀 juno, mika, qwaz의 이야기,
지금 확인해 보세요!
#티오리 #인터뷰 #체인라이트