W.Max

42 posts

W.Max

@_William_Max

Solidity developer for #Defi. Auditor @code4rena.

Etherum Katılım Kasım 2022

151 Takip Edilen17 Takipçiler

W.Max@_William_Max·13 Mar

@ScopeProtocol @eulerfinance @AngleProtocol how about balancer bb-euler-usd? 18m liquidity, of which 8m is cash, will this be the only exit channel for euler users. @templedao must be in a hurry

English

589

0xScope@ScopeProtocol·13 Mar

Affected by the @eulerfinance hack incident, some projects and individuals have also been implicated. @AngleProtocol: 0xf5ad02f3dbbf4b42dee1f1255607f929ca2a7c5a This is a USDC generic optimized lender strategy contract, with currently 17.6M $USDC still trapped in #Euler.

English

49.4K

W.Max@_William_Max·13 Mar

Oh, no

PeckShield Inc.@peckshield

Hi @eulerfinance: you may want to take a look: etherscan.io/tx/0xc310a0aff…

English

132

W.Max@_William_Max·11 Mar

Godd, but wen? If released today, I wont be astonished $ERN will reach $1b TVL Lol.

Ethos Reserve@EthosReserve

It's times like this... $ERN

English

109

W.Max@_William_Max·27 Şub

@nem_veer @immunefi Congrats!

English

253

nemveer@nem_veer·27 Şub

Received my payout for finding another critical bug on @immunefi 😍😎

English

213

23.6K

W.Max@_William_Max·25 Şub

@dev_chinmayf It is a technique to interact with the liquidity pair contract directly to swap instead of using the router. in this way, you can get the output token first and then transfer the input token. It is just like flash loan, thays why we call it flashswap

English

Chinmay Farkya@dev_chinmayf·25 Şub

@_William_Max what is that?

English

Chinmay Farkya@dev_chinmayf·24 Şub

An important tip while working with Uniswap V2 Router If your contract calls any of the swap functions,it leads to a transfer of tokens using safeTransferfrom the router needs to be approved for spending the caller's tokens before this swap call, otherwise it would revert

English

1.3K

W.Max@_William_Max·19 Şub

$oath = great dev + great project + greate audit

Code4rena@code4rena

Keen to dig into asset management accounting, or maybe issuance and redemption logic? 🔎 Get amongst all of the above (and more!) in @EthosReserve's audit, with $144,750 USDC in the reward pool for Wardens who can find vulns. Start hunting now: rebrand.ly/C4-ethos-reser…

English

620

W.Max retweetledi

Dinduz@CryptoDinduz·17 Şub

What is $fUSD and why its development is crucial for $FTM in a Thread! 5 Minutes Reading:👇

English

401

53.4K

W.Max@_William_Max·17 Şub

@SlowMist_Team Oh... seems big trouble. No wonder he did not move fund into tornado cash.

English

838

SlowMist@SlowMist_Team·17 Şub

7/ It is worth mentioning that after decompiling the attack contract, we found that the attacker did not implement the withdrawal function in the contract, so that the profit from the attack could not be extracted and was locked in the attack contract.

English

16.8K

SlowMist@SlowMist_Team·17 Şub

On February 17, @Platypusdefi, a stablecoin exchange platform on the Avalanche chain was attacked, and the attacker made a profit of approximately $8.5 million. Here is a brief report👇

English

81.5K

W.Max@_William_Max·16 Şub

@immunefi Maybe the paper here helps with hash collision: link.springer.com/chapter/10.100…, and the blog here is the create2 issue: medium.com/consensys-dili…

English

W.Max@_William_Max·16 Şub

@immunefi 1. there must a checker to check if it is a zero-address after create2. 2. If I find a hash collision, I can deploy again by passing 2 different testPool addresses with same hash value to re deploy the contract deployed by create2. This will influence the exsisting contracts.

English

259

Immunefi@immunefi·16 Şub

Our newest #spotthebugchallenge is live. But this time, whoever has a mix of the best and fastest answer will receive a brand-new Immunefi Swag Pack. We'll tag the winner of the contest once we select the answer:)

English

20.8K

W.Max@_William_Max·16 Şub

@immunefi Also the poolAddr can be zero address without check (if revert)

English

W.Max@_William_Max·16 Şub

@immunefi Hey, create2 is not safe in use because the deployer can call SELFDESTRUCT and deploy again the pool to replace the former pool with another but malicious contract to steal fund.

English

229

W.Max@_William_Max·11 Şub

@SolidlyDEX @MonolithETH_ I used to discuss with @VelodromeFi about making a solidsex like project for them. But looking this, the veNFT shouldn't be released with any liquid token. However, still believe in solidly and you can solve it and become more solid!

English

1.3K

Solidly Labs@SolidlyLabs·11 Şub

1/2 We are cutting all ties with @MonolithETH_ immediately. They have breached contractual agreements and community trust ❌ Needless to say, we are deeply disappointed in their conduct and condemn their theft of ecosystem incentive funds we gave them to grow. Details 👇

English

19.6K

W.Max@_William_Max·11 Şub

@dedaub I thought these should be eliminated by processes like dead code elimination... No wonder deplying some contracts with inheriting many standard contracts costs toooo much gas.

English

271

Dedaub@dedaub·10 Şub

Heads up: the Dedaub team has discovered a Solidity compiler bug impacting a *large* number of smart contracts. The bug results in up to 90% of the deployed bytecode being "dead code", significantly increasing gas costs when deploying and operating smart contracts. 🧵 👇

English

330

126.6K

W.Max@_William_Max·11 Şub

@GalloDaSballo Oh this reminds me auditing codes filled with `.call`, `.delegatecall`, `.transfer`, `.balance`...

English

Alex the Entreprenerd@GalloDaSballo·10 Şub

Trigger your auditor with this one trick

English

11K

W.Max@_William_Max·10 Şub

why again... market was attacked last year in April, Midas(Jarvis Network) last month. Now @dForcenet . I have tweet about Madis attack before.

dForce@dForcenet

wstETH/ETH Curve gauge vaults on Arbitrum & Optimism were exploited a few hours ago, and we immediately paused the dForce Vaults - other parts of the protocol remain intact and user funds are SAFE with dForce Lending. We will come back with a detailed report and remedies soon.

English

W.Max retweetledi

sudo rm -rf --no-preserve-root /@pcaversaccio·9 Şub

Wait, we're seriously discussing removing `payable` modifier for solc `0.9.0`? Is this really worth the 24 gas savings? github.com/ethereum/solid…

English

14.6K

W.Max@_William_Max·10 Şub

@bytes032 language of course solidity. I do love using ganache + remix if I am developing some small projects. Its sooo convenient and just write test contracts in solidity. for complex ones, I prefer hardhat. and for self audting, just use slither.

English

232

@bytes032.xyz@bytes032·9 Şub

EVM devs, what does your go-to “tech stack” look like? Favorite solidity libraries, frameworks, tooling (cli and web-based), service providers, etc.

English

192

63.1K

W.Max@_William_Max·10 Şub

@immunefi @PwningEth best honor for a whitehat. I wish to have one some day. Its awesome

English

262

Immunefi@immunefi·9 Şub

Big news today... @PwningEth just received his THIRD Whitehat Hall of Fame card for his crit report in Moonbeam / Astar / Acala, which saved $200m in funds and earned him a $1m payout. He can't keep getting away with it... Read more here: medium.com/immunefi/pwnin…

English

123

39.7K

Keşfet

@ScopeProtocol @eulerfinance @AngleProtocol @templedao @nem_veer @immunefi @dev_chinmayf @SlowMist_Team