Robert Chen
453 posts
@NotDeGhost
founder @osec_io | web/pwn with @redpwnctf + @dicegangctf | prev @dfsec_com
Dialed in! Nikolaos Mourousias (@deltaclock), Caue Obici (@caueobici) & Bruno Halltari (@BrunoModificato) of OtterSec used a Code Injection bug to exploit LM Studio in the second round, earning $20,000 and 4 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
Anchor is moving to a permanent home at otter-sec/anchor as we take over its stewardship. Solana's ecosystem has been core to our work for years. Anchor has always been security-forward, and we're committed to keeping it that way for the developers who build on it.
I will find you and formally verify you try qedgen.dev today
T-15 hours until p-token in live on mainnet.
got bored last week during accelerate while y'all were at e11even, so I worked on a limited-lookback (1 month) historical account state service: getTransactionFixture(signature) -> TransactionFixture which returns everything you need (pre/post accounts, feature set, sysvars, txn status, rpc client version/hash, etc) to re-execute the transaction. very helpful for debugging and trying out changes. i think main use cases are something along the lines of: 1. how would this trade have gone (as a maker or a taker) if program commit B was deployed instead of A? 2. how many cus would this txn have used if some other commit was live? 3. what was the pre/post execution state of some account? why was some special branch hit? in fact, 2. is exactly what i show in Figure 1 to compare p-token vs current tokenkeg. I took a random swap that went through zerofi and goonfi with my nifty client... the left shows all results matching (successful replay). the right shows me adding the flag --replace-program=TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA:spl-p-token-1.0.0-rc.1.so, which replaces the current token program with the p-token program. we get a match in status, but a mismatch in CUs (and logs... p-token does not log "Instruction: Transfer"!). we will be using this internally (it has already come in handy bigly twice), but we also want to try to offer this to external users. if there's enough interest we may do a pilot. dm me if you want to try it.
Today we're launching Crucible, a coverage-guided fuzzing framework for Solana programs. Built for Anchor, with v2 support from day one. Just one example of what Crucible can find: a years-old bug in Solana's stake program, surfaced in seconds ↓
It is happening! Week 4 is finally live. Join the Super League of Solana hackers, find vulnerabilities in the FrankSol protocol built with Anchor V2, and earn real money. 1st place: $500 2nd place: $300 3rd place: $200 Like and repost as a sign of participation — let's go!
Remember the security firm that Ubuntu hired to audit the (ill-advised, highly buggy) Rust-rewrites of all of the GNU Coreutils? Turns out that security firm is run by @gf_256, who: - Appears to be a man who thinks he's a woman ("trans"). - Uses an anime cartoon of a girl as his avatar. - Appears to have an OnlyFans page. I repeat: Ubuntu hired a "Trans" man, with an anime girl avatar and an OnlyFans page... to audit Rust code. It's hard to get more on-the-nose than that.
