Took part in the latest episode of the Unseen Money podcast with Paul Amery and Timur Yunusov to discuss the current state of DeFi security. Tune in!| Raz0r.name — Web Application Security
Finished a weekend project that may be useful for onchain vulnerability analysis of deployed smart contracts: https://github.com/Decurity/tx-coverage tx-coverage allows to reveal unused code of live smart contracts by collecting coverage from historical transactions. With it you can discover code that was never executed onchain and may contain potential bugs. The post New tool: tx-coverage first appeared on Raz0r — Web3 Security.| Raz0r — Web3 Security
In this talk we will share our experience of creating a transaction monitoring solution for the EVM-compatible networks. Starting from a standalone Rust application that queries the blockchain RPCs, and ending with a scalable solution that can handle thousands of transactions per second, we will cover all the steps that will explain how to catch the DeFi exploits before they happen. The technology stack is based on Apache Flink, a popular framework to perform stateful computations on streamin...| Raz0r — Web3 Security
Slides & video from my talk about the security of proxies in smart contracts at OFFZONE 2022 The post Upgradeable smart contracts security first appeared on Raz0r — Web3 Security.| Raz0r — Web3 Security
Принял участие в новом эпизоде подкаста “Сушите вёсла”, посвященном блокчейну, смарт-контрактам и их безопасности. Приятного прослушивания! The post Сушите вёсла #20 first appeared on Raz0r — Web3 Security.| Raz0r — Web3 Security
There has been plenty of hacks when a smart contract was forked and some things were changed without full understanding of the code. To help auditors I have built https://contract-diff.xyz This is how it works 🧵 For popular contracts like OpenZeppelin, Uniswap, Sushiswap, etc two kinds of hashes were computed: md5 hashsums & simhashes. Using […] The post contract-diff: find bugs in smart contract forks first appeared on Raz0r — Web3 Security.| Raz0r — Web3 Security
| Raz0r — Web3 Security
GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code. CodeQL is known as a tool to inspect open source repositories, however its usage is not limited just to it. In this article I will delve into approaches on how to use CodeQL […] The post Using CodeQL to detect client-side vulnerabilities in web applications first appeared on Raz0r — Web3 Security.| Raz0r — Web3 Security
This is a series of write-ups on DeFi Hack, a wargame based on real-world DeFi vulnerabilities. Other posts: DiscoLP DiscoLP is a brand new liquidity mining protocol! You can participate by depositing some JIMBO or JAMBO tokens. All liquidity will be supplied to JIMBO-JAMBO Uniswap pair. By providing liquidity with us you will get DISCO| Raz0r.name — Web Application Security
Back in 2018 I hosted the contest EtherHack which featured a set of vulnerable smart contracts. At that time the tasks were focused primarily on the EVM peculiarities like insecure randomness or extcodesize opcode tricks. Back then the first wave of crypto hype was coming to the end when numerous ICOs were falling apart because| Raz0r.name — Web Application Security
