Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

hack3r-0m

🎯
Focusing
View GitHub Profile
@HildisviniOttar
HildisviniOttar / thorchain_vulnerability_tss.md
Last active Nov 13, 2021
THORChain vulnerability TSS
View thorchain_vulnerability_tss.md

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.

Difficulty

View watchEtherTransfers.js
function watchEtherTransfers() {
// Instantiate web3 with WebSocket provider
const web3 = new Web3(new Web3.providers.WebsocketProvider('wss://rinkeby.infura.io/ws'))
// Instantiate subscription object
const subscription = web3.eth.subscribe('pendingTransactions')
// Subscribe to pending transactions
subscription.subscribe((error, result) => {
if (error) console.log(error)
@romaninsh
romaninsh / lambda-vpc-internet-access-cloudformation.yml
Last active Dec 22, 2021
CloudFormation template implementing Private network which can be used by Serverless to deploy Lambda into VPCs an maintaining internet access
View lambda-vpc-internet-access-cloudformation.yml
# Add the following to your existing VPC CF stack
# create 2 subnets, lambdas like to be in multiple subnets
Private1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs ]
CidrBlock: !Ref Private1CIDR
@Strernd
Strernd / parseErc20Transfer.js
Created Jun 7, 2021
Parses an ERC20 Transfer from the Ethereum API.
View parseErc20Transfer.js
const converter = require("hex2dec");
const Eth = require("ethjs");
const eth = new Eth(new Eth.HttpProvider(process.env.INFURA));
async function getERC20TransferByHash(hash) {
const ethTxData = await eth.getTransactionByHash(hash);
if (ethTxData === null) throw "TX NOT FOUND";
if (
ethTxData.input.length !== 138 ||
ethTxData.input.slice(2, 10) !== "a9059cbb"
@whoisryosuke
whoisryosuke / api-form-submit.js
Created Oct 3, 2018
React - Handling forms and submitting POST data to API -- @see: https://reactjs.org/docs/forms.html
View api-form-submit.js
class NameForm extends React.Component {
constructor(props) {
super(props);
this.state = { name: '' };
}
handleChange = (event) => {
this.setState({[event.target.name]: event.target.value});
}
@mathben
mathben / archlinux_installation_ux370u_full_disk_encrypted.sh
Last active Jan 1, 2022
BASH - Installation Arch Linux on Asus ZenBook UX370U - Full disk single boot
View archlinux_installation_ux370u_full_disk_encrypted.sh
#!/usr/bin/env bash
# French Guide : https://github.com/FredBezies/arch-tuto-installation
# Install ARCH Linux with UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M status=progress && sync # on linux
@JindrichPilar
JindrichPilar / 01_README.md
Last active Jan 2, 2022
Arch Linux on Asus ZenBook UX303LB
View 01_README.md

Arch Linux on Asus ZenBook UX303LB

Warning

This is a log how I installed and customized Arch linux on Asus ZenBook UX303LB. This is only log of what I did not what you should do! NO WARRANTY!

Specs

  • Intel Core i5 5200U
  • NVIDIA GeForce GT 940M
View tabs-vs-spaces.md

It is my opinion that tabs are better than spaces, especially when working in a team. Why you aks? When using tabs everyone has the ability to indent the code according to their own preference. If your teams decides on using spaces you also need to agree on how many spaces to use for an indent. Do you pick 2 spaces, 4 spaces or something else? Odds are, someone is not going to be happy with the team's decision.

Using tabs gives everyone the freedom to indent the code to their own liking. Most editors have an option to specify how many columns a tab should indent. This allows each team member to pick the setting they're most comfortable with.

To prevent (Git) diff nightmares just follow these simple steps:

  • Always follow the convention used in the project you're working on. If it is a legacy code base and uses 5 spaces for indenting code, use 5 spaces in the code you add or modify;
  • Have your editor (or Git pre-commit hook) strip all trailing whitespace from your files. Trailing whitespace serves no purpo
@patrickd-
patrickd- / cheatsheet.md
Last active Feb 2, 2022
Solidity – Compilable Cheatsheet
View cheatsheet.md
View .ethrc.sh
# Ethereum helper methods
# source this in your .bashrc or .zshrc file with `. ~/.ethrc`
# --- Token addresses ---
aave=0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9
comp=0xc00e94Cb662C3520282E6f5717214004A7f26888
crv=0xD533a949740bb3306d119CC777fa900bA034cd52
dai=0x6B175474E89094C44Da98b954EedeAC495271d0F
gtc=0xDe30da39c46104798bB5aA3fe8B9e0e1F348163F
mkr=0x9f8F72aA9304c8B593d555F12eF6589cC3A579A2