Skip to content

Instantly share code, notes, and snippets.

@tinchoabbate
tinchoabbate / ezine.txt
Last active December 28, 2023 17:22
First e-zine of The Red Guild. Released for the first time during the security awareness campaign in Ethereum Argentina 2023.
Now available at https://theredguild.org/ezines/1.html
@tinchoabbate
tinchoabbate / pendrive-reuse.md
Created November 23, 2023 14:16
"How to reuse a pendrive" by matta @ The Red Guild.

What should you do with the pendrive?

Suppose the conference is over, this pendrive is still in your hands - also that you were not selfish and didn't take it out of circulation before time, depriving the rest to enjoy the experience - and you now wonder what to do with it. Then, I suggest to repurpose it.

Let's turn the flash drive into a key to open a password manager database, but with a few twists ;)

This file has been truncated, but you can view the full file.
object \"deploy_test$Test\" {
code { {
let $$$size := datasize(\"test$Test\")
datacopy(0, dataoffset(\"test$Test\"), $$$size)
return(0, $$$size)
} }
object \"test$Test\" {
code {
switch and(shr(sub(256, 32), calldataload(0)), 0xffffffff)
case 0xb120aff2 {
0x0: PUSH1 0x80
0x2: PUSH1 0x40
0x4: MSTORE
0x5: CALLVALUE
0x6: DUP1
0x7: ISZERO
0x8: PUSH2 0x10
0xb: JUMPI
0xc: PUSH1 0x0
0xe: DUP1
@tinchoabbate
tinchoabbate / split_bytes.py
Created March 13, 2020 15:07
Useful to pass a sequence of bytes to a function argument in Remix
#!/usr/bin/python3
import sys
if len(sys.argv) != 2 or len(sys.argv[1]) % 2 != 0:
print('Input missing or does not have even number of chars')
exit(1)
data = sys.argv[1]
data = data.replace('0x','')
@tinchoabbate
tinchoabbate / Test.sol
Last active May 29, 2020 17:56
Calling a contract after being selfdestructed
pragma solidity ^0.6.0;
import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.0.1/contracts/utils/Address.sol";
contract Test {
using Address for address;
event Log(uint256 result);
function execute() public payable {
@tinchoabbate
tinchoabbate / ControllerModule.sol
Last active March 20, 2020 14:33
Deploying backdoored Gnosis Safe Multisig wallets: blog.openzeppelin.com/backdooring-gnosis-safe-multisig-wallets
pragma solidity ^0.5.0;
import "@gnosis.pm/safe-contracts/contracts/base/Module.sol";
import "@gnosis.pm/safe-contracts/contracts/common/Enum.sol";
/*
* @notice UNSAFE CODE - DO NOT USE IN PRODUCTION
*/
contract ControllerModule is Module {
@tinchoabbate
tinchoabbate / ShadyProxy.sol
Created July 2, 2019 23:03
Shady proxy used for function clashing
pragma solidity ^0.5.0;
contract Proxy {
address public proxyOwner;
address public implementation;
constructor(address implementation) public {
proxyOwner = msg.sender;
_setImplementation(implementation);
pragma solidity ^0.5.0;
import "openzeppelin-eth/contracts/token/ERC20/ERC20Burnable.sol";
import "openzeppelin-eth/contracts/token/ERC20/ERC20Detailed.sol";
import "zos-lib/contracts/Initializable.sol";
contract BurnableToken is Initializable, ERC20Burnable, ERC20Detailed {
function initialize(
string memory name,
@tinchoabbate
tinchoabbate / Proxy.sol
Created July 2, 2019 22:53
Simple proxy contract
pragma solidity ^0.5.0;
contract Proxy {
address public proxyOwner;
address public implementation;
constructor(address implementation) public {
proxyOwner = msg.sender;
_setImplementation(implementation);