Skip to content

Instantly share code, notes, and snippets.

View hack3r-0m's full-sized avatar
🎯
Focusing

hack3r-0m

🎯
Focusing
112 followers · 629 following
View GitHub Profile
@HildisviniOttar
HildisviniOttar / thorchain_vulnerability_tss.md
Last active November 13, 2021 19:20
THORChain vulnerability TSS

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.

Difficulty

@shazow
shazow / flashbotnfts.ts
Last active May 26, 2023 01:20
WIP: Flashbot NFTs
import { BigNumber, providers, Wallet } from "https://esm.sh/ethers";
import { FlashbotsBundleProvider, FlashbotsBundleResolution } from "https://esm.sh/@flashbots/ethers-provider-bundle";
const FLASHBOTS_AUTH_KEY = Deno.env.get('FLASHBOTS_AUTH_KEY');
const WALLET_PRIVATE_KEY = Deno.env.get('WALLET_PRIVATE_KEY');
const GWEI = BigNumber.from(10).pow(9);
const PRIORITY_FEE = GWEI.mul(3);
const LEGACY_GAS_PRICE = GWEI.mul(12);
const BLOCKS_IN_THE_FUTURE = 2;
@mds1
mds1 / .ethrc.sh
Last active May 11, 2024 02:57
# Ethereum helper methods
# source this in your .bashrc or .zshrc file with `. ~/.ethrc`
# --- Solidity sandbox ---
# https://github.com/maurelian/solidity-sandbox
scratch() {
dir=$(pwd)
cd ~/Documents/projects/solidity-sandbox || exit
bash newTest.sh $1
cd "$dir" || exit
@Strernd
Strernd / parseErc20Transfer.js
Created June 7, 2021 11:09
Parses an ERC20 Transfer from the Ethereum API.
const converter = require("hex2dec");
const Eth = require("ethjs");
const eth = new Eth(new Eth.HttpProvider(process.env.INFURA));
async function getERC20TransferByHash(hash) {
const ethTxData = await eth.getTransactionByHash(hash);
if (ethTxData === null) throw "TX NOT FOUND";
if (
ethTxData.input.length !== 138 ||
ethTxData.input.slice(2, 10) !== "a9059cbb"
@itzmeanjan
itzmeanjan / catch.py
Last active May 28, 2021 21:57
Polygon ( aka Matic Network ) Mempool Exploration
#!/usr/bin/python3
from python_graphql_client import GraphqlClient
from json import dumps
from asyncio import run
from re import compile as re_compile
from pytimeparse import parse
reg = re_compile(r'^(\d+(\.\d+)?)')
handle = None
@gorgos
gorgos / ExampleSlidingWindowOracleDaiWethKovan.sol
Created January 9, 2021 20:16
ExampleSlidingWindowOracle with DAI + WETH for Kovan.
pragma solidity 0.6.6;
pragma experimental ABIEncoderV2;
import "https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/interfaces/IUniswapV2Pair.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/FixedPoint.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/FullMath.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/Babylonian.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/BitMath.sol";
library SafeMath {
@mizlan
mizlan / .tmux.conf
Created January 8, 2021 02:20
set-option -g prefix C-g
unbind-key C-g
bind-key C-g send-prefix
set -g default-terminal "screen-256color"
set -ga terminal-overrides ",*256col*:Tc"
set-option -g status-position bottom
set -g base-index 1
@fuadnafiz98
fuadnafiz98 / transparent.vim
Last active April 18, 2023 07:26
vim transparent background
" for transparent background
function! AdaptColorscheme()
highlight clear CursorLine
highlight Normal ctermbg=none
highlight LineNr ctermbg=none
highlight Folded ctermbg=none
highlight NonText ctermbg=none
highlight SpecialKey ctermbg=none
highlight VertSplit ctermbg=none
highlight SignColumn ctermbg=none
@spalladino
spalladino / falsehoods-that-ethereum-programmers-believe.md
Last active May 20, 2024 21:04
Falsehoods that Ethereum programmers believe

Falsehoods that Ethereum programmers believe

I recently stumbled upon Falsehoods programmers believe about time zones, which got a good laugh out of me. It reminded me of other great lists of falsehoods, such as about names or time, and made me look for an equivalent for Ethereum. Having found none, here is my humble contribution to this set.

About Gas

Calling estimateGas will return the gas required by my transaction

Calling estimateGas will return the gas that your transaction would require if it were mined now. The current state of the chain may be very different to the state in which your tx will get mined. So when your tx i

@cryptoscopia
cryptoscopia / dydxFlashLoanTemplate.sol
Created October 21, 2020 06:42
A single-file simplest possible template for a contract that obtains a flash loan from dydx, does things, and pays it back.
// SPDX-License-Identifier: AGPL-3.0-or-later
// The ABI encoder is necessary, but older Solidity versions should work
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
// These definitions are taken from across multiple dydx contracts, and are
// limited to just the bare minimum necessary to make flash loans work.
library Types {
enum AssetDenomination { Wei, Par }