HildisviniOttar

TSS Churn with 2 evil nodes

Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.

Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).

Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.

Difficulty

shazow

import { BigNumber, providers, Wallet } from "https://esm.sh/ethers";
import { FlashbotsBundleProvider, FlashbotsBundleResolution } from "https://esm.sh/@flashbots/ethers-provider-bundle";

const FLASHBOTS_AUTH_KEY = Deno.env.get('FLASHBOTS_AUTH_KEY');
const WALLET_PRIVATE_KEY = Deno.env.get('WALLET_PRIVATE_KEY');

const GWEI = BigNumber.from(10).pow(9);
const PRIORITY_FEE = GWEI.mul(3);
const LEGACY_GAS_PRICE = GWEI.mul(12);
const BLOCKS_IN_THE_FUTURE = 2;

mds1

# Ethereum helper methods
# source this in your .bashrc or .zshrc file with `. ~/.ethrc`

# --- Solidity sandbox ---
# https://github.com/maurelian/solidity-sandbox
scratch() {
  dir=$(pwd)
  cd ~/Documents/projects/solidity-sandbox || exit
  bash newTest.sh $1
  cd "$dir" || exit

Strernd

const converter = require("hex2dec");
const Eth = require("ethjs");
const eth = new Eth(new Eth.HttpProvider(process.env.INFURA));

async function getERC20TransferByHash(hash) {
  const ethTxData = await eth.getTransactionByHash(hash);
  if (ethTxData === null) throw "TX NOT FOUND";
  if (
    ethTxData.input.length !== 138 ||
    ethTxData.input.slice(2, 10) !== "a9059cbb"

itzmeanjan

#!/usr/bin/python3

from python_graphql_client import GraphqlClient
from json import dumps
from asyncio import run
from re import compile as re_compile
from pytimeparse import parse

reg = re_compile(r'^(\d+(\.\d+)?)')
handle = None

gorgos

pragma solidity 0.6.6;
pragma experimental ABIEncoderV2;

import "https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/interfaces/IUniswapV2Pair.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/FixedPoint.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/FullMath.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/Babylonian.sol";
import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/BitMath.sol";

library SafeMath {

mizlan

set-option -g prefix C-g
unbind-key C-g
bind-key C-g send-prefix

set -g default-terminal "screen-256color"
set -ga terminal-overrides ",*256col*:Tc"

set-option -g status-position bottom

set -g base-index 1

fuadnafiz98

" for transparent background
function! AdaptColorscheme()
   highlight clear CursorLine
   highlight Normal ctermbg=none
   highlight LineNr ctermbg=none
   highlight Folded ctermbg=none
   highlight NonText ctermbg=none
   highlight SpecialKey ctermbg=none
   highlight VertSplit ctermbg=none
   highlight SignColumn ctermbg=none

cryptoscopia

// SPDX-License-Identifier: AGPL-3.0-or-later

// The ABI encoder is necessary, but older Solidity versions should work
pragma solidity ^0.7.0;
pragma experimental ABIEncoderV2;

// These definitions are taken from across multiple dydx contracts, and are
// limited to just the bare minimum necessary to make flash loans work.
library Types {
    enum AssetDenomination { Wei, Par }

itzmeanjan

// File: contracts/child/ChildToken/ChildERC20.sol

pragma solidity 0.6.6;

contract ChildERC20 is
    ERC20,
    IChildToken,
    AccessControlMixin,
    NativeMetaTransaction,
    ChainConstants,