Skip to content

Instantly share code, notes, and snippets.



View GitHub Profile
HildisviniOttar /
Last active Nov 13, 2021
THORChain vulnerability TSS

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.


View watchEtherTransfers.js
function watchEtherTransfers() {
// Instantiate web3 with WebSocket provider
const web3 = new Web3(new Web3.providers.WebsocketProvider('wss://'))
// Instantiate subscription object
const subscription = web3.eth.subscribe('pendingTransactions')
// Subscribe to pending transactions
subscription.subscribe((error, result) => {
if (error) console.log(error)
romaninsh / lambda-vpc-internet-access-cloudformation.yml
Last active Dec 22, 2021
CloudFormation template implementing Private network which can be used by Serverless to deploy Lambda into VPCs an maintaining internet access
View lambda-vpc-internet-access-cloudformation.yml
# Add the following to your existing VPC CF stack
# create 2 subnets, lambdas like to be in multiple subnets
Type: AWS::EC2::Subnet
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs ]
CidrBlock: !Ref Private1CIDR
Strernd / parseErc20Transfer.js
Created Jun 7, 2021
Parses an ERC20 Transfer from the Ethereum API.
View parseErc20Transfer.js
const converter = require("hex2dec");
const Eth = require("ethjs");
const eth = new Eth(new Eth.HttpProvider(process.env.INFURA));
async function getERC20TransferByHash(hash) {
const ethTxData = await eth.getTransactionByHash(hash);
if (ethTxData === null) throw "TX NOT FOUND";
if (
ethTxData.input.length !== 138 ||
ethTxData.input.slice(2, 10) !== "a9059cbb"
whoisryosuke / api-form-submit.js
Created Oct 3, 2018
React - Handling forms and submitting POST data to API -- @see:
View api-form-submit.js
class NameForm extends React.Component {
constructor(props) {
this.state = { name: '' };
handleChange = (event) => {
mathben /
Last active Jan 1, 2022
BASH - Installation Arch Linux on Asus ZenBook UX370U - Full disk single boot
#!/usr/bin/env bash
# French Guide :
# Install ARCH Linux with UEFI
# The official installation guide ( contains a more verbose description.
# Download the archiso image from
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M status=progress && sync # on linux
JindrichPilar /
Last active Jan 2, 2022
Arch Linux on Asus ZenBook UX303LB

Arch Linux on Asus ZenBook UX303LB


This is a log how I installed and customized Arch linux on Asus ZenBook UX303LB. This is only log of what I did not what you should do! NO WARRANTY!


  • Intel Core i5 5200U
  • NVIDIA GeForce GT 940M

It is my opinion that tabs are better than spaces, especially when working in a team. Why you aks? When using tabs everyone has the ability to indent the code according to their own preference. If your teams decides on using spaces you also need to agree on how many spaces to use for an indent. Do you pick 2 spaces, 4 spaces or something else? Odds are, someone is not going to be happy with the team's decision.

Using tabs gives everyone the freedom to indent the code to their own liking. Most editors have an option to specify how many columns a tab should indent. This allows each team member to pick the setting they're most comfortable with.

To prevent (Git) diff nightmares just follow these simple steps:

  • Always follow the convention used in the project you're working on. If it is a legacy code base and uses 5 spaces for indenting code, use 5 spaces in the code you add or modify;
  • Have your editor (or Git pre-commit hook) strip all trailing whitespace from your files. Trailing whitespace serves no purpo
patrickd- /
Last active Feb 2, 2022
Solidity – Compilable Cheatsheet
# Ethereum helper methods
# source this in your .bashrc or .zshrc file with `. ~/.ethrc`
# --- Token addresses ---