| function factorial_Yul_For(uint256 x) public pure returns(uint256){ | |
| assembly{ | |
| let result := 1 | |
| for {} iszero(iszero(x)) { x := sub(x, 1)} { | |
| result := mul(result, x) | |
| } | |
| mstore(0,result) | |
| return(0,0x20) | |
| } | |
| } |
You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228
This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders
sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks for free!
The advantages of versions 0.8.* over <0.8.0 are:
0.8.0 (can be more gas efficient than some
library based safemath).0.8.2, leads to cheaper runtime gas.
Especially relevant when the contract has small functions. For
Address.sendValue(addr, amount)
(bool success, ) = addr.call{value: amount}("")
Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.
Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).
Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.
| import { BigNumber, providers, Wallet } from "https://esm.sh/ethers"; | |
| import { FlashbotsBundleProvider, FlashbotsBundleResolution } from "https://esm.sh/@flashbots/ethers-provider-bundle"; | |
| const FLASHBOTS_AUTH_KEY = Deno.env.get('FLASHBOTS_AUTH_KEY'); | |
| const WALLET_PRIVATE_KEY = Deno.env.get('WALLET_PRIVATE_KEY'); | |
| const GWEI = BigNumber.from(10).pow(9); | |
| const PRIORITY_FEE = GWEI.mul(3); | |
| const LEGACY_GAS_PRICE = GWEI.mul(12); | |
| const BLOCKS_IN_THE_FUTURE = 2; |
| # Ethereum helper methods | |
| # source this in your .bashrc or .zshrc file with `. ~/.ethrc` | |
| # --- Token addresses --- | |
| aave=0x7Fc66500c84A76Ad7e9c93437bFc5Ac33E2DDaE9 | |
| comp=0xc00e94Cb662C3520282E6f5717214004A7f26888 | |
| crv=0xD533a949740bb3306d119CC777fa900bA034cd52 | |
| dai=0x6B175474E89094C44Da98b954EedeAC495271d0F | |
| gtc=0xDe30da39c46104798bB5aA3fe8B9e0e1F348163F | |
| mkr=0x9f8F72aA9304c8B593d555F12eF6589cC3A579A2 |
| const converter = require("hex2dec"); | |
| const Eth = require("ethjs"); | |
| const eth = new Eth(new Eth.HttpProvider(process.env.INFURA)); | |
| async function getERC20TransferByHash(hash) { | |
| const ethTxData = await eth.getTransactionByHash(hash); | |
| if (ethTxData === null) throw "TX NOT FOUND"; | |
| if ( | |
| ethTxData.input.length !== 138 || | |
| ethTxData.input.slice(2, 10) !== "a9059cbb" |
| #!/usr/bin/python3 | |
| from python_graphql_client import GraphqlClient | |
| from json import dumps | |
| from asyncio import run | |
| from re import compile as re_compile | |
| from pytimeparse import parse | |
| reg = re_compile(r'^(\d+(\.\d+)?)') | |
| handle = None |
