Greetings!

A few smaller BSC projects got hacked with <$100k in losses on average. Slow weeks like these are great to catch up on the latest research and tools. This week’s edition features a number of interesting papers on reentrancy exploitation, advance uses of Foundry, MEV, smart contract reversing as well as a couple of fun contests to keep your skill sharp. Enjoy!

News

• PlugwalkJoe pleads guilty for the massive 2020 Twitter hack.

• $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story.

• How The DAO Hack Changed Ethereum and Crypto.

Scams

• Abusing SwapRouter02 to hide phishing transactions by Scam Sniffer.

• Web3 Wallet eth_sign Support Situation by SlowMist.

• Ape in altcoins but fall into a honeypot. What you should pay attention to in the meme season? by Beosin.

• Top 9 meme token red flags thread by DeDotFi.

• To catch a scammer: Kraken builds fake crypto account to ‘bait’ fraudsters.

• Philippines Law Enforcement Busts Crypto Scam Center, Over 1,000 Human Trafficking Victims Rescued.

Hacks

• On May 9, 2023 Floki Inu lost $60 in a reward manipulation exploit.

• On May 9, 2023 Weeb lost $30k due to a price oracle manipulation exploit.

• On May 10, 2023 Trust Trident lost $85k due to insufficient function parameter validation.

• On May 10, 2023 Snooker lost $200k in a reward manipulation exploit.

• On May 12, 2023 LW Token lost $48k in a price oracle manipulation exploit.

• On May 13, 2023 Bitpaid lost $1k in a reward manipulation exploit that took 6 months to execute.

• On May 14, 2023 Land NFT lost $150k due to insufficient function access control.

Other Incidents

• On May 11, 2023 Ethereum Beacon Chain experienced multiple finality issues. Interestingly the network experienced outages the next day possibly caused by a malicious actor who learned about the bug.

Malware

• RapperBot DDoS malware adds cryptojacking as new revenue stream.

Contests

• 0xLanterns Audit Training.

• RareSkills published gas optimization puzzles. Solutions by Martin Marchev.

Media

• BlueHat IL 2023 - Tal Be'ery & Roi Vazan - Web3 transactions.

• Complete Guide To Your First Audit by Owen Thurm.

Research

• Unbundling attacks on MEV relays using RPC by Michael Sproul.

• All things reentrancy! workshop by Jsec Security.

• Ripped Jesus from Foundry exists! Start using Foundry in your audits. Follow this guide by Bloqarl.

• Intro to Smart Contract Security Audit — Front Running by SlowMist.

• Why Unauthorized Whitehacking Is Unethical by Immunefi.

• Charting The Web3 Security Landscape by Consensys Diligence.

• DeFi Lending Concepts Part 3: Rewards by Tal.

• Pointers in Solidity? Learning about memory pointers in Solidity using assembly by matta.

• Unraveling the MEV Enigma: ABI-Free Detection Model using Graph Neural Networks.

• SigRec: Automatic Recovery of Function Signatures in Smart Contracts.

• Novel bribery mining attacks in the bitcoin system and the bribery miner's dilemma.

• DeFi Audit Repository.

Tools

• ArbiNet is the MEV detection model that doesn't require knowledge about DeFi smart contracts.

• Enso Transaction Simulator.

• Slang is a syntax analysis API and unified grammar for all versions of Solidity.

• Blockchain Security Audit Search (alternative).

Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with indicators, special reports, and searchable newsletter archives.

Premium Content