Author: Raz0r

  • Building scalable monitoring infrastructure from scratch

    In this talk we will share our experience of creating a transaction monitoring solution for the EVM-compatible networks. Starting from a standalone Rust application that queries the blockchain RPCs, and ending with a scalable solution that can handle thousands of transactions per second, we will cover all the steps that will explain how to catch…

  • Upgradeable smart contracts security

    Slides & video from my talk about the security of proxies in smart contracts at OFFZONE 2022

  • Сушите вёсла #20

    Сушите вёсла #20

    Принял участие в новом эпизоде подкаста “Сушите вёсла”, посвященном блокчейну, смарт-контрактам и их безопасности. Приятного прослушивания!

  • contract-diff: find bugs in smart contract forks

    contract-diff: find bugs in smart contract forks

    There has been plenty of hacks when a smart contract was forked and some things were changed without full understanding of the code. To help auditors I have built https://contract-diff.xyz This is how it works 🧵 For popular contracts like OpenZeppelin, Uniswap, Sushiswap, etc two kinds of hashes were computed: md5 hashsums & simhashes. Using…

  • Безопасность web3: уязвимости на стыке блокчейна и веб-технологий

  • Using CodeQL to detect client-side vulnerabilities in web applications

    GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code. CodeQL is known as a tool to inspect open source repositories, however its usage is not limited just to it. In this article I will delve into approaches on how to use CodeQL…

  • DeFi Hack solutions: DiscoLP

    This is a series of write-ups on DeFi Hack, a wargame based on real-world DeFi vulnerabilities. Other posts: DiscoLP DiscoLP is a brand new liquidity mining protocol! You can participate by depositing some JIMBO or JAMBO tokens. All liquidity will be supplied to JIMBO-JAMBO Uniswap pair. By providing liquidity with us you will get DISCO…

  • DeFi Hack solutions: May The Force Be With You

    DeFi Hack solutions: May The Force Be With You

    Back in 2018 I hosted the contest EtherHack which featured a set of vulnerable smart contracts. At that time the tasks were focused primarily on the EVM peculiarities like insecure randomness or extcodesize opcode tricks. Back then the first wave of crypto hype was coming to the end when numerous ICOs were falling apart because…

  • Takeaways from solving CryptoHack

    Takeaways from solving CryptoHack

    Just over a month ago I learnt about a new “fun platform for learning modern cryptography” called CryptoHack. The platform looked fun indeed offering a gamified experience to master cryptography. A while ago I had a try at Matasano crypto challenges, which are now known as CryptoPals. In original Matasano challenges you had to mail…

  • Writeup: pwnable.kr “unlink”

    Pretty easy task from pwnable.kr but took me waaay too long. We’ve got here three structures allocated on the heap, which are doubly-linked in a ptalloc fashion where a chunk’s header contains a pointer to the previous chunk and to the next one. There is also an obvious overflow which presumably would allow us to…