This week we will focus on several high profile vulnerabilities in the variety of blockchain projects. FairWin ponzy scheme wins the prize for not only allowing contract owners to steal all the funds, but also failing to protect the contract itself from a front-running attack. Zcash allowed linking of shielded addresses to the IPs of full nodes originating them. A new clipboard stealing malware family targets all major cryptocurrency assets. On the lighter node, Arpox made an awesome write up for the Capture the Coin competition which he absolutely dominated this year!

Vulnerabilities

• [Vulnerability Disclosure] [FairWin] Front-running in the currently most used Ethereum contract - details of the vulnerability in a popular scam on the Ethereum network. The front-running attack allows anyone to steal investments while the code itself allows contract owners to empty all of the stored funds.

• Zcash Metadata Leakage CVE-2019-16930 - a bug in Zcash shielded transactions may allow the discovery …