Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

hack3r-0m

🎯
Focusing
View GitHub Profile
@patrickd-
patrickd- / cheatsheet.sol
Last active Nov 10, 2021
Solidity – Compilable Cheatsheet
View cheatsheet.sol
// SPDX-License-Identifier: MIT
// ^ recommended, included machine readable in bytecode metadata
// Software Package Data Exchange is an open standard
pragma solidity ^0.8.7;
// ^ floating pragma, min 0.8.7 max excluding 0.9.0
// same as complex pragma: pragma solidity >=0.8.7 <0.9.0;
// major.breakingchanges.bugfixes
// only makes the compiler check for compatibility and throws error if not matching!
// should only be floating during development, fixed everywhere during testing & deployment
View sending-ether-cheat-sheet.md

Sending Ether Cheat Sheet

TLDR

🥇 Instead of sending Ether, use the withdrawal pattern

🥈 If you really need to send Ether, use a safe wrapper like OpenZeppelin's Address.sendValue(addr, amount)

🥉 If you really need to send Ether without dependencies, use (bool success, ) = addr.call{value: amount}("")

@HildisviniOttar
HildisviniOttar / thorchain_vulnerability_tss.md
Last active Nov 13, 2021
THORChain vulnerability TSS
View thorchain_vulnerability_tss.md

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.

Difficulty

View .ethrc.sh
# Ethereum helper methods
# source this in your .bashrc or .zshrc file with `. ~/.ethrc`
# --- Token addresses ---
aave=0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9
comp=0xc00e94Cb662C3520282E6f5717214004A7f26888
crv=0xD533a949740bb3306d119CC777fa900bA034cd52
dai=0x6B175474E89094C44Da98b954EedeAC495271d0F
gtc=0xDe30da39c46104798bB5aA3fe8B9e0e1F348163F
mkr=0x9f8F72aA9304c8B593d555F12eF6589cC3A579A2
@Strernd
Strernd / parseErc20Transfer.js
Created Jun 7, 2021
Parses an ERC20 Transfer from the Ethereum API.
View parseErc20Transfer.js
const converter = require("hex2dec");
const Eth = require("ethjs");
const eth = new Eth(new Eth.HttpProvider(process.env.INFURA));
async function getERC20TransferByHash(hash) {
const ethTxData = await eth.getTransactionByHash(hash);
if (ethTxData === null) throw "TX NOT FOUND";
if (
ethTxData.input.length !== 138 ||
ethTxData.input.slice(2, 10) !== "a9059cbb"
@itzmeanjan
itzmeanjan / catch.py
Last active May 28, 2021
Polygon ( aka Matic Network ) Mempool Exploration
View catch.py
#!/usr/bin/python3
from python_graphql_client import GraphqlClient
from json import dumps
from asyncio import run
from re import compile as re_compile
from pytimeparse import parse
reg = re_compile(r'^(\d+(\.\d+)?)')
handle = None
@fuadnafiz98
fuadnafiz98 / transparent.vim
Last active Nov 27, 2021
vim transparent background
View transparent.vim
" for transparent background
function! AdaptColorscheme()
highlight clear CursorLine
highlight Normal ctermbg=none
highlight LineNr ctermbg=none
highlight Folded ctermbg=none
highlight NonText ctermbg=none
highlight SpecialKey ctermbg=none
highlight VertSplit ctermbg=none
highlight SignColumn ctermbg=none
@cryptoscopia
cryptoscopia / dydxFlashLoanTemplate.sol
Created Oct 21, 2020
A single-file simplest possible template for a contract that obtains a flash loan from dydx, does things, and pays it back.
View dydxFlashLoanTemplate.sol
// SPDX-License-Identifier: AGPL-3.0-or-later
// The ABI encoder is necessary, but older Solidity versions should work
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;
// These definitions are taken from across multiple dydx contracts, and are
// limited to just the bare minimum necessary to make flash loans work.
library Types {
enum AssetDenomination { Wei, Par }
@itzmeanjan
itzmeanjan / ChildERC20.sol
Last active Jul 6, 2021
An illustration of sending data from Ethereum root chain to Matic child chain
View ChildERC20.sol
// File: contracts/child/ChildToken/ChildERC20.sol
pragma solidity 0.6.6;
contract ChildERC20 is
ERC20,
IChildToken,
AccessControlMixin,
NativeMetaTransaction,
ChainConstants,
@gnurgeldiyev
gnurgeldiyev / api.js
Last active Aug 3, 2021
How to get the response time from Axios
View api.js
const axios = require('axios').default
const API_BASE_URL = 'https://api.spacexdata.com/v3'
const API = axios.create({
baseURL: API_BASE_URL
})
/*
* setting interceptors to be able
* to know response time of the each request