Prodigal

Introducing Codex: The most accurate and reliable API for blockchain data. Codex delivers real-time, enriched blockchain data for 4.5 million+ tokens & 1 billion NFTs on 57 networks data API. Visit codex.io and get started in 5 minutes, for free.

@definedfi Introducing @trycodex: The most accurate & reliable API for blockchain data. Codex delivers real-time, enriched blockchain data for over 4.5 million tokens and 1 billion NFTs on 57 networks. It already powers a lot of the products you are using every day.

The @SSS_HQ $SSS LP was just drained on blast because their token contract has a bug where transferring your entire balance to yourself doubles it. The order of operations decrements the balance for "from" and then sets the balance for "to" - if these are the same address, the "toBalance" does not take into affect the decrement of "amount" and just overwrites the balance with the initial balance + transferred amount. Attacker was able to get 1310 ETH from the LP by doubling their balance repeatedly and then selling it all blastscan.io/tx/0x80012bf78… blastscan.io/tx/0x62e6b906b… blastscan.io/tx/0xac3400e3d…

Thrilled to be part of the journey with @FjordFoundry as they pave the way towards developing fairer and more transparent price discovery mechanisms for early-stage projects.

Several rugpull attempts are mimicking @Furnace404's upcoming launch. If you read their website source code using Inspect Element, you can see they are using a font called "Highschool Runes". With this information, you can now decode their landing page and come to the conclusion that the countdown goes until the 21st, so anything launching before that is likely a scam.

@_0xShunya @minerercx I'm a Solidity dev, not directly connected to the team, just tried to help them figure out the situation. Please refer to the project account for official updates.

@ProdigalWiz @minerercx Such a lame write up, seems fake.

1/ Yesterday, @minerercx's ERC-X token contract was exploited, resulting in a loss of 156 ETH due to a double-accounting error in its internal transfer function, which allowed an attacker to duplicate their own balance by sending tokens to themselves. pic.twitter.com/j5JsaXsUEp

4/ The team also reached out for my assistance to diagnose and rectify the issue, and further bolstering their commitment to security, they've partnered with a professional auditing firm for a thorough review of their novel ERC-X token standard. All their updates are now transparently documented in their GitHub repository (github.com/Miner-Labs/ERC…), signaling a well-prepared relaunch in the days ahead.

3/ In response to the attack, the @minerercx team quickly intervened, safeguarding a significant portion of the liquidity pool. This crucial action not only halted the exploit's advancement, but will also now enable now enable them to restart the project.

Thanks to @threesigmaxyz for completing a security audit of our ONFT smart contracts. A detailed audit report can be found in the announcement below.

Our trading terminal is now live! This is the biggest and best feature we've ever released on Defined and we could not be more excited with how it turned out. This video speaks for itself but lets dive in to everything we've added today... 🧵

With the increasing popularity of ERC404 token contracts, we're seeing a rise in opportunistic rug pulls. Be extra vigilant for functions like `emergencyWithdrawNFT` hidden within contract code. These can allow the owner to mint infinite tokens in a discreet manner. As the saying goes, protect yourself at all times.

⚠️ 5/ Drainers: Often, these don't ask for a signature but trick you into calling a `claim()` function on a dubious smart contract, sending your entire ETH balance with that call. Genuine token claims rarely need you to send ETH, so please exercise caution and stay vigilant.

⚠️ 4/ Signing Hex Strings: Rare yet risky, these date back to the early days of platforms like @EtherDelta . Starting with "0x...", they are not standard text, and can interact with your assets in unpredictable ways. MetaMask flags them with a warning message for a good reason.

🪂 1/ It's airdrop season, a period when many of us interact with websites to claim tokens, which usually requires signing a message on your web3 wallet such as @MetaMask . But how safe is it? Let's dive into the world of web3 signatures, uncover the risks, and learn how to spot the safe ones.

@0xSleuth_ @crypto_bitlord7 No, the function above permanently excludes the provided address from fees, so it doesn't matter if they receive tokens or not afterwards.

@ProdigalWiz @crypto_bitlord7 i mean, he can just send 1 token to those wallets again tho?

This is due to how the `transfer` function was implemented (#code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x2428…), where addresses that receive tokens sent by a participant in the angel/private sale, are automatically marked as angel/private sale buyers as well.