pkqs90

0. Preliminary Notes A few months ago, I encountered a scam on Twitter. I clicked on some random tweet that said something like “Hey check out this MEV bot that makes me 5 ETH per week” which led to some Solidity code. At that time, I didn’t understand Solidity but was pretty sure it was a scam (spoilers alert: it was). Also, I had no idea what an MEV bot was, but in hindsight, the scam was attempting to use Solidity code for an MEV bot, which actually made no sense since it requires offchain code to monitor the mempool....

0. Preliminary Notes In the second post of my dapp walkthrough series, I will be focusing on Gnosis Safe. This choice was inspired by my recent audit of reNFT for this Code4rena contest, where Gnosis Safe was a significant element. The post will cover Gnosis Safe’s architecture for v1.4.1. I’ve also referred to the following articles about Gnosis Safe while writing this post: https://hackmd.io/@kyzooghost/HJMi2Nllq https://docs.safe.global https://blog.wssh.trade/tags/safe/ 1. What is Gnosis Safe?...

0. Preliminary Notes I’m considering starting a blog series that delves into the smart contracts behind popular dapps. This initiative would be a good opportunity for public learning and motivate me to thoroughly explore the intricacies of their coding. This first post will focus on Friend.tech, a well-known socialfi dapp introduced in the summer of 2023. This dapp’s simplicity makes it an ideal starting point for my series. 1. What is Friend....

Introduction This series of posts provides solutions for version 3 of Damn Vulnerable DeFi, which includes a total of 15 challenges. This is the Part 3 of Damn Vulnerable Defi Solution series: Part 1 Part 2 Part 3 (Current) You can find all my solutions and local setup in this GitHub repository. This post will focus on solutions for challenges 11-15. These final five challenges are the most complex in the series, encompassing highly realistic use cases, including Gnosis Safe Wallets, Uniswap V3, the UUPS Upgradeable pattern, timelocks, and more....

Introduction This series of posts provides solutions for version 3 of Damn Vulnerable DeFi, which includes a total of 15 challenges. This is the Part 2 of Damn Vulnerable Defi Solution series: Part 1 Part 2 (Current) Part 3 You can find all my solutions and local setup in this GitHub repository. This post will focus on solutions for challenges 6-10. These five challenges are primarily centered around flash loans and encompass real-world scenarios....

Introduction Damn Vulnerable Defi offers a series of CTF-like challenges that are more intricate than those in CTE and Ethernaut, with a focus on DeFi-related topics. These challenges cover areas like flash loans, price oracles, governance, NFTs, wallets, and timelocks. They incorporate real-world contracts from platforms such as Uniswap (V1, V2, V3), Gnosis Safe, and various upgrade patterns. By tackling these challenges, you’ll gain substantial knowledge about DeFi and become more adept at understanding security practices in this field....

Introduction This is the Part 3 of Ethernaut Solution series: Part 1 Part 2 Part 3 (Current) You can find all my solutions and local setup in this GitHub repository. This post will cover solutions for challenges 20-29. These ten challenges rank as the most difficult in the entire series, encompassing a range of real-world scenarios like DEX and proxy patterns. They also require a bit deep understanding of Solidity internals, such as the encoding of calldata....

Introduction This is the Part 2 of Ethernaut Solution series: Part 1 Part 2 (Current) Part 3 You can find all my solutions and local setup in this GitHub repository. This post will cover solutions for challenges 10-19. These ten challenges are somewhat more complex than the first ten. Solving them mainly involves understanding some Solidity internals (e.g. storage layouts), and basic security vulnerability patterns (e.g. reentrancy pattern). Solutions 10. Re-entrancy This is a classic reentrancy vulnerability....

Introduction Ethernaut is a Web3/Solidity based CTF developed by OpenZeppelin. The CTF is played online using Ethereum test networks, but for faster development, I setup a local dev environment using hardhat forking Sepolia testnet. Comparing with Capture-the-Ether, Ethernaut is more up-to-date in aspects like Solidity versions (CTE uses ^0.4 versions) and DeFi-related content. I found Ethernaut to be highly educational and comprehensive, offering a thorough overview of smart contract security vulnerabilities....

0. Introduction Capture the Ether serves as an introductory CTF (Capture the Flag) for those interested in smart contract security. It offers a variety of challenges categorized into different sections. Participating in this CTF marked my first foray into the world of smart contract security, and it was an incredibly educational experience. Originally, the challenge was hosted on the Ropsten network, but since it became deprecated in 2023, I set up a local dev environment using Hardhat to continue playing....