Parth

874 posts

Parth

Parth

@0xparthdev

Smart Contracts Developer @yieldnestfi. prev @aave @_VaporFi @amazon

Blockchain Katılım Aralık 2020
5K Takip Edilen2.6K Takipçiler
Parth
Parth@0xparthdev·
Is there any detailed articles comparing slippage of Uniswapv2 vs curve V1 and how the dynamics changes based on the reserves in the pool? Any blogs, resources or papers?
English
0
0
0
53
Parth
Parth@0xparthdev·
@jaczkal waiting for it. notifications on
English
1
0
1
209
Kalis
Kalis@jaczkal·
I have a strong feeling that the balancer exploit contract was just a deployed fuzzing harness that got a specific input as a transaction more soon on why
English
3
0
21
2.9K
Parth
Parth@0xparthdev·
too many cases like this. How can we make bug bounty great again?
f4lc0n@al_f4lc0n

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

English
0
0
0
393
Parth
Parth@0xparthdev·
@raychix not specifically for this asset. Agree with you on not listing it at first place. But there can be scenarios where CL feed is not available and you may want to list the asset. Imo, it depends on asset to asset with onchain liquidity, how hard is it to manipulate price etc
English
0
0
0
11
Raychi
Raychi@raychix·
@0xparthdev risk management starts with not listing whatever that is lmao chainlink cant save everything some assets just meant to stay illiquid
English
1
0
1
29
Parth
Parth@0xparthdev·
wondering what would be better way to price this type of collaterals where chainlink feed is not available and there is not enough onchain liquidity for twap pricing. maybe best solution for lending protocols is not to list this collaterals in first place
Weilin (William) Li@hklst4r

x.com/i/article/2033…

English
1
0
1
381
Parth
Parth@0xparthdev·
@hklst4r Thanks for great writeup. I am curious whether liquidators were profitable in liquidating position of attacker by repaying their debt and seizing their collateral and selling in market?
English
0
0
1
321
Parth retweetledi
0xAnmol
0xAnmol@0xAnmol_·
Tried Pashov Skill, EVMBench, and Nimesis by @0xiehnnkta — all show the same bugs already found by Zellic Skills 😪. For now, AI skills are basically static analyzers you can run before an audit. You still need complex thinking for most real bugs.
English
7
5
83
6.9K
Parth
Parth@0xparthdev·
@ethereum devs, have you seen proper usecase of optional access list in transactions? eips.ethereum.org/EIPS/eip-2930 It was proposed long time ago but I am not aware if anyone is using it meaningfully.
English
1
0
2
103
Parth
Parth@0xparthdev·
@Huntoor It is surely illegitimate. The project is not paying for claude code audits. They are scamming the project.
English
0
0
1
162
Hunter
Hunter@Huntoor·
as we are speaking, some auditors are using claude code to perform parallel private audits. wdyt?, is this a productivity boost or illegitimate?
English
8
0
15
2.3K
Parth retweetledi
Pyro
Pyro@0x3b33·
I spent 10 hours writing down every weird vault bug I've found. 9 bugs in total - 5 for building a vault - 4 for integrating with one Most of them sound obvious until you realize your project has them @0x3b/9-common-vault-bugs" target="_blank" rel="nofollow noopener">paragraph.com/@0x3b/9-common…
English
8
14
176
9.3K
Parth
Parth@0xparthdev·
TIP for solidity devs/auditors @a16zcrypto has developed this awesome repo github.com/a16z/erc4626-t… which basically ensures any custom erc4626 vault is compatible with the spec and is correct in terms of rounding direction, round-trip properties, functional correctness etc
English
0
0
2
128
Parth
Parth@0xparthdev·
@0xCharlesWang curious to understand why do you think that it won't be fully solved within 10 years?
English
1
0
0
192
CharlesWang
CharlesWang@0xCharlesWang·
Solving the web3 security problem is the target. With the help of AI and proper usage of tools (what we have now + what else will come in the future), we will get 1 step closer to solving this big problem. However, I doubt that we will ever (at least in the next 10 years) be able to fully solve that problem.
English
6
0
28
1.8K
Parth retweetledi
Antonio Viggiano
Antonio Viggiano@aviggiano·
moonwell vulnerability bad takes - AI bad - our AI caught it good take - you should be doing more fork tests for governance proposals; they can be audited by both internal teams and external providers. Ask your AI to build these as part of your CI
English
0
1
22
1.2K

Keşfet

@jaczkal @ret2basic @raychix @hklst4r @0xiehnnkta @ethereum @Huntoor @a16zcrypto