Péter Újvári 🚀
304 posts
Péter Újvári 🚀
@ptr_ujvr
I like coding, cryptography, DeFi, space and powerlifting - dev at @NFTfi
Copenhagen Katılım Eylül 2016
1.9K Takip Edilen218 Takipçiler
Leaving Norwegian territorial waters at 2026-03-15T16:57Z.
Next stop: Cape Town.
Chun@satofishi
Goodbye, Bouvetøya! For my full 201-hour stay on this isolated island in the South Atlantic. 2026-03-14 flight from 54.444°S, 3.410°E to 54.427°S, 3.448°E. This is my 43rd flight of 2026 and the 1153rd of all time. 🇧🇻🚁🚢
English
New CV just dropped 👀
1up8192.github.io/cv/
PDF - 1up8192.github.io/cv/cv2026.pdf
English
@FM_Szijjarto You are such a pathetic, sniveling rat.
English
With today’s US decision to suspend sanctions on Russian oil shipments, Russian oil can once again reach global markets by sea, increasing supply and bringing prices down.
Europe, however, will not see these benefits, as Russian oil is banned from the European market and Brussels continues to make decisions according to the demands of @ZelenskyyUa.
The EU should follow the American example and suspend sanctions on Russian oil. Allowing these supplies back onto the European market would help curb price increases, but unfortunately Brussels has not yet taken this step.
As a result, fuel prices are rising across Europe, with gasoline and diesel becoming more expensive across the continent. We call on Brussels to waive sanctions on Russian oil. The EU’s decisions should not be driven by pressure from @ZelenskyyUa!
English
@DefiLlama
How can I submit this to defillama.com/hacks ?
Péter Újvári 🚀@ptr_ujvr
Since I couldn’t find a good summary, here’s my writeup of yesterday’s Gondi exploit. A bit about me: I’m a smart contract dev at NFTfi, and I’ve spent time analyzing Gondi’s contracts. I also built an adaptor to refinance Gondi loans to NFTfi in the past.
English
@segwitnitwit It's tenderly's tx view, great for stuff like this and debugging
dashboard.tenderly.co
English
@ptr_ujvr curious, what tool are you using to look through the smart contract execution like that?
English
Since I couldn’t find a good summary, here’s my writeup of yesterday’s Gondi exploit.
A bit about me: I’m a smart contract dev at NFTfi, and I’ve spent time analyzing Gondi’s contracts. I also built an adaptor to refinance Gondi loans to NFTfi in the past.
English
ps. - an interesting tangent:
the attacker tried to steal ~38 Good Vibes Club tokens in addition, but a whitelist check in the token contract stopped that, this is a contract feature that I personally dislike, but was beneficial here
English
Péter Újvári 🚀 retweetledi
tl;dr 2
- new _givebackNFT(...) used ownerOf(tokenId) as the from address
- that let approved NFTs be pulled from users’ wallets, not MultiSourceLoan escrow
- attacker batched multiple thefts in single txs via multicall
English
Péter Újvári 🚀 retweetledi
tl;dr 1
- combo of multiple issues, not one isolated bug
- executeSell(...) mixed redundant / inconsistently validated NFT identifiers
- attacker could push execution to the final giveback stage
- users had approved PurchaseBundler for legitimate flows
English
⚠️ UPDATE: Gondi Security Incident
We have new information on the exploit.
What we now know:
• The exploit appears to affect NFTs that are NOT currently in active loans
• It is tied to an approval vulnerability on the affected contracts (Purchase Bundler)
• NFTs held as collateral in active loans do not appear to be at risk at this time
What you should do right now:
→ Do NOT repay your loans until we confirm it is safe to do so
→ Revoke approvals for the affected contract immediately via revoke.cash
→ Do not initiate any new activity on the platform
Affected contracts: (All Purchase Bundler)
0xc10472ac1bf9f2e58ff2c83596b4535334c90814 (Ethereum Mainnet)
0x1fba531724ea2493a15bf5c4ea05f6ab5c0fcd62
0x53ceda4c47585df08201955820e23bb261489140
0x3b59bffe109e0f33f20887343759a98b48ecdf5f
0xfd31a0cd628f0bab2cc174c3abd6bfc2d01aca61
0xfaaff69da43b8195e5b0945c4fea4476e4264157 (HypeEvm)
If you have a loan that is about to expire and need to take action, please do NOT interact with the platform directly. Instead, open a support ticket in our Discord and the team will assist you personally.
We will post another update as soon as we can confirm it is safe to resume normal activity. Thank you for your patience — we are working as fast as possible.
English
@nix_eth It's cool that this is possible, but some of those are not the most precise, here is my analysis:
x.com/ptr_ujvr/statu…
Péter Újvári 🚀@ptr_ujvr
Since I couldn’t find a good summary, here’s my writeup of yesterday’s Gondi exploit. A bit about me: I’m a smart contract dev at NFTfi, and I’ve spent time analyzing Gondi’s contracts. I also built an adaptor to refinance Gondi loans to NFTfi in the past.
English
NFT platform Gondi moves to make users whole after $230,000 contract exploit theblock.co/post/392909/nf…
English
🔐 NFT Lending Platform Gondi Reports $230K Exploit, Says System Now Secure
Gondi, an NFT lending protocol, confirmed a $230K exploit affecting only its Sell & Repay smart contract. According to Cointelegraph, the platform stated it is now secure and that buying, selling, trading, and listing NFTs can continue safely.
English
🚨 BREAKING: $ETH NFT platform Gondi hacked for $230k. Here's what most people are missing: on-chain data suggests deeper $SOL ecosystem involvement. The exploit will impact $ETH liquidity #CryptoNews #DeFi
English
