Clik here to view.
Predicting Random Numbers in Ethereum Smart Contracts
Slides from my AppSec California 2018 talk “Predicting Random Numbers in Ethereum Smart Contracts” Detailed blog post:...
View ArticleClik here to view.
Adobe Experience Manager Vulnerability Scanner
Adobe Experience Manager is content management system that is based on Apache Sling – a framework for RESTful web-applications based on an extensible content tree. Apache Sling in its turn is...
View ArticleClik here to view.
PolySwarm Smart Contract Hacking Challenge Writeup
This is a walk through for the smart contract hacking challenge organized by PolySwarm for CODE BLUE conference held in Japan on November 01–02. Although the challenge was supposed to be held on-site...
View ArticleClik here to view.
Why you should not use GraphQL schema generators
It has been quite a while since GraphQL has been introduced by Facebook, lots of tools and frameworks has appeared and are being used in the wild now. In 2017 I made an overview of the technology from...
View ArticleClik here to view.
Writeup: pwnable.kr “unlink”
Pretty easy task from pwnable.kr but took me waaay too long. #include <stdio.h> #include <stdlib.h> #include <string.h> typedef struct tagOBJ{ struct tagOBJ* fd; struct tagOBJ* bk;...
View ArticleClik here to view.
Takeaways from solving CryptoHack
Just over a month ago I learnt about a new “fun platform for learning modern cryptography” called CryptoHack. The platform looked fun indeed offering a gamified experience to master cryptography. A...
View ArticleClik here to view.
DeFi Hack solutions: May The Force Be With You
Back in 2018 I hosted the contest EtherHack which featured a set of vulnerable smart contracts. At that time the tasks were focused primarily on the EVM peculiarities like insecure randomness or...
View ArticleClik here to view.
DeFi Hack solutions: DiscoLP
This is a series of write-ups on DeFi Hack, a wargame based on real-world DeFi vulnerabilities. Other posts: DeFi Hack solutions: May The Force Be With You DiscoLP DiscoLP is a brand new liquidity...
View ArticleClik here to view.
Using CodeQL to detect client-side vulnerabilities in web applications
GitHub’s CodeQL is a robust query language originally developed by Semmle that allows you to look for vulnerabilities in the source code. CodeQL is known as a tool to inspect open source repositories,...
View ArticleБезопасность web3: уязвимости на стыке блокчейна и веб-технологий
The post Безопасность web3: уязвимости на стыке блокчейна и веб-технологий first appeared on Raz0r.name.
View ArticleClik here to view.
contract-diff: find bugs in smart contract forks
There has been plenty of hacks when a smart contract was forked and some things were changed without full understanding of the code. To help auditors I have built https://contract-diff.xyz This is how...
View ArticleСушите вёсла #20
Принял участие в новом эпизоде подкаста «Сушите вёсла», посвященном блокчейну, смарт-контрактам и их безопасности. Приятного прослушивания! The post Сушите вёсла #20 first appeared on Raz0r.name.
View ArticleUpgradeable smart contracts security
Slides & video from my talk about the security of proxies in smart contracts at OFFZONE 2022 The post Upgradeable smart contracts security first appeared on Raz0r.name.
View Article
