Skip to content

Instantly share code, notes, and snippets.



View GitHub Profile
benjyz /
Last active Jan 30, 2021
trading broker spec

trading broker spec

proposal version 0.01 this is a rough spec for what a client-side trading infrastructure expects from an interface. There should be a client-side wrapper matching the hosts API. we ignore funding requests here (deposit/withdraw)

Wrapper API


function diff-branch() {
if [ -z $1 ]; then
echo please provide an branch
if [ -z $2 ]; then
import json
import os
from collections import defaultdict
from json import JSONDecodeError
from pprint import pprint
from typing import Dict, Union, List
import requests
from bs4 import BeautifulSoup
rekmarks / newProvider.js
Last active Apr 18, 2021
Using the New MetaMask Inpage Provider
View newProvider.js
// Running on the page, in the browser
// This API will go live in early 2020
// It will be the only API available after a 6-week deprecation period
if (!ethereum || !ethereum.isMetaMask) {
throw new Error('Please install MetaMask.')
itzmeanjan /
Last active May 28, 2021
Polygon ( aka Matic Network ) Mempool Exploration
from python_graphql_client import GraphqlClient
from json import dumps
from asyncio import run
from re import compile as re_compile
from pytimeparse import parse
reg = re_compile(r'^(\d+(\.\d+)?)')
handle = None
xceric / .gitattributes
Last active Jun 16, 2021
Git attributes for Typescript
View .gitattributes
# See this article for reference:
# Refreshing repo after line ending change:
# Handle line endings automatically for files detected as text
# and leave all files detected as binary untouched.
* text=auto
# The above will handle all files NOT found below
itzmeanjan / ChildERC20.sol
Last active Jul 6, 2021
An illustration of sending data from Ethereum root chain to Matic child chain
View ChildERC20.sol
// File: contracts/child/ChildToken/ChildERC20.sol
pragma solidity 0.6.6;
contract ChildERC20 is
rhlsthrm / ReentrancyToken.sol
Created Oct 9, 2018
Fake ERC20 token that recreates reentrancy attack
View ReentrancyToken.sol
pragma solidity ^0.4.23;
import "./HumanStandardToken.sol";
import "../../LedgerChannel.sol";
contract ReentrancyToken is HumanStandardToken {
LedgerChannel ledgerChannel;
uint256 constant MAX_REENTRIES = 5;
uint256 numReentries = 0;
tjade273 / Database.sol
Last active Sep 24, 2021
Example of separated storage and logic
View Database.sol
contract Database{
mapping(uint => uint) public _data;
mapping(address => bool) _owners;
function Database(address[] owners){ //Called once at creation, pass in initial owners
for(uint i; i<owners.length; i++){
HildisviniOttar /
Last active Nov 13, 2021
THORChain vulnerability TSS

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.