flashfish

185 posts

flashfish

@flashfish0x

⚡️🐠

Katılım Ağustos 2021

237 Takip Edilen4.9K Takipçiler

flashfish retweetledi

Sen Yang@syang2ng·21 Nis

Many sophisticated MEV bot contracts use control flow obfuscation techniques to protect their logic. However, this also causes existing tools to struggle with analyzing obfuscated smart contracts, leaving critical vulnerabilities hidden. Excited to share our solution: SKANF (1/n)

0xprincess@0x9212ce55

One of the top arbitrage bots was drained yesterday with a total loss of 22 Eth by a token called Destroyer Inu. Attacker even made his contract open source on etherscan lol. Not a huge event but didn't see any attacks on MEV bots for quite a long time.

English

196

35.9K

flashfish@flashfish0x·21 Ağu

Interesting challenge. Even if you’re not looking for a job it’s useful for anyone wanting to improve their improve their on chain skills.

Igor Igamberdiev@FrankResearcher

1/6 Today, we’re launching The Alpha Challenge, a two-week experiment for the crypto community to test their on-chain analysis skills and for Wintermute to hire top talent We've also collaborated with six companies to provide exciting awards for those who will not be hired👇

English

743

flashfish@flashfish0x·16 Ağu

To expand. Medium liquidity on the curve pool is a feature not a flaw. It is easier to maintain peg (cheap to incentivise, smaller swaps to repair) and stops large single swap dumps (due to exponential price curve). While allowing reasonable trades to happen with no price impact

English

687

flashfish@flashfish0x·16 Ağu

Worth saying that historically cvxCRV has had a worse peg than ycrv. Yes ycrv has less liquidity, but in reality a dca exit strategy of 3m exiting ycrv would probably net a better result that cvxCRV. I liked the rest of your thread though

wishful_cynic@EvgenyGaevoy

2.5 a really obvious one is convex (and we going to deploy at least half of our CRV there today actually). It’s good yield, battle tested and, very importantly - you can exit from cvxCRV with relatively low slippage fairly quickly - 1% slippage on 3 mil if you are desperate

English

8.5K

flashfish@flashfish0x·7 May

@LefterisJP The relay is a trusted intermediary. The relay ‘should’ give you the best block proposed by all builders. And even more importantly ‘should’ be checking the builder is behaving, because if they make you sign an invalid block you’ll be slashed. So yeh, lots of trust in the relay

English

102

Lefteris Karapetsas@LefterisJP·7 May

@flashfish0x And as usual you gotta trust the relay/builder that the block would indeed be better than they building it themselves? The gas fees, especially now play a role I guess. As far as I know clients do not take that into account in the comparison, right? And builders just deduct it.

English

184

Lefteris Karapetsas@LefterisJP·7 May

Need help from people who understand how MEV block rewards are calculated. Analyzing explore.flashbots.net there is multiple blocks for which: 1. Block reward goes to the builder 2. MEV tx is less than the reward (sometimes reward - gas fees) Why do proposers accept this?

English

9.9K

flashfish@flashfish0x·7 May

@LefterisJP Remember the proposer doesn’t see the contents of the block the builder proposes. They only get it once they’ve signed the header. As a side note it can sometimes be a worse deal for the proposer than building themselves because of the burnt gas costs of the mev payment tx

English

218

flashfish@flashfish0x·7 May

@LefterisJP That’s one way builders make money. Provide a superior block where they keep part of the fees and still provide more to the proposer than they would get otherwise. Easiest example of how is private transactions. The proposer wouldn’t see those txs if they built themselves

English

437

flashfish@flashfish0x·14 Nis

@pashov @iearnfinance Deployment is a really dangerous step. So easy to make a mistake and the dance you have to play to get things verified on etherscan makes it really easy to mess up. Also easy to hide something malicious in the constructor.

English

308

pashov@pashov·14 Nis

Yesterday's $11M @iearnfinance hack got me thinking - the wrong USDC address was hardcoded, but what if the wrong address was just passed as a constructor argument? I think deployment script security reviews should become a thing. Haven't heard of many protocols doing those

English

196

16.6K

flashfish@flashfish0x·3 Nis

Looks like it was possible because of a bug with mevboost relay. It didn’t verify the validator signed the head correctly before revealing the internal block. So no double signing slashing and no risk of reorg

samczsun@samczsun

Block 16964664: A user managed to drain five MEV bots by exploiting a bug in mev-boost-relay. Here's the block: etherscan.io/block/16964664 Here's the user: etherscan.io/address/0x3c98… Here's the patch: github.com/flashbots/mev-… Here's the longer explanation:

English

1.4K

flashfish@flashfish0x·3 Nis

This is normally safe as there are slashing penalties if the validator validates a block with a different head. Due to having now signed two heads. But what happens if it is worth paying the slashing cost for the opportunity to exploit the block? Maybe that’s what happened here

English

6.5K

flashfish@flashfish0x·3 Nis

My guess at how this was done. Sandwichers submit their bundle to flashbots (or another builder) who build it into a block and send that block to a trusted relay. The relay sends the block head to the validator for signing. Only after signing does the validator see inside

punk3155@punk3155

Dusk for sandwich bots? A few top mev bots were targetted in block etherscan.io/txs?block=1696… @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb

English

5.9K

flashfish retweetledi

samczsun@samczsun·3 Nis

English

478

1.6K

883.1K

flashfish@flashfish0x·3 Nis

@junorouse @punk3155 @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb maybe because that transaction includes has a very high priority fee so some extra free money for attacker

English

Juno@junorouse·3 Nis

@flashfish0x @punk3155 @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb I don't think an attacker was doing a double singing stuff. If that's the way to exploit, why the attacker added the second tx of sandwich attack. (i mean the reverted one)

English

punk3155@punk3155·3 Nis

Dusk for sandwich bots? A few top mev bots were targetted in block etherscan.io/txs?block=1696… @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb

English

152

568

737.6K

flashfish@flashfish0x·3 Nis

@punk3155 @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb So validator can sign the head of the flashbots bundle to see it’s internals. If potential profit > slashing penalty then 💵. Any risk of being reorged if you do this?

English

901

flashfish@flashfish0x·3 Nis

@punk3155 @peckshield @BlockSecTeam @bertcmiller @samczsun @bbbb How do you think it was done? Know when your validator is going to be chosen. Do an easily sandwichable trade and wait for flashbots builder blocks to roll in. But then what? Sign it and then validate a different block and take the slashing?

English

7.8K

flashfish@flashfish0x·26 Mar

@ObadiaAlex Pretty sure we have. There have been some very strange sized blocks and it’s definitely worth it if you have a bunch of high gas usage transactions you want to get done

English

305

alex@ObadiaAlex·25 Mar

why haven’t we seen 1559 manipulation attacks yet?

English

6.8K

flashfish@flashfish0x·13 Mar

Really feeling for Euler and the team at the moment. A project doing some real innovation. Sometimes I hate this space.

English

5.7K

flashfish@flashfish0x·9 Mar

@zachxbt Sending love. You've been a huge positive force we all owe you a lot. Look after yourself

English

233

ZachXBT@zachxbt·8 Mar

I sincerely meant this and as a result will be officially ending community requests for research moving forward. It has been a nice ride the past 22+ months and I’ve been more than generous with my time. Some of you forget I am a volunteer.

ZachXBT@zachxbt

It’s getting very tiresome of people demanding I spend hours of my time helping them out. I have a never ending list of requests. In the past I’ve not charged for my time and only have accepted donations but in the future this potentially may change if it continues.

English

731

245

5.7K

flashfish@flashfish0x·23 Şub

@storming0x Thanks for the shoutout, but big props to @murderteeth who’s been the main contributor working on it recently

English

220

stormblessed🌩️ 💡 🗃️@storming0x·23 Şub

1/ New alternate tool for tracking vaults built by @flashfish0x seafood.yearn.watch yearn.watch was built to analyze and get insights into vaults and strategies in the yearn protocol. Seafood, in the OSS spirit its a similar tool with some additional goodies

English

4.9K

flashfish retweetledi

Daniel Von Fange@danielvf·17 Şub

In a dazzling reverse hack, a substantial chunk of the Playtpus hack stolen funds have been recovered. Here's how it worked: (1/4)

English

311

1.4K

439.6K

Keşfet

@LefterisJP @pashov @iearnfinance @junorouse @punk3155 @peckshield @BlockSecTeam @bertcmiller