The Saloon

We've put together a @NotionHQ dashboard for web3 security researchers! It contains heaps of resources and a neat template to help you organise your findings and navigate codebases. Let us know what you like or whats missing below! protective-stranger-59a.notion.site/Security-Resea…

We are honoured to be among such names! Exciting things coming soon! 🤠

Are you familiar with the challenges borrowing and lending protocols face? Dive into: - Illiquid liquidations - Collateral Safeness - The dangers of governance - Oracle risk and cost of manipulation And much more... article by: @0xnikceth tokeninsight.com/en/research/ma…

@SaxeMauricede @DefiLlama Cheap change 🥲

Having a dashboard with details about all DeFi exploits to help you become an exploit master mind sounds almost too good to be true. But @DefiLlama has got you covered! defillama.com/hacks

Incredibly valuable resource with foundry tests to help you understand and replicate vulnerabilities worth more than $1B (B for billions)! You can find many more resources like this within our security researcher dashboard (pinned). github.com/coinspect/lear…

@shunduquar @real_philogy 0% APR and $0 direct deposit combined are not allowed. Projects must choose at least one (X% APR or $X deposit), but are encouraged to choose both. Saloon custodies all funds in it's vault and is control of validation/payments. So fake reports would just be nullified.

🔒 All DeFi protocols should have a bug bounty program. There are basically 0 reasons not to have one. 🤡 Payouts are always going to be cheaper than losing all your TVL. 💸 Hackers are probing your contracts anyway, might as well give whitehats an incentive to do so too. 🕵️‍♂️

@real_philogy Soon they will be able to do this through the Saloon and even earn while doing so!

This is an awesome idea Although I don't know how realistic it is for users to pledge even a tiny percentage of their funds to a bug bounty. Probably has to come from the protocol but would be a good way to solve the liquidity/cost problem of bug bounties

In the span of a few days: 1. USDC depeg making us re-evaluate our dependency on fiat. 2. Vulnerability in SHA3(keccak) eprint.iacr.org/2023/331.pdf 3. Euler $197m exploit. twitter.com/peckshield/sta… 4. What's next? Don't let your guard down. @realgmhacker credit for SHA3 news.

Euler under attack. There is no rest in crypto.

@ggballas 🤯🤯 was this ever audited?

REKT CRYPTO 2️⃣5️⃣ Midas Capital loses $660k in TEXTBOOK reentrancy hack 😕 🐞 developers overlooked that Polygon has a callback func on native token transfers.. allowing reentrancy hack 💡 get an auditor familiar with your dapp's chain writeup 👇

There are still some ongoing attacks on the SwapX contract over the past few days. More than 20,000 addresses have approved to 0x6D8981847Eb3cc2234179d0F0e72F6b6b2421a01 ⚠️Pls revoke your approval ASAP.

It should be illegal for devs/auditors to not know this: How to prevent MEV frontrunners from stealing your funds with bytecode obfuscation.

@0xzak @CryptoChem0000 👀

@CryptoChem0000 a year from now, i'd like to come back and say that CSR fixed this

still trying to figure out if MEV is a necessary function of a more efficient market or whether it's a symptom of a suboptimal system. it's obviously a polarizing topic, but wondering what the general sentiment is. need more datapoints. what are your thoughts?

@peckshield To whoever needs to hear this: MEV doesn't care about your hard-to-read bytecode. Develop secure contracts regardless of verifying or not. Stay safe 💛

🚨🚨🚨 There is an in-the-wild hack bscscan.com/tx/0x3ee23c158…. While the contract is not verified, the root cause appears to be the wild allowance at the loss of innocent users. Please revoke your allowance, if any, to bscscan.com/address/0x6d89…

For more details: #m-04-editions-should-be-checked-if-they-are-actually-deployed-from-the-legitimate-escher721factory" target="_blank" rel="nofollow noopener">code4rena.com/reports/2022-1…

Bug: For all sales, creators create new sales contracts with arbitrary data. Malicious creators can create fake contracts that implemented IEscher721 and fake buyers to get free earnings because there is no check to verify if the contract was deployed through the Escher Factory.

Many protocols allow users to create contracts for others to interact with. In this C4 audit for @escherxyz , auditor @hansfriese et al. highlights how things can go wrong if contract creation is not carefully implemented. 🧵4

@lopp @PeterAttiaMD is your guy

Who can I pay to evaluate my personal health situation and formulate a customized guide for my optimal diet, exercise, supplements, recovery protocols, etc so that I don't have to spend countless hours diving down biohacking rabbit holes?