Year: 2021

Using CodeQL to detect client-side vulnerabilities in web applications

GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code. CodeQL is known as a tool to inspect open source repositories, however its usage is not limited just to it. In this article I will delve into approaches on how to use CodeQL…

23 September 2021
DeFi Hack solutions: DiscoLP

This is a series of write-ups on DeFi Hack, a wargame based on real-world DeFi vulnerabilities. Other posts: DiscoLP DiscoLP is a brand new liquidity mining protocol! You can participate by depositing some JIMBO or JAMBO tokens. All liquidity will be supplied to JIMBO-JAMBO Uniswap pair. By providing liquidity with us you will get DISCO…

18 June 2021
DeFi Hack solutions: May The Force Be With You

Back in 2018 I hosted the contest EtherHack which featured a set of vulnerable smart contracts. At that time the tasks were focused primarily on the EVM peculiarities like insecure randomness or extcodesize opcode tricks. Back then the first wave of crypto hype was coming to the end when numerous ICOs were falling apart because…

15 June 2021