Skip to content

Instantly share code, notes, and snippets.

Avatar
🎯
Focusing

hack3r-0m

🎯
Focusing
View GitHub Profile
View Iterators.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;
library Iterators {
// Function types:
// https://docs.soliditylang.org/en/latest/types.html#function-types
function map(uint256[] memory input, function (uint256) internal pure returns (uint256) f)
internal
pure
@noxx3xxon
noxx3xxon / arbitrage.py
Created Aug 21, 2022
CFMM Routing Arbitrage Example
View arbitrage.py
import numpy as np
import cvxpy as cp
import itertools
# Problem data
global_indices = list(range(4))
# 0 = TOKEN-0
# 1 = TOKEN-1
# 2 = TOKEN-2
@0xA5DF
0xA5DF / !README.md
Last active Aug 19, 2022
Forge calculates gas as if it's all one tx (affecting ops that depend on warm/cold keys/addresses)
View !README.md

Forge calculates gas as if each test is one tx

Sample code

When runing forge test -m testGas --gas-report -vv, it shows the cost of calling x is 261:

╭──────────────────────────────────┬─────────────────┬─────┬────────┬─────┬─────────╮
│ contracts/Gas.sol:Store contract ┆                 ┆     ┆        ┆     ┆         │
╞══════════════════════════════════╪═════════════════╪═════╪════════╪═════╪═════════╡
│ Deployment Cost                  ┆ Deployment Size ┆     ┆        ┆     ┆         │
├╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┼╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┼╌╌╌╌╌┼╌╌╌╌╌╌╌╌┼╌╌╌╌╌┼╌╌╌╌╌╌╌╌╌┤
View yul_factorial_for_loop
function factorial_Yul_For(uint256 x) public pure returns(uint256){
assembly{
let result := 1
for {} iszero(iszero(x)) { x := sub(x, 1)} {
result := mul(result, x)
}
mstore(0,result)
return(0,0x20)
}
}
@Neo23x0
Neo23x0 / log4j_rce_detection.md
Last active Sep 13, 2022
Log4j RCE CVE-2021-44228 Exploitation Detection
View log4j_rce_detection.md

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log
@hrkrshnn
hrkrshnn / generic.org
Last active Sep 27, 2022
Some generic writeup about common gas optimizations, etc.
View generic.org

Upgrade to at least 0.8.4

Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks for free!

The advantages of versions 0.8.* over <0.8.0 are:

  • Safemath by default from 0.8.0 (can be more gas efficient than some library based safemath).
  • Low level inliner from 0.8.2, leads to cheaper runtime gas. Especially relevant when the contract has small functions. For
@patrickd-
patrickd- / cheatsheet.md
Last active Aug 6, 2022
Solidity – Compilable Cheatsheet
View cheatsheet.md
View sending-ether-cheat-sheet.md

Sending Ether Cheat Sheet

TLDR

🥇 Instead of sending Ether, use the withdrawal pattern

🥈 If you really need to send Ether, use a safe wrapper like OpenZeppelin's Address.sendValue(addr, amount)

🥉 If you really need to send Ether without dependencies, use (bool success, ) = addr.call{value: amount}("")

@HildisviniOttar
HildisviniOttar / thorchain_vulnerability_tss.md
Last active Nov 13, 2021
THORChain vulnerability TSS
View thorchain_vulnerability_tss.md

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.

Difficulty

@shazow
shazow / flashbotnfts.ts
Last active Jul 12, 2022
WIP: Flashbot NFTs
View flashbotnfts.ts
import { BigNumber, providers, Wallet } from "https://esm.sh/ethers";
import { FlashbotsBundleProvider, FlashbotsBundleResolution } from "https://esm.sh/@flashbots/ethers-provider-bundle";
const FLASHBOTS_AUTH_KEY = Deno.env.get('FLASHBOTS_AUTH_KEY');
const WALLET_PRIVATE_KEY = Deno.env.get('WALLET_PRIVATE_KEY');
const GWEI = BigNumber.from(10).pow(9);
const PRIORITY_FEE = GWEI.mul(3);
const LEGACY_GAS_PRICE = GWEI.mul(12);
const BLOCKS_IN_THE_FUTURE = 2;