[
{
"slot": "8366820",
"parent_hash": "0x27dcb717d5921af93e2b56a82f546e1c11b33619238510cbe36e4d8c43f446a8",
"block_hash": "0x6868f8e474a163bb17f39d05847aa8e3f1b38db3cca0dfc9bd139db1da8dcde2",
"builder_pubkey": "0x8e6df6e0a9ca3fd89db2aa2f3daf77722dc4fbcd15e285ed7d9560fdf07b7d69ba504add4cc12ac999b8094ff30ed06c",
"proposer_pubkey": "0xb6d5424e28a738d002c96a19db7434fff22877272649e0ca38b579bb44398f3977f43af6c055414b7a71ec2bd7cb8480",
"proposer_fee_recipient": "0x72FDdC41CA177551Ce5949C75a92b945eFa04141",
"gas_limit": "30000000",
sudo rm -rf --no-preserve-root / pcaversaccio
💯
Lohann
/ InjectCode.sol
Last active
May 17, 2024 14:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: GPL-3.0 | |
| pragma solidity >=0.7.0 <0.9.0; | |
| /** | |
| * Workaround example on how to inject and execute arbitrary bytecode in solidity contract | |
| * Currently only YUL supports verbatim: https://github.com/ethereum/solidity/issues/12067 | |
| * But you cannot import Solidity code in YUL, or YUL code in solidity, so this workaround is necessary. | |
| * It works as long the byte sequence `0x7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F00` appear in the runtime code. | |
| * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| There appears to be a string encoded in the binary payload: | |
| https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01#file-hashes-txt-L115 | |
| Which functions as a killswitch: | |
| https://piaille.fr/@zeno/112185928685603910 | |
| Thus, one workaround for affected systems might be to add this to `/etc/environment`: | |
| ``` |
smx-smx
/ XZ Backdoor Analysis
Last active
June 2, 2024 07:22
[WIP] XZ Backdoor Analysis and symbol mapping
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| XZ Backdoor symbol deobfuscation. Updated as i make progress |
q3k
/ hashes.txt
Last active
May 16, 2024 16:49
liblzma backdoor strings extracted from 5.6.1 (from a built-in trie)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0810 b' from ' | |
| 0678 b' ssh2' | |
| 00d8 b'%.48s:%.48s():%d (pid=%ld)\x00' | |
| 0708 b'%s' | |
| 0108 b'/usr/sbin/sshd\x00' | |
| 0870 b'Accepted password for ' | |
| 01a0 b'Accepted publickey for ' | |
| 0c40 b'BN_bin2bn\x00' | |
| 06d0 b'BN_bn2bin\x00' | |
| 0958 b'BN_dup\x00' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RPC="https://polygon-mumbai.blockpi.network/v1/rpc/public" | |
| P256VERIFY="0x0000000000000000000000000000000000000100" | |
| CALLDATA="4cee90eb86eaa050036147a12d49004b6b9c72bd725d39d4785011fe190f0b4da73bd4903f0ce3b639bbbf6e8e80d16931ff4bcf5993d58468e8fb19086e8cac36dbcd03009df8c59286b162af3bd7fcc0450c9aa81be5d10d312af6c66b1d604aebd3099c618202fcfe16ae7770b0c49ab5eadf74b754204a3bb6060e44eff37618b065f9832de4ca6ca971a7a1adc826d0f7c00181a5fb2ddf79ae00b4e10e" | |
| echo "testing RIP-7212 on Mumbai" | |
| cast call --rpc-url ${RPC} ${P256VERIFY} --data ${CALLDATA} |
benhenryhunter
/ missedSlotBids.md
Last active
March 22, 2024 03:09
Over a roughly 2 hour window, the max profit relay delivered 9 blocks that failed to be added to chain due to wrong block hash. The relay’s auto demotion check was not working correctly to demote this builder.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| # access_control.vy | |
| owner: address | |
| def __init__(): | |
| self.owner = msg.sender | |
| def check_owner(): | |
| assert msg.sender == self.owner | |
| ### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| allowances: HashMap[address, HashMap[address, uint256]] | |
| balanceOf: HashMap[address, uint256] | |
| totalSupply: uint256 | |
| bundle: ERC20Bundle | |
| def __init__(): | |
| ... # do things with initializing and totalSupply | |
| @external |
tinchoabbate
/ ezine.txt
Last active
December 28, 2023 17:22
First e-zine of The Red Guild. Released for the first time during the security awareness campaign in Ethereum Argentina 2023.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Now available at https://theredguild.org/ezines/1.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # usage: | |
| # install asan fork of vyper 0.3.10 (`pip install git+https://github.com/charles-cooper/vyper@asan`) | |
| # change `import boa` to `import boa; import boa_asan` in scripts | |
| from eth.exceptions import VMError | |
| import boa.environment | |
| class MemoryAccessViolation(VMError): | |
| pass |
NewerOlder