BlockThreat - Week 19, 2023
Snooker | Trust Trident | PlugwalkJoe | Ethereum
A few smaller BSC projects got hacked with <$100k in losses on average. Slow weeks like these are great to catch up on the latest research and tools. This week’s edition features a number of interesting papers on reentrancy exploitation, advance uses of Foundry, MEV, smart contract reversing as well as a couple of fun contests to keep your skill sharp. Enjoy!
Abusing SwapRouter02 to hide phishing transactions by Scam Sniffer.
Web3 Wallet eth_sign Support Situation by SlowMist.
Top 9 meme token red flags thread by DeDotFi.
On May 9, 2023 Floki Inu lost $60 in a reward manipulation exploit.
On May 9, 2023 Weeb lost $30k due to a price oracle manipulation exploit.
On May 10, 2023 Trust Trident lost $85k due to insufficient function parameter validation.
On May 10, 2023 Snooker lost $200k in a reward manipulation exploit.
On May 12, 2023 LW Token lost $48k in a price oracle manipulation exploit.
On May 13, 2023 Bitpaid lost $1k in a reward manipulation exploit that took 6 months to execute.
On May 14, 2023 Land NFT lost $150k due to insufficient function access control.
Complete Guide To Your First Audit by Owen Thurm.
Unbundling attacks on MEV relays using RPC by Michael Sproul.
All things reentrancy! workshop by Jsec Security.
Why Unauthorized Whitehacking Is Unethical by Immunefi.
Charting The Web3 Security Landscape by Consensys Diligence.
ArbiNet is the MEV detection model that doesn't require knowledge about DeFi smart contracts.
Slang is a syntax analysis API and unified grammar for all versions of Solidity.
Keep reading with a 7-day free trial
Subscribe to Blockchain Threat Intelligence to keep reading this post and get 7 days of free access to the full post archives.