proposal version 0.01 this is a rough spec for what a client-side trading infrastructure expects from an interface. There should be a client-side wrapper matching the hosts API. we ignore funding requests here (deposit/withdraw)
private
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function diff-branch() { | |
| if [ -z $1 ]; then | |
| echo please provide an branch | |
| read WORKBRANCH | |
| else | |
| WORKBRANCH=$1 | |
| fi | |
| if [ -z $2 ]; then | |
| STABLEBRANCH='master' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import os | |
| from collections import defaultdict | |
| from json import JSONDecodeError | |
| from pprint import pprint | |
| from typing import Dict, Union, List | |
| import requests | |
| from bs4 import BeautifulSoup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Running on the page, in the browser | |
| // This API will go live in early 2020 | |
| // It will be the only API available after a 6-week deprecation period | |
| if (!ethereum || !ethereum.isMetaMask) { | |
| throw new Error('Please install MetaMask.') | |
| } | |
| /*********************************************************/ |
itzmeanjan
/ catch.py
Last active
May 28, 2021 21:57
Polygon ( aka Matic Network ) Mempool Exploration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| from python_graphql_client import GraphqlClient | |
| from json import dumps | |
| from asyncio import run | |
| from re import compile as re_compile | |
| from pytimeparse import parse | |
| reg = re_compile(r'^(\d+(\.\d+)?)') | |
| handle = None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See this article for reference: https://help.github.com/articles/dealing-with-line-endings/ | |
| # Refreshing repo after line ending change: | |
| # https://help.github.com/articles/dealing-with-line-endings/#refreshing-a-repository-after-changing-line-endings | |
| # Handle line endings automatically for files detected as text | |
| # and leave all files detected as binary untouched. | |
| * text=auto | |
| # | |
| # The above will handle all files NOT found below |
itzmeanjan
/ ChildERC20.sol
Last active
July 6, 2021 06:43
An illustration of sending data from Ethereum root chain to Matic child chain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // File: contracts/child/ChildToken/ChildERC20.sol | |
| pragma solidity 0.6.6; | |
| contract ChildERC20 is | |
| ERC20, | |
| IChildToken, | |
| AccessControlMixin, | |
| NativeMetaTransaction, | |
| ChainConstants, |
rhlsthrm
/ ReentrancyToken.sol
Created
October 9, 2018 17:18
Fake ERC20 token that recreates reentrancy attack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.4.23; | |
| import "./HumanStandardToken.sol"; | |
| import "../../LedgerChannel.sol"; | |
| contract ReentrancyToken is HumanStandardToken { | |
| LedgerChannel ledgerChannel; | |
| uint256 constant MAX_REENTRIES = 5; | |
| uint256 numReentries = 0; |
HildisviniOttar
/ thorchain_vulnerability_tss.md
Last active
November 13, 2021 19:20
THORChain vulnerability TSS
Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.
Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).
Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function watchEtherTransfers() { | |
| // Instantiate web3 with WebSocket provider | |
| const web3 = new Web3(new Web3.providers.WebsocketProvider('wss://rinkeby.infura.io/ws')) | |
| // Instantiate subscription object | |
| const subscription = web3.eth.subscribe('pendingTransactions') | |
| // Subscribe to pending transactions | |
| subscription.subscribe((error, result) => { | |
| if (error) console.log(error) |
OlderNewer