racing moose

I’m just going to say this — had Mexican soldiers invaded across the USA’s southern border on 10/7/2023 to rape and murder their way across part of Texas, then paraded the corpses of dead, naked American women around like trophies for the Mexican civilian population to spit on, by 10/7/2024, Mexico as an independent country would have ceased to exist — and no one would have said a word in protest. No one tells non-Jewish nations that they must turn the other cheek after acts of war. Only Israel is expected to meekly bury her dead; only Jews are supposed to constantly mourn, but never to retaliate; to accept butchery and brutality and bombings as the price they must pay for mere existence — and it has far less to do with Palestinian lives than it does with the age-old European conviction that Jews only exist so that the rest of society has someone to abuse.

my latest blog post is out! I share a race condition vuln I found in blockchain infra moving $billions/month mavlevin.com/2026/01/18/fla…

@calyptus_web3 Multiple array entries can have the same ticket id, to bypass the max quantity limit. Fun riddle!

Solidity Challenge #522 🕵️‍♂️ FestivalCoin's new smart contract allows fans to buy event tickets in batches. The dev team is proud, but the security auditor is suspicious. Can you spot the flaw? 🤔

The root cause lies in the transient storage collision in the uniswapV3SwapCallback function, which uses slot 1 both for the Uniswap pool address and the minted token amount. The attacker initialized a malicious vault and manipulated the minted amount to exactly equal a predetermined address created by create2. After uniswapV3SwapCallback was called, this contract address was stored into slot 1 of the transient storage, and the check of msg.sender was bypassed. The attacker repeatedly called the uniswapV3SwapCallback function and drained the vault. @leveragesir

Obscure auditing tool day: Pyrometer is a static analysis program that parses solidity code and builds up constraints and relationships between variables as it goes. This allows you to see what possible values variables could hold, or see how data changes code paths.

How ✨I found a critical vulnerability✨ in @zora's ERC20Z contract via a little known Uniswap v3/v4 property When Zora put out this article: zora.co/writings/oncha… outlining their new protocol, I was intrigued and had to learn more From a high level, the system works by allowing creators to sell NFT's where a portion of the revenue from the sale is taken and placed in a Uniswap v3 pool along with an ERC20 wrapped version of the NFT, instantly creating a liquid secondary market. Pretty cool mechanism. I had to dig deeper Reading the contract, I quickly spotted something that set off alarm bells in my head. When minting liquidity, the amount0Min and amount1Min parameters were 0. Looks like a classic sandwich attack vulnerability, was this too good to be true? (spoiler: kinda) I quickly wrote up a (messy) PoC realizing that I was looking at a pretty good payday for the little amount of time I'd spent on this. The PoC worked by frontrunning the liquidity mint to provide a small amount of liquidity to the pool and swap the token price to the maximum price, then backrunning the mint by selling the token into the newly placed liquidity, draining the position of its ETH and dropping the token price to near zero I sent the PoC off to Zora's security team expecting the best, but alas they pointed out a significant flaw in the PoC. I dealt ERC20Z tokens to the contract to provide liquidity so that I could make the frontrun swap, but Zora had designed the system with this in mind, making it impossible for anyone to get the ERC20 token before liquidity was placed Feeling dejected, I played around with the PoC to see if there was any way I could still make the attack possible. What if I try swapping with no liquidity in the pool? I run the updated test. I see green. It worked! It turns out that you can freely manipulate the price of Uniswap v3/v4 pool by swapping zero amounts when there's no liquidity in the way. This was exactly what I needed for the exploit Zora acknowledged that this attack was indeed possible, patching the issue and ultimately awarding me a bounty of 11k USDC To security researchers and smart contract developers: make sure to prevent price manipulation by using safe amount0Min/amount1Min parameters and beware of 0 amount swaps! Shameless plug: this is the third high+ severity confirmed bounty I've reported on a protocol which leverages Uniswap v3, so if you'd like to get coverage on your Uniswap v3/v4 adjacent protocol, my DM's are open! And if you'd like to book me on a team audit with the best of the best, you can book me through @SpearbitDAO

Nice Uni v3 integration issue! I've found a similar one some months ago You can easily alter the price of a v3 pool that has no liquidity, via a swap You can then even add single-sided liquidity to prevent anyone from correcting the price github.com/code-423n4/202…

Multi-Chains Audit Smart Contracts Checklist : github.com/0xJuancito/mul…

Both deposit() functions use Solady's SafeTransferLib to handle token transfers. However, Solady's SafeTransferLib does not check if the token address is actually a contract. 🪐 If safeTransferFrom() is called on an address with no code (i.e., an address that is not a contract or the token is not yet deployed), it won't revert. 🪐 This allows an attacker to front-run the deployment of a new token contract. They could call deposit() with the address of the new token before it’s actually deployed. 🪐 As a result, the attacker’s balance would be inflated, even though no tokens were actually transferred.

@Securrtech Terrible AI spam “blog post”. Doesnt describe any technical details. Only says amount stolen 🥱

A Deep Dive into the $37 Million Phemex Exchange Hack on January 23, 2025 - Smart Contract Hack Overview - Overview of the Attack - Decoding the Smart Contract Vulnerability - Mitigation and Best Practices securrtech.medium.com/the-phemex-exc…