
Dexaran
1.2K posts

Dexaran
@Dexaran
#Pseudonymous smartcontract developer & security engineer Founder of https://t.co/gggSQaclP3, EthereumCommonwealth & https://t.co/meZKAfcdwG Author of #ERC223






What's b20? Anyone knows?

A user @qklpjeth just lost $25,000,000 because of a #ERC20 security flaw that I discovered and reported in 2017. #issuecomment-296711733" target="_blank" rel="nofollow noopener">github.com/ethereum/EIPs/…
#ERC20 is an insecure standard. It lack transaction handling which makes error handling impossible. #ethereum @ethereum










Last night around 5pm I sat down to do some work. I opened my Rabby wallet to try out Espresso's new cross-chain mint product, Presto, that Rarible had just put live on mainnet. When I opened my wallet, I immediately saw that $30k was missing...






Last night around 5pm I sat down to do some work. I opened my Rabby wallet to try out Espresso's new cross-chain mint product, Presto, that Rarible had just put live on mainnet. When I opened my wallet, I immediately saw that $30k was missing...






this is so f*cking scary - a txn made 9 months ago to transfer just $5 ended up causing a $30K loss. TLDR: → a txn was approved 9 months ago → to interact with the ThirdWeb Universal Bridge → Infinite approval was given (just for a $5 transfer) → a vulnerability in the contract was discovered in April → but the contract remained active onchain, including the blog referencing the affected contract address → vulnerability allowed anyone to drain funds from users with infinite approval → the hacker waited 9 months for the user to deposit a substantial amount → And boom - $30K gone in a single txn → funds were sent to Railgun, so can’t be traced → thirdWeb permanently disabled the legacy affected contract after the hack was disclosed → the blog referencing the affected (now-disabled) contract address is still live I don’t even know whom to blame here. It’s honestly a shame that after all these years of building, crypto users still have to deal with stuff like this and this user is literally one of the smartest people in the industry.





