Predicting Random Numbers in Ethereum Smart Contracts
Slides from my AppSec California 2018 talk “Predicting Random Numbers in Ethereum Smart Contracts” Detailed blog post:...
View ArticleAdobe Experience Manager Vulnerability Scanner
Adobe Experience Manager is content management system that is based on Apache Sling – a framework for RESTful web-applications based on an extensible content tree. Apache Sling in its turn is...
View ArticlePolySwarm Smart Contract Hacking Challenge Writeup
This is a walk through for the smart contract hacking challenge organized by PolySwarm for CODE BLUE conference held in Japan on November 01–02. Although the challenge was supposed to be held on-site...
View ArticleWhy you should not use GraphQL schema generators
It has been quite a while since GraphQL has been introduced by Facebook, lots of tools and frameworks has appeared and are being used in the wild now. In 2017 I made an overview of the technology from...
View ArticleWriteup: pwnable.kr “unlink”
Pretty easy task from pwnable.kr but took me waaay too long. #include <stdio.h> #include <stdlib.h> #include <string.h> typedef struct tagOBJ{ struct tagOBJ* fd; struct tagOBJ* bk;...
View ArticleTakeaways from solving CryptoHack
Just over a month ago I learnt about a new “fun platform for learning modern cryptography” called CryptoHack. The platform looked fun indeed offering a gamified experience to master cryptography. A...
View ArticleDeFi Hack solutions: May The Force Be With You
Back in 2018 I hosted the contest EtherHack which featured a set of vulnerable smart contracts. At that time the tasks were focused primarily on the EVM peculiarities like insecure randomness or...
View ArticleDeFi Hack solutions: DiscoLP
This is a series of write-ups on DeFi Hack, a wargame based on real-world DeFi vulnerabilities. Other posts: DeFi Hack solutions: May The Force Be With You DiscoLP DiscoLP is a brand new liquidity...
View ArticleUsing CodeQL to detect client-side vulnerabilities in web applications
GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code. CodeQL is known as a tool to inspect open source repositories,...
View ArticleБезопасность web3: уязвимости на стыке блокчейна и веб-технологий
The post Безопасность web3: уязвимости на стыке блокчейна и веб-технологий first appeared on Raz0r.name.
View Articlecontract-diff: find bugs in smart contract forks
There has been plenty of hacks when a smart contract was forked and some things were changed without full understanding of the code. To help auditors I have built https://contract-diff.xyz This is how...
View ArticleСушите вёсла #20
Принял участие в новом эпизоде подкаста «Сушите вёсла», посвященном блокчейну, смарт-контрактам и их безопасности. Приятного прослушивания! The post Сушите вёсла #20 first appeared on Raz0r.name.
View ArticleUpgradeable smart contracts security
Slides & video from my talk about the security of proxies in smart contracts at OFFZONE 2022 The post Upgradeable smart contracts security first appeared on Raz0r.name.
View Article
More Pages to Explore .....