Skip to content

Instantly share code, notes, and snippets.



View GitHub Profile
Neo23x0 /
Last active Jun 22, 2022
Log4j RCE CVE-2021-44228 Exploitation Detection

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
hrkrshnn /
Last active Jul 5, 2022
Some generic writeup about common gas optimizations, etc.

Upgrade to at least 0.8.4

Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks for free!

The advantages of versions 0.8.* over <0.8.0 are:

  • Safemath by default from 0.8.0 (can be more gas efficient than some library based safemath).
  • Low level inliner from 0.8.2, leads to cheaper runtime gas. Especially relevant when the contract has small functions. For
patrickd- /
Last active Feb 2, 2022
Solidity – Compilable Cheatsheet

Sending Ether Cheat Sheet


🥇 Instead of sending Ether, use the withdrawal pattern

🥈 If you really need to send Ether, use a safe wrapper like OpenZeppelin's Address.sendValue(addr, amount)

🥉 If you really need to send Ether without dependencies, use (bool success, ) ={value: amount}("")

HildisviniOttar /
Last active Nov 13, 2021
THORChain vulnerability TSS

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.


# Ethereum helper methods
# source this in your .bashrc or .zshrc file with `. ~/.ethrc`
# --- Token addresses ---
Strernd / parseErc20Transfer.js
Created Jun 7, 2021
Parses an ERC20 Transfer from the Ethereum API.
View parseErc20Transfer.js
const converter = require("hex2dec");
const Eth = require("ethjs");
const eth = new Eth(new Eth.HttpProvider(process.env.INFURA));
async function getERC20TransferByHash(hash) {
const ethTxData = await eth.getTransactionByHash(hash);
if (ethTxData === null) throw "TX NOT FOUND";
if (
ethTxData.input.length !== 138 ||
ethTxData.input.slice(2, 10) !== "a9059cbb"
itzmeanjan /
Last active May 28, 2021
Polygon ( aka Matic Network ) Mempool Exploration
from python_graphql_client import GraphqlClient
from json import dumps
from asyncio import run
from re import compile as re_compile
from pytimeparse import parse
reg = re_compile(r'^(\d+(\.\d+)?)')
handle = None
gorgos / ExampleSlidingWindowOracleDaiWethKovan.sol
Created Jan 9, 2021
ExampleSlidingWindowOracle with DAI + WETH for Kovan.
View ExampleSlidingWindowOracleDaiWethKovan.sol
pragma solidity 0.6.6;
pragma experimental ABIEncoderV2;
import "";
import "";
import "";
import "";
import "";
library SafeMath {
View .tmux.conf
set-option -g prefix C-g
unbind-key C-g
bind-key C-g send-prefix
set -g default-terminal "screen-256color"
set -ga terminal-overrides ",*256col*:Tc"
set-option -g status-position bottom
set -g base-index 1