Juno | ChainLight
@junorouse
Followers
1,967
Following
859
Media
213
Statuses
1,209
@chainlight_io intern, team lead. Building an essential risk management platform for Web3.
Seoul
Joined April 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Venezuela
• 2760477 Tweets
Nicolás Maduro
• 1357389 Tweets
Edmundo
• 1272332 Tweets
María Corina
• 614839 Tweets
El CNE
• 537878 Tweets
#HouseOfTheDragon
• 324830 Tweets
Chávez
• 308016 Tweets
Gala
• 281948 Tweets
Ganó Maduro
• 211306 Tweets
Robo
• 191531 Tweets
#LaCasaDeLosFamososMx
• 135801 Tweets
Rhaenyra
• 128250 Tweets
Miraflores
• 110133 Tweets
Diosdado
• 98538 Tweets
Maldito
• 88263 Tweets
Golpe de Estado
• 87256 Tweets
Vermithor
• 80762 Tweets
Boric
• 80383 Tweets
#HOTD
• 70931 Tweets
#FueraMaduro
• 60448 Tweets
Latinoamérica
• 59930 Tweets
Daemon
• 57334 Tweets
Venezolanos
• 42950 Tweets
Aemond
• 40260 Tweets
Pinochet
• 38314 Tweets
Paola
• 37587 Tweets
Vhagar
• 33238 Tweets
Cállate
• 26525 Tweets
Jace
• 25517 Tweets
Capriles
• 20064 Tweets
サザエさん
• 17247 Tweets
一粒万倍日
• 16249 Tweets
Honduras
• 15317 Tweets
山田くん
• 14222 Tweets
山本圭子さん
• 14219 Tweets
KerjaHARMONIS KerjaSELARAS
• 14049 Tweets
花沢さん
• 12590 Tweets
ちびまる子ちゃん
• 12571 Tweets
Pinned Tweet
gg
This effectively makes # of unsolved challenges to be 0 for The Duck :) It was a fun weekend activity that allowed Theori researchers to show off their deep knowledge and strong skills in Web3 security.
Thanks to
@paradigm_ctf
for hosting the CTF!
8
8
121
1
1
11
I summarized the entire exploit step.
Exploit steps:
1. Attacker repaid entire loan from aUSDT to set the borrowRate to 0.
2. Attacker minted yUSDT
3. Attacker minted iUSDC
4. Attacker sent iUSDC to yUSDT
5. yUSDT miscalculated its pool ratio (calcPoolValueInToken)
a. ROOT
It seems like the iearn USDT token (yUSDT) has been broken since deploy, which was *checks notes* over 1000 days ago. It was misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.
40
87
484
3
13
63
Angry defender from Confidence 2020 CTF Write Up: also unintended solution of two rust sandbox challs in the same directory.
@t0nk42
thanks for good slide and research, it was very helpful. :D
3
17
64
콰선생님이 공유해주신 구글 코드 리뷰 가이드
CL 작성자 + 리뷰어 모두 가져야할 기본 소양을 알려준다.
교양 과목으로 추가해야하는게 아닐지...
1
33
60
It was hard to save it 😵💫 ggwp
It’s time to get back to work
GM Saudi 🇸🇦
I’m here to save our private 🦆mallard
BRB devconnect on Friday.
1
0
18
1
1
48
GITHUB STAR 이벤트로 핫한 SKT의! metatron을 간단하게 강우원 과 스피드런 느낌으로 Security Audit을 진행해보았습니다. 몇가지의 크리티컬한 버그들이 발견되었고 해당 내용들을 정리했습니다 ㅋㅋ 재밌게 읽어주시면 감사하겠습니다!~!~
1
47
45
Let’s go folks
1
0
15
2
0
44
Visualize CVE-2021-39137 (high severity EVM bug) with mspaint.exe
1
10
38
Last weekend, me and
@jinmo123
took 4th place in the mev-share CTF with
@chainlight_io
.
It was fun, and I think the CTF material could be a good resource for Mevshare beginners.
There's a lot of great writing about each challenge, so I've prepared a few key takeaways 🧵
New MEV-Share CTF leaderboard is up!
Had a bit of fun coding this up last minute. Pure html/css/js 🤓 (as if anyone cares lol).
Shoutout to
@deadpine_xyz
for designing it! This my amateur implementation of her (even better-looking) design.
3
3
47
1
1
38
Disable Javascript by default: Really simple/efficient thing that prevents the exploit and the phishing.
- 99.999%of web browser exploits use Javascript.
- Can notice the phishing page, since I wouldn't have allowed.
🫡🚀🦀
6
3
35
😭My server has been hacked after zer0pts CTF 😭, the story about realworld incident response/investigation (only in korean sry)
0
0
34
Thinking about doing a 12(-24)-hour recording for next CTF
2
1
33
Our 🏋️♂️🏋️♂️🏋️♂️
We are excited to announce that we are releasing our 150-page internal research to the public. This report includes:
→ 112 hacks' scale, root cause, and underlying chain analysis
→ Correlation between security audits and hacks.
→ Post-incident responses from the team
→
46
61
222
2
0
30
We,
@theori_io
are making the crypto world safer!
New postmortem!
Whitehat
@junorouse
found a critical bug in
@PancakeSwap
's lottery contract, which also affected
@PantherSwap
,
@ape_swap
, and
@KnightsBsc
.
PancakeSwap paid out a big $70,000 bug bounty.
Immunefi led the disclosure process. Funds safu.
0
15
77
2
3
29
My friend, and legendary hacker
@tjbecker_x
has given up trying to recover his own
@x
account, created a new one. Follow him to learn cutting-edge hacking skills (ZK, Advanced Ethereum Knowledges, Browser pwn, etc.)
5
5
29
We made Web3 challenges which need Web2 exploit techniques. Have fun. 🚀
1
0
30
Working remotely in 🇨🇦🍁
Ping me if you are near Vancouver area next week
3
0
30
defcon 2019 prequal exploit code for solved challenges :D
0
4
29
I uploaded the source code of our DEFCON 27 CTF exploit framework! Enjoy it.
cc.
#SeoulPlusBadass
,
@aka_saika
-- I made the front page a day before the CTF, please understand dirty codes ㅠ_ㅠ
1
8
28
Heh ZKSync bugbounty writeup was one of the big things I said
Saving $1.9B.
On September 15th, we discovered and reported a critical bug in
@zkSync
Era's ZK-Circuits that could have drained all the tokens passing through the bridge.
This bug allows a malicious prover to produce "proofs" for invalidly executed blocks, which the verifier
23
58
314
2
0
27
We are running our cutting-edge skill CTF with
@POC_Crew
.
You can get a "FREE" POC 2021 TICKET as a prize!
The challenges are based on "Real-World" vulns in the automobility systems, home IOT, Apache CVE-2021-41773, Intel AVX instruction sets, and so on. Enjoy!
🚩POC Cutting Edge CTF 현재 랭킹입니다.
CTF는 11월 6일까지 계속되니까요~ 참여하시는 #드림핵 유저님 모두 파이팅입니다👊
#POC2021
#CuttingEdge
#CTF
참여하기
➡
0
3
9
1
2
26
Head to
@TheTrustX
for some
@ChainLight_io
merch 👕 drop
Ping me if you wanna chat w me
Thanks
@bytes032
for the ticket 🤩😎
3
0
27
This is slide for Ethereum (geth) bug that my team found a few months ago. (only Korea, sry) -- simple bug & simple exploit --> dont need to explain more :D enojoy
0
8
23
(1/6) AWS has fixed the Critical MFA bypass on CLI AK/SK authentication.
Let's find out what the problem was 👉
1
3
23
[TMI] The Duck이 무슨 뜻인가 하면은,,, THEORI를 [:3] [3:] 하면 THE ORI잖아요? 그래서 The Duck인 것입니다. (웃음)
1
1
22
Chrome 76에 도입된 Same-Site-Cookie에 대한 글을 써봤습니다. 웹 개발하시는 분들에게 도움이 되면 좋겠습니다아~!
0
4
21
WE WERE ABLE TO BREAK THE ENTIRE 💎 TON NETWORK, AND WERE ONLY OFFERED "$5k" AS BOUNTY 🤯
Read our sad story ➡️
🚨 ChainLight Patch Thursday, the first week of July!
The content we introduce in this Patch Thursday is "Identifying Vulnerabilities in
#TON
: Killing All Nodes"!
✨ ChainLight has uncovered a Denial-of-Service (DoS) vulnerability in the TON network’s node that can lead to the
0
5
23
2
3
22
GM 🇹🇷
Join us at
@Hyperlane_xyz
's Modular Day tomorrow!
Our lead,
@junorouse
, will be on the Security panel with EigenLayer's
@0xkydo
, Movement's
@rushimanche
, and ETHGlobal's
@jacobwillemsma
We've prepared some limited-edition merch for our followers. FCFS.
1
2
14
0
0
21
We,
@chainlight_io
,
@tjbecker_
solved it in 2 ways.
Part 1: Reuse the signature from the previous transaction. (
@shunduquar
also mentioned)
Part 2: hash=0, r=P.x, s=P.x
Part 3: “Faketoshi Signature” from
@shunduquar
Here is the first writeup for Part 1 and Part 2 the Alpha Goat NFT CTF by auditing firm
@kebabsec
Moral of the story:
this is unsafe:
signer == bytes32(data).recover(signature);
this is safe:
signer == data.toEthSignedMessageHash().recover(signature);
1
3
30
1
4
19
Our team at
@theori_io
got 10k points from the Ethereum bug bounty program - approx. $10k in USD!
-- We will write the details as soon as possible under responsible disclosure.
0
3
21
as solving super guessing challenges i was like being Sherlock holmes.
2
0
19
Nice weather/ Talk/Food/AV all the things are amazing in
@summit_defi
Committee's response time in food is super fast 😋
I hope I can share my experience in web3 security next year!!
0
2
18
Nu1L 2019 CTF WriteUp by GSRM. enjoyyyy
1
5
18
최근 발생했던 정부 주도 공격 이슈를 드림핵 포럼에 작성해보았습니다. 뉴스레터식으로 2주에 한번 씩 보안 소식을 다루니 참고하시면 매우 좋습니다 ㅎㅎ!
0
3
17
GM Saudi 🇸🇦
I’m here to save our private 🦆mallard
BRB devconnect on Friday.
1
0
18
💪 work 24 hours a day 🏃♀️
🫡 eat pwn sleep repeat ‼️
2
0
17
gg
This may be our hardest challenge yet!
We got many questions for our December challenge - but no winner!
You still have a chance to send us a script that retrieves the flag to contact
@ssd
-disclosure.com and win a $100 Amazon gift card!
2
8
66
3
0
17
I made a funny reflected-xss challenge, lets try to solve it!
If you can execute `alert(document.domain);`, just send me a dm plz
3
5
17
오랜만의 똥글 (openssl 0-day 라고 하면 어그로 끌리겠지????)
1
1
16
We received the brand new galaxy fold/flip from SAMSUNG as the 1st prize for SSTF 2020. Thank you all and see you in the next SSTF🐷🐷🐷
0
0
15
See you folks at Modular day!
1
1
17
0
0
15
Usurper's Throne is live on
@BuildOnBase
@ChainLight_io
@osec_io
@zellic_io
The first few puzzles are ETH mainnet.
The next remaining ones will be on
@BuildOnBase
.
1
0
9
0
1
15
추운 겨울, 같이 CPU 핫팩 만들어요 XD
Theori ChainLight 팀에서 Web3 취약점 자동 탐지 정적분석 엔진 개발하실 분 구하고 있습니다. 오셔서 같이 Rust 코딩해요 👉👈
2
15
57
2
8
15
zz gg 수고하셨읍니다 다들, 디코가 신나서 재밌었어요 😋
w/
@5unKn0wn
@bbbig12
@wooeong337
(T코인 보고 SpaceX Rocket으로 만들었습니다 ㅎ)
2
0
14
hacklu ctf doyouevenxss exploit.
@pspaul95
says i solved some stages with unintended solution.. plz wait for official writeup!
1
3
14
🚩 How
@chainlight_io
solved the
@curta_ctf
's
#6
puzzle in a nutshell:
TL;DR: kinda meet-in-the-middle attack
1. brute-force a proper gas limit which meets "0000ABCD", the return value of the first call of gamma fn. (1/65535 opportunity)
2. another brute-force a proper
1
1
14
가만히 있던 perfect blue만 뚜까 맞았네 ㅋㅋㅋ 뒤에 -con 붙으면 N대 해킹 대회 가능 코드콘 CCECON ㄱㄱㄱ~
1
1
13
Happy to work for the public good.
We are thrilled to announce that we have received a commendation plaque from the Minister of Public Administration and Security of South Korea in honor of the 78th Police Day.
We are witnessing an exponential growth in the use of blockchain technology for criminal activities.
5
2
54
0
0
13
[hitb-lockdown-a/d-ctf]
I was playing for team "The Duck". (8th) It was my first online a/d style ctf, and also I only have a few experience on a/d styles. (three times of defcon, ctfzone, hitb singapore and some national ctfs) Because of this we didn't have a good grade. (1/n)
1
0
12
We should advance our internal security 😵💫
In 2023, CertiK audited 22.1% of projects that suffered hacks amounting to $500k or more.
Now, their X account is compromised.
14
22
114
0
0
13
I've sent a bug bounty report to
@PancakeSwap
via
@immunefi
, please have a look. BTW, i have no idea why I was banned from official telegram after submitting a report 🧐🤨
1
0
12
How was Enterprise Blockchain? It is created with
@setuid0x0_
,
@minebuu_
. Sorry for the unintended solution btw. We forgot to change sendMessage's visibility to internal. 😭
If anyone can solve it without using public sendMessage function, DM ME!
We hope you find our write-up helpful and have enjoyed solving the "Suspicious Charity" and "Enterprise Blockchain" challenges authored by us.
Good game,
see you next year🫡
(5/5)
0
0
3
4
0
12
위에는 라인에서 받았고 아래는 오늘까지 인턴 하신 분에게 받았다. 요 며칠 선물 파티인듯. 대충 산 것 같은데 주변에서 이렇게 챙겨주니 몸 둘 바를 모르겠다.. 나도 좀 더 배풀어야지
0
0
12
Today, I lost over $10k while beating with MEV flashbots. I learned a lot, and I agree with Ethereum is a "dark forest". 🙈IMO the best way to learn something is just spending lots of money 💵🤷♂️🌳🤷.
The journey to loosing money gonna be a interesting talk/blog post.
1
1
12
주말에 CTF도 하고 애인님이랑 북-서촌 갔다왔는데ㅔ 날도 좋고 풍경이 아름다워ㅓ서 넘 행복다링 ㅎㅋ 마지막에 키핑 파워에 무너졌지먄 흑흑
1
1
12
Today I recognized the reason I cannot win the lottery, I am spending all luck on solving the CTF challs.
And.. Yes we won. this is rehearsal for defcon prequal with new teammates, it seems not bad. Can we get a black-badge this year? lol
1
0
12
4th place again in 0/Tctf lol. Experience of bluekeep helps me to solve Insecure rdp easier even though there was a SUPER-Guess part. lol gg
1
1
11
New audit report is coming... 🧐
Theori always do our best to protect the crypto world.
Security of your assets is our top priority.
@certik_io
and
@theori_io
are conducting
@BiFi_lending
's BTC lending smart contract security audits.
We’re in the final testing and audit phases of BTC lending, so just hang on a little bit more. We're almost there 💪
8
13
53
0
1
9
zzzzz
0
0
11
WE DO, WE WIN.
DM me if you folks want to know more about us and follow
@chainlight_io
to check out our web3 expertise.
2
0
10
Quite busy days. Heading to Paris for DSS, -1 day. Seee you sooon🚀
0
1
11
gg day1
The final two challenges for tonight have been released! Test your Solana skills with otter-world and otterswap! Remaining challenges will be released tomorrow
1
0
20
0
0
11
I started to spend $1.2k per month for the yellow badge 😵
Show me the 💸
0
0
10
Yep, we did it! I solved DTRI, DevMaster1, bnv, gLotto (with
@RBTree_Pg_
,
@adm1nkyj1
). Almost 16h+ for gLotto :(
0
0
10
DM me if you want to get an audit
Blend (blur's NFT lending platform) has been audited by
@chainlight_io
The audit report is available on the blur docs site
ChainLight is a winner of the 2022
@paradigm
CTF and has many experienced security experts
Check out:
4
3
36
0
4
10
오늘은 드림아카데미 2기 지원 서류를 검토로 하루를 불태웠다.
1기 산출물과 후기와 함께 진행하려고 했던 포스팅을 다른 일들이 계속 겹처서 하지 못해 마음에 계속 걸렸었는데, 많은 분들이 지원해주셔서 🥳 해피했다!!! 인터뷰에서 볼 수 있으면 좋겠당
1
0
10
I found a race-condition uxss bug, but i failed to exploit since the bug needs target sites' elements id. And I was trying to find an extension's url, I missed it simply adds its resource url on my context html, it was my fault :(
2
1
10
INTERVIEW 🔥
Theori는 Web3 보안을 위해 무엇을 하고 있을까요?
#블록체인 데이터를 살피고 위험 관리를 하며 Web3 세상을 안전하게 만드는 팀입니다.
#Web3
세상을 밝게 비추는
@chainlight_io
팀 juno, mika, qwaz의 이야기,
지금 확인해 보세요!
#티오리 #인터뷰 #체인라이트
0
6
19
0
0
10