BlockThreat - Week 19, 2023
Snooker | Trust Trident | PlugwalkJoe | Ethereum
A few smaller BSC projects got hacked with <$100k in losses on average. Slow weeks like these are great to catch up on the latest research and tools. This week’s edition features a number of interesting papers on reentrancy exploitation, advance uses of Foundry, MEV, smart contract reversing as well as a couple of fun contests to keep your skill sharp. Enjoy!
PlugwalkJoe pleads guilty for the massive 2020 Twitter hack.
$3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story.
Abusing SwapRouter02 to hide phishing transactions by Scam Sniffer.
Web3 Wallet eth_sign Support Situation by SlowMist.
Ape in altcoins but fall into a honeypot. What you should pay attention to in the meme season? by Beosin.
Top 9 meme token red flags thread by DeDotFi.
To catch a scammer: Kraken builds fake crypto account to ‘bait’ fraudsters.
Philippines Law Enforcement Busts Crypto Scam Center, Over 1,000 Human Trafficking Victims Rescued.
On May 9, 2023 Floki Inu lost $60 in a reward manipulation exploit.
On May 9, 2023 Weeb lost $30k due to a price oracle manipulation exploit.
On May 10, 2023 Trust Trident lost $85k due to insufficient function parameter validation.
On May 10, 2023 Snooker lost $200k in a reward manipulation exploit.
On May 12, 2023 LW Token lost $48k in a price oracle manipulation exploit.
On May 13, 2023 Bitpaid lost $1k in a reward manipulation exploit that took 6 months to execute.
On May 14, 2023 Land NFT lost $150k due to insufficient function access control.
On May 11, 2023 Ethereum Beacon Chain experienced multiple finality issues. Interestingly the network experienced outages the next day possibly caused by a malicious actor who learned about the bug.
RareSkills published gas optimization puzzles. Solutions by Martin Marchev.
BlueHat IL 2023 - Tal Be'ery & Roi Vazan - Web3 transactions.
Complete Guide To Your First Audit by Owen Thurm.
Unbundling attacks on MEV relays using RPC by Michael Sproul.
All things reentrancy! workshop by Jsec Security.
Ripped Jesus from Foundry exists! Start using Foundry in your audits. Follow this guide by Bloqarl.
Intro to Smart Contract Security Audit — Front Running by SlowMist.
Why Unauthorized Whitehacking Is Unethical by Immunefi.
Charting The Web3 Security Landscape by Consensys Diligence.
Pointers in Solidity? Learning about memory pointers in Solidity using assembly by matta.
Unraveling the MEV Enigma: ABI-Free Detection Model using Graph Neural Networks.
SigRec: Automatic Recovery of Function Signatures in Smart Contracts.
Novel bribery mining attacks in the bitcoin system and the bribery miner's dilemma.
ArbiNet is the MEV detection model that doesn't require knowledge about DeFi smart contracts.
Slang is a syntax analysis API and unified grammar for all versions of Solidity.
Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.