Sang-Hoon Choi KoreaSecurity
KoreaSecurity
/ CL020_PoC_test.go
Created
April 2, 2026 13:15
CL-020 PoC and Go test log for malformed signature panic in chainlink-evm transmitter path
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package transmitter | |
| import ( | |
| "context" | |
| "testing" | |
| "github.com/stretchr/testify/require" | |
| "github.com/smartcontractkit/libocr/commontypes" | |
| ocrtypes "github.com/smartcontractkit/libocr/offchainreporting2plus/types" |
KoreaSecurity
/ CL003_ActualPoC.t.sol
Last active
April 2, 2026 12:59
CL-003 PoC and Foundry log for migration-time nonReentrant bypass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity 0.8.19; | |
| // Asset identifier: https://github.com/smartcontractkit/chainlink-evm/tree/develop/contracts | |
| // Asset type: SMART_CONTRACT | |
| // | |
| // This PoC is intended to be added to the chainlink-evm contracts test suite and run | |
| // with FOUNDRY_PROFILE=vrf. It verifies real cross-function reentrancy during | |
| // VRFCoordinatorV2_5.migrate(). |
KoreaSecurity
/ .env.example
Last active
March 29, 2026 14:39
KAMINO-001: Account Validation Bypass - PoC Evidence (Local Fork, Partial)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # KAMINO-001 PoC - Environment Configuration | |
| # ============================================================================ | |
| # RPC Endpoints | |
| # ============================================================================ | |
| # Local RPC for validator with Kamino cloned | |
| LOCAL_RPC_URL=http://localhost:8899 | |
| # Mainnet RPC for verification |
KoreaSecurity
/ LOMB002_SignatureReplay.t.sol
Created
March 28, 2026 12:29
LOMB-002: Fee Signature Replay Attack PoC - Lombard NativeLBTC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import {Test} from "forge-std/Test.sol"; | |
| import {MockNativeLBTC} from "../src/MockNativeLBTC.sol"; | |
| import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; | |
| /** | |
| * LOMB-002: Fee Signature Replay Attack PoC | |
| * |
KoreaSecurity
/ LOMB002_SignatureReplay.t.sol
Created
March 28, 2026 12:28
LOMB-002: Fee Signature Replay Attack PoC - Lombard NativeLBTC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import {Test} from "forge-std/Test.sol"; | |
| import {MockNativeLBTC} from "../src/MockNativeLBTC.sol"; | |
| import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; | |
| /** | |
| * LOMB-002: Fee Signature Replay Attack PoC | |
| * |
KoreaSecurity
/ LOMB002_SignatureReplay.t.sol
Created
March 28, 2026 12:19
LOMB-002: Fee Signature Replay Attack PoC - Lombard NativeLBTC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity ^0.8.0; | |
| import {Test} from "forge-std/Test.sol"; | |
| import {MockNativeLBTC} from "../src/MockNativeLBTC.sol"; | |
| import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol"; | |
| /** | |
| * LOMB-002: Fee Signature Replay Attack PoC | |
| * |
KoreaSecurity
/ FLUID001.t.sol
Created
March 28, 2026 09:25
FLUID-001 Proof of Concept - Input Validation Bypass Vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: MIT | |
| pragma solidity 0.8.21; | |
| import {Test} from "forge-std/Test.sol"; | |
| import {FluidVaultT2Vulnerable} from "../src/FluidVaultT2Vulnerable.sol"; | |
| /** | |
| * FLUID-001 Proof of Concept Tests | |
| * | |
| * Vulnerability: Input Validation Bypass in operatePerfect() |