Are you over 18 and want to see adult content?
More Annotations
A complete backup of www.model-kartei.de
Are you over 18 and want to see adult content?
A complete backup of dirtyhomeclips.com
Are you over 18 and want to see adult content?
A complete backup of sonovinhasbr.com
Are you over 18 and want to see adult content?
A complete backup of webcamsdolls.com
Are you over 18 and want to see adult content?
A complete backup of www.www.petticoated.com
Are you over 18 and want to see adult content?
A complete backup of www.www.millionairematch.com
Are you over 18 and want to see adult content?
A complete backup of fluffychicks.net
Are you over 18 and want to see adult content?
A complete backup of www.tastyblacks.com
Are you over 18 and want to see adult content?
A complete backup of www.www.enature.tv
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of https://debraklein.com
Are you over 18 and want to see adult content?
A complete backup of https://almanacwhf.ru
Are you over 18 and want to see adult content?
A complete backup of https://tgpmasters.org
Are you over 18 and want to see adult content?
A complete backup of https://patientenbeauftragter.de
Are you over 18 and want to see adult content?
A complete backup of https://netdoktor.se
Are you over 18 and want to see adult content?
A complete backup of https://africanseer.com
Are you over 18 and want to see adult content?
A complete backup of https://mdtheatreguide.com
Are you over 18 and want to see adult content?
A complete backup of https://keyfactor.com
Are you over 18 and want to see adult content?
A complete backup of https://thenativesociety.com
Are you over 18 and want to see adult content?
A complete backup of https://ukibc.com
Are you over 18 and want to see adult content?
A complete backup of https://elsemanaldigital.com
Are you over 18 and want to see adult content?
A complete backup of https://pacificsun.com
Are you over 18 and want to see adult content?
Text
Get started
Open in app
Peter Kacherginsky
356 Followers
About
Follow
Sign in
Get started
Follow
356 Followers
About
Get started
Open in app
May 20
MEEBIT NFT EXPLOIT ANALYSIS It was the year 1964 when a young economist, Stefan Mandel, won 72,783 leu from a Romanian state lottery. There are many similar stores where a really lucky player got a once in a lifetime win only to be never heard from again. Except, Stefan went on to win a total of 14 lotteries in his lifetime including the $27 million Virginia state lottery in 1992. He did it by finding weaknesses in lotteries around the world which allowed him to all but guarantee a win. Modern lotteries have instituted new rules and increased the number of combinations to stop… Read more · 6 min read70
-------------------------Feb 4
DAMN VULNERABLE DEFI — CHALLENGE #8 WALKTHROUGH Automated Market Makers (AMMs) like Uniswap provide many essential services to the DeFi ecosystem including on-chain price feeds. These price oracles are used by lending, derivatives, stable coins, and other applications. Unfortunately, it is possible to manipulate these price feeds which resulted in several multi-million dollarhacks.
In the next challenge, we will develop one such exploit against an overly trusting lending pool. Here is the description: There's a huge lending pool borrowing Damn Valuable Tokens (DVTs), where you first need to deposit twice the borrow amount in ETH as collateral. The pool currently has 10000 DVTs in liquidity.There's… Read more · 3 min read -------------------------Jan 24
DAMN VULNERABLE DEFI — CHALLENGE #7 WALKTHROUGH Oracles play a critical role in many DeFi applications where they are used to correctly report asset prices and other data. As evident by many incidents such as Cheese Bankand Warp Finance
,
any oracle price manipulations can lead to multi-million losses. The next Damn Vulnerable DeFi challenge offers a plausible scenario where a price Oracle platform appears to leak potentially sensitive data: While poking around a web service of one of the most popular DeFi projects in the space, you get a somewhat strange response from their server. This is a snippet:HTTP/2 200 OK… Read more · 4 min read -------------------------Dec 22, 2020
0XPOLAND — ADVENTURE AWAITS Last month, ETHworks put together a really fun smart contract contest where players competed to solve all the clues and unlock a 7 ETH reward. While I did not win, I had an absolute blast participating in it and wanted to share my notes in case you want to learn about password cracking and smart contract hacking techniques. If that sounds interesting to you, let’s dive right in.#0XPOLAND
On November 17th, 2020, while preparing for the next edition of the Blockchain Threat Intelligence newsletter, I ran across an interesting tweet advertising some kind of a smart contract contest: https://twitter.com/0xPoland/status/1328616243562156032The address…
Read more · 7 min read183
1
-------------------------Dec 19, 2020
DAMN VULNERABLE DEFI — CHALLENGE #6 WALKTHROUGHThe next challenge
in the series
teaches us about dangers of mixing flash loans and governance systems: A new cool lending pool has launched! It's now offering flash loans of DVT tokens.Wow, and it even includes a really fancy governance mechanism to control it.What could go wrong, right ?You start with no DVT tokens in balance, and the pool has 1.5 million. Your objective: steal them all. The governance contract described in the challenge implements two functions to queue and execute action proposals. Action queue mechanism verifies that an actor has sufficient votes as follows:Notice…__
Read more · 2 min read4
-------------------------Dec 18, 2020
DAMN VULNERABLE DEFI — CHALLENGE #5 WALKTHROUGH Let’s continue our journey of learning about vulnerable DeFi applications. The next exercise, _the-rewarder_, challenges us to cheat at getting all of the rewards in a stripped down liquidity poolapp:
There's a pool offering rewards in tokens every 5 days for those who deposit their DVT tokens into it.Alice, Bob, Charlie and David have already deposited some DVT tokens, and have won their rewards!You don't have any DVT tokens. Luckily, these are really popular nowadays, so there's another pool offering them in free flash loans.In the upcoming round, you must claim all rewards for yourself.The…
Read more · 4 min read4
-------------------------Nov 25, 2020
DAMN VULNERABLE DEFI — CHALLENGE #4 WALKTHROUGH The next puzzle in the series continues challenging players to empty DeFi lending pool through any means necessary. Here is the challenge: A surprisingly simple lending pool allows anyone to deposit ETH, and withdraw it at any point in time.This very simple lending pool has 1000 ETH in balance already, and is offering free flash loans using the deposited ETH to promote their system.You must steal all ETH from the lending pool. The _challenge.js_ file performs basic setup on the vulnerable pool contract and deposits some initial balance: Let’s take a look at the SIDEENTRANCELENDERPOOL contract to… Read more · 2 min read5
-------------------------Nov 23, 2020
DAMN VULNERABLE DEFI — CHALLENGE #3 WALKTHROUGH Let’s dive into the next challenge called Truster in the OpenZeppelin’s fun WARGAME : More and more lending pools are offering flash loans. In this case, a new pool has launched that is offering flash loans of DVT tokens for free.Currently the pool has 1 million DVT tokens in balance. And you have nothing.But don't worry, you might be able to steal them all from the pool. The challenge sets up a lending pool instance of TRUSTERLENDERPOOL anddeposits 1M ETH:
The TRUSTERLENDERPOOL has a single function called FLASHLOAN which can lend any requested amount to the _borrower…_ Read more · 2 min read8
-------------------------Nov 18, 2020
DAMN VULNERABLE DEFI — CHALLENGE #2 WALKTHROUGH Continuing our exploration of the DAMN VULNERABLE DEFI wargame, the next puzzle is called NAIVE RECEIVER. It challenges
players to drain a DeFi user’s account: There's a lending pool offering quite expensive flash loans of Ether, which has 1000 ETH in balance.You also see that a user has deployed a contract with 10 ETH in balance, capable of interacting with the lending pool and receiveing flash loans of ETH.Drain all ETH funds from the user's contract. Doing it in a single transaction is a big plus ;) The challenge file sets up a lending pool and a user… Read more · 2 min read54
Show more
-------------------------Nov 14, 2020
DAMN VULNERABLE DEFI — SETUP AND CHALLENGE #1 WALKTHROUGH Damn Vulnerable DeFi is an Ethereum smart contract wargamedeveloped by
@tinchoabbate from OpenZeppelin. The competition includes 8 unique challenges educating players about various DeFi vulnerabilities. In this article, I will share basic set up steps to get you started on the challenges and go over the first challenge.WARGAME SETUP
To begin playing the wargame, you have to set up your local environment first. Start by cloning the challenges repository from Github and installing Node dependencies: % git clone https://github.com/OpenZeppelin/damn-vulnerable-defi.git % cd damn-vulnerable-defi% npm install
Once you install all of the dependencies you can test the environment by listing available… Read more · 3 min read111
PETER KACHERGINSKY
Blockchain Security, Malware Analysis, Incident Response, Pentesting,BlockThreat.net
About
Help
Legal
Get the Medium app
Details
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0