WATCHPUG
53 posts
WATCHPUG
@WatchPug_
WATCHPUG is a security team that offers in-depth auditing for Solidity smart contracts.
EVM Katılım Mayıs 2021
205 Takip Edilen2.2K Takipçiler
1) Create a $2 million audit content on @code4rena with one bug in the code
2) Report the bug with your alt account
3) Only accept your alt report as valid, mark rest as duplicate
4) Pay your alt the full bounty
5) Your alt becomes the top in the leaderboard
6) Profit??????
English
@WatchPug_ @0xFrame a forward ens record (name → address) is not sufficient to implement this. you can only set a reverse record (address → name) from the address itself. so the contract must have this functionality, which most contracts obviously lack.
English
Hey @0xFrame, maybe it's time to show more digits by default
alexintosh@Alexintosh
What is this unverified contract ? 0xF403a2c10B0B9feF8f0d4F931df5d86aD187AE31 @ConvexFinance website is asking for approval for that but the correct one is 0xF403C135812408BFbE8713b5A23a04b3D48AAE31 4 Starting/Ending Characters are the same. DNS spoofing?
English
a frontend hijacking attack on Convex
this is exactly why the wallet should display a human-readable ENS name for the smart contract address they are interacting with;
and the reason I added this feature to @TallyCash 3 months ago: github.com/tallycash/exte…
Convex Finance@ConvexFinance
Please review approvals while we evaluate a potential front end issue.
English
0xWho is an open-sourced Chrome extension: github.com/jack-the-pug/0…
WATCHPUG@WatchPug_
i know it can be hard to wrap your head around the txs, I use 0xWho to label the addresses:
English
WATCHPUG retweetledi
This happened in etherscan.io/tx/0x958236266…: the problem was them rolling a vulnerable LP token price oracle (sers, we have the correct one also!).
Conclusion: if ever in the future you feel like rolling your price oracle for our pools - ask us to check please
Inverse@InverseFinance
Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.
English
.@InverseFinance now believes the crv3c is worth much more than it's actual value, so the attacker can borrow out 10m DOLA with only $4.7m worth of collateral.
that's ~$5m of bad debt to the protocol.
English
currently building a chrome ext which will show you a tooltip with a human readable name (from your address book) whenever you select an address.
it supports ENS reverse resolution; tells if it's a contract or EOA, + the ether balance.
this chrome ext is gonna be called: 0xWho?
English
WATCHPUG retweetledi
We are honored to introduce the new ReportingDAO member, .@WatchPug_, a team of web3 security professionals!
In combination with WATHPUG, InsureDAO will be able to elevate security, privacy, and usability even more!!
link.medium.com/VpyPPrsUBnb
#InsureDAO #DeFi
English
@WatchPug_ i have been warned of a vulnerability that affects multiple protocols on Fantom please PM me.
English
Here is my submission to the @gelatonetwork Vernissage:
forum.gelato.network/t/gelatos-art-…
English
⚠️ Oct 20, 9 AM UTC, an attacker exploited PancakeHunny and stole 2.3M
The root cause: inappropriate usage of a low liquidity pool makes it vulnerable to price manipulation to create artificial profits
Read more: watchpug.medium.com/pancakehunny-f…
English