diff --git a/not-so-smart-contracts/cosmos/messages_priority/README.md b/not-so-smart-contracts/cosmos/messages_priority/README.md index ef7c0fa6..2b6eff0a 100644 --- a/not-so-smart-contracts/cosmos/messages_priority/README.md +++ b/not-so-smart-contracts/cosmos/messages_priority/README.md @@ -58,5 +58,5 @@ Once a bug in pool's implementation is discovered, attackers and the pool's oper ## External examples -- [Terra Money's oracle messages were not prioritized](https://cryptorisks.substack.com/p/ust-december-2021) (search for "priority"). It was [fixed with modifications to Tendermint](https://github.com/terra-money/tendermint/commit/6805b4866bdbd6933000eb0e761acbf15edd8ed6). +- [Terra Money's oracle messages were not prioritized](https://x.com/terra_money/status/1524785058296778752). It was [fixed with modifications to Tendermint](https://github.com/terra-money/tendermint/commit/6805b4866bdbd6933000eb0e761acbf15edd8ed6). - [Umee oracle and orchestrator messages were not prioritized](https://github.com/trailofbits/publications/blob/master/reviews/Umee.pdf) (search for finding TOB-UMEE-20 and TOB-UMEE-31). diff --git a/not-so-smart-contracts/substrate/weights_and_fees/README.md b/not-so-smart-contracts/substrate/weights_and_fees/README.md index 61ec9426..466b9d67 100644 --- a/not-so-smart-contracts/substrate/weights_and_fees/README.md +++ b/not-so-smart-contracts/substrate/weights_and_fees/README.md @@ -47,4 +47,4 @@ On the other hand, if an attacker sends a `useful_amounts` vector that is incred # References - https://docs.substrate.io/main-docs/build/tx-weights-fees/ -- https://docs.substrate.io/reference/how-to-guides/weights/add-benchmarks/ +- https://docs.polkadot.com/develop/parachains/testing/benchmarking/ diff --git a/program-analysis/echidna/advanced/hevm-cheats-to-test-permit.md b/program-analysis/echidna/advanced/hevm-cheats-to-test-permit.md index 10c7a3da..a5359542 100644 --- a/program-analysis/echidna/advanced/hevm-cheats-to-test-permit.md +++ b/program-analysis/echidna/advanced/hevm-cheats-to-test-permit.md @@ -8,7 +8,7 @@ This method presents a new way of allocating allowances, as signatures can be computed off-chain and passed to a contract. It allows a relayer to pay the entire gas fee of the permit transaction in exchange for a fee, enabling completely gasless transactions for a user. Furthermore, this removes the typical `approve() -> transferFrom()` pattern that forces users to send two transactions instead of just one through this new method. -Note that for the permit function to work, a valid signature is needed. This example will demonstrate how we can use [`hevm`'s `sign` cheatcode](https://hevm.dev/ds-test-tutorial.html#supported-cheat-codes) to sign data with a private key. More generally, you can use this cheatcode to test anything that requires valid signatures. +Note that for the permit function to work, a valid signature is needed. This example will demonstrate how we can use [`hevm`'s `sign` cheatcode](https://hevm.dev/std-test-tutorial.html#supported-cheat-codes) to sign data with a private key. More generally, you can use this cheatcode to test anything that requires valid signatures. ## Example diff --git a/program-analysis/echidna/advanced/on-using-cheat-codes.md b/program-analysis/echidna/advanced/on-using-cheat-codes.md index 373dd964..7c3b35db 100644 --- a/program-analysis/echidna/advanced/on-using-cheat-codes.md +++ b/program-analysis/echidna/advanced/on-using-cheat-codes.md @@ -14,7 +14,7 @@ Cheat codes are special functions that allow to change the state of the EVM in w ## Cheat codes available in Echidna -Echidna supports all cheat codes that are available in [hevm](https://github.com/ethereum/hevm). These are documented here: [https://hevm.dev/controlling-the-unit-testing-environment.html#cheat-codes](https://hevm.dev/ds-test-tutorial.html#supported-cheat-codes). +Echidna supports all cheat codes that are available in [hevm](https://github.com/ethereum/hevm). These are documented here: [https://hevm.dev/controlling-the-unit-testing-environment.html#cheat-codes](https://hevm.dev/std-test-tutorial.html#supported-cheat-codes). If a new cheat code is added in the future, Echidna only needs to update the hevm version and everything should work out of the box. As an example, the `prank` cheat code is able to set the `msg.sender` address in the context of the next external call: diff --git a/resources/contact.md b/resources/contact.md index c6958711..343f9147 100644 --- a/resources/contact.md +++ b/resources/contact.md @@ -13,40 +13,35 @@ This document is a work in progress. We're happy to accept feedback, questions, ## Blockchains | Name | Contact | More info | -| ---------------- | ------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | --- | -| Aptos | security@aptoslabs.com | | -| Arweave | team@arweave.org | | -| Auroracoin | m.hannes@auroracoin.is | | -| Bitcoin | security@bitcoincore.org | [Security page](https://bitcoincore.org/en/contact/) | -| Bitcoin Cash | | +| ---------------- | ------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | +| Aptos | security@aptoslabs.com | +| Arweave | team@arweave.org | +| Auroracoin | m.hannes@auroracoin.is | +| Bitcoin | security@bitcoincore.org | [Security page](https://bitcoincore.org/en/contact/) Bitcoin Cash | | Bitcoin Gold | admin@bitcoingold.org | [Disclosure policy](https://github.com/BTCGPU/dev/blob/master/responsible-disclosure.md) | | Bitshares | contactbitshares@bitshares.org | | Bytecoin | contact@bytecoin.org | -| Cloakcoin | anorak@cloakcoin.com | | +| Cloakcoin | anorak@cloakcoin.com | | Decred | contact@decred.org | -| DogeCoin | | | -| Edgeware | security@commonwealth.im | | | +| Edgeware | security@commonwealth.im | | Ethereum | bounty@ethereum.org | [Bug bounty](https://bounty.ethereum.org/) | -| Ethereum Classic | security@etcdevteam.com | | +| Ethereum Classic | security@etcdevteam.com | | Horizen | security@horizen.global | [Bug bounty](https://horizenofficial.atlassian.net/wiki/spaces/ZEN/pages/136871957/Bug+Bounty+Submission+Policy+and+Scope) | | Hush | hushteam@protonmail.com | [Security Page](https://github.com/MyHush/hush/blob/master/doc/security.md) | -| ICON | hello@icon.foundation | | -| IOV | security@iov.one | | -| Komodo | security@komodoplatform.com | | -| Litecoin | contact@litecoin.org | | -| Nem | contact@nem.io | | -| Neo | contact@neo.org | | +| ICON | hello@icon.foundation | +| IOV | security@iov.one | +| Komodo | security@komodoplatform.com | +| Litecoin | contact@litecoin.org | +| Nem | contact@nem.io | +| Neo | contact@neo.org | | Monero | [Multiple](https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md) | [Bug bounty](https://hackerone.com/monero) | -| Ontology | contact@ont.io | | +| Ontology | contact@ont.io | | POA Core | security@poanetwork.com | [Security page](https://forum.poa.network/c/general/security) | | Ripple | bugs@ripple.com | [Bug bounty](https://ripple.com/bug-bounty/) | | RSK | security@rsk.co | [Bug bounty](https://hackerone.com/iovlabs) | -| Sia | hello@sia.tech | | -| Steem | | | +| Sia | hello@sia.tech | | Tezos | security@tezos.com | [Bug bounty](https://tezos.foundation/security/security-policy-bug-bounty/) | -| Qtum | | | -| Quorum | quorum_info@jpmorgan.com | | -| VeChain | | | +| Quorum | quorum_info@jpmorgan.com | | xDai Chain | security@poanetwork.com | [Security page](https://forum.poa.network/c/general/security) | | ZCash | security@z.cash | [Security page](https://z.cash/support/security/) | @@ -75,7 +70,6 @@ This document is a work in progress. We're happy to accept feedback, questions, | Dharma | | security@dharma.io | | | Erasure / Numerai | [External Reference](https://github.com/erasureprotocol/erasure-protocol) | security@numer.ai | | | Ethfinex | | bounty@ethfinex.com | | -| Giveth | [External Reference](https://docs.giveth.io/dapps/developmentProcess/) | | Idle Finance | [External Reference](https://developers.idle.finance/contracts-and-codebase) | security@idle.finance | | | InstaDApp | [External Reference](https://github.com/InstaDApp/smart-contract) | info@instadapp.io | | | Kleros | [External Reference](https://github.com/kleros/kleros/blob/master/auditor.md) | contact@kleros.io | [Bug bounty](https://github.com/kleros/kleros/blob/master/auditor.md#bounties) | @@ -109,7 +103,7 @@ This document is a work in progress. We're happy to accept feedback, questions, ## ERC20 Tokens | Name | Ticker | Mainnet Address | Contact | More info | -| ---------------------- | --------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | --- | +| ---------------------- | --------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ---- | ------------------------------------------------------------------------------------ | ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --- | --- | ---------------------------------------------------------------------------------- | --- | --- | ---- | ---- | ---------------------------------------------------------------------------------- | ----------------------------- | --- | | Aelf | ELF | [Etherscan](https://etherscan.io/token/0xbf2179859fc6d5bee9bf9158632dc51678a4100e) | contact@aelf.io | | | Aeternity | AE | [Etherscan](https://etherscan.io/token/0x5ca9a71b1d01849c0a95490cc00559717fcf0d1d) | info@aeternity.com | | | Aion | AION | [Etherscan](https://etherscan.io/token/0x4CEdA7906a5Ed2179785Cd3A40A69ee8bc99C466) | hello@aion.network | | @@ -131,8 +125,7 @@ This document is a work in progress. We're happy to accept feedback, questions, | Dai | DAI | [Etherscan](https://etherscan.io/token/0x89d24a6b4ccb1b6faa2625fe562bdd9a23260359) | infosec@makerdao.com | | | Decentraland | MANA | [Etherscan](https://etherscan.io/token/0x0f5d2fb29fb7d3cfee444a200298f468908cc942) | hello@decentraland.org | | | DentaCoin | DCN | [Etherscan](https://etherscan.io/token/0x08d32b0da63e2C3bcF8019c9c5d849d7a9d791e6) | founder@dentacoin.com | | -| DigixDAO | DGD | | | | -| Dropil | DROP | [Etherscan](https://etherscan.io/token/0x4672bad527107471cb5067a887f4656d585a8a31) | support@dropil.com | | +| DigixDAO | DGD | | | | Dropil | DROP | [Etherscan](https://etherscan.io/token/0x4672bad527107471cb5067a887f4656d585a8a31) | support@dropil.com | | | EToken Assets | | | security@ambisafe.com | Many tokens are issued with EToken | | Dynamic Trading Rights | DTR | [Etherscan](https://etherscan.io/token/0xd234bf2410a0009df9c3c63b610c09738f18ccd7) | security@tokens.net | | | FEE Token | FEE | [Etherscan](https://etherscan.io/token/0xffe4a5a685efc53f45bf50f3dab45ded1b028134) | info@leverj.io | | @@ -144,19 +137,16 @@ This document is a work in progress. We're happy to accept feedback, questions, | Immutable X | IMX | [Etherscan](https://etherscan.io/token/0xf57e7e7c23978c3caec3c3548e3d615c346e79ff) | security@immutable.com | | | IOST | IOST | [Etherscan](https://etherscan.io/token/0xfa1a856cfa3409cfa145fa4e20eb270df3eb21ab) | team@iost.io | | | Jigstack | STAK | [Etherscan](https://etherscan.io/token/0x1f8a626883d7724dbd59ef51cbd4bf1cf2016d13) | hello@jigstack.org | | -| Kin | KIN | [Etherscan](https://etherscan.io/token/0x818fc6c2ec5986bc6e2cbf00939d90556ab12ce5) | | | -| KuCoin Shares | KCS | [Etherscan](https://etherscan.io/token/0x039b5649a59967e3e936d7471f9c3700100ee1ab) | support@kucoin.com | | +| Kin | KIN | [Etherscan](https://etherscan.io/token/0x818fc6c2ec5986bc6e2cbf00939d90556ab12ce5) | | | KuCoin Shares | KCS | [Etherscan](https://etherscan.io/token/0x039b5649a59967e3e936d7471f9c3700100ee1ab) | support@kucoin.com | | | Kyber Network | KNC | [Etherscan](https://etherscan.io/token/0xdd974d5c2e2928dea5f71b9825b8b646686bd200) | hello@kyber.network | | | Ledgerium | LGUM | [Etherscan](https://etherscan.io/token/0x84136c48d0ed75c384d0e9b04745f0208561a5b9) | security@ledgerium.net | | | Leverj | LEV | [Etherscan](https://etherscan.io/token/0x0f4ca92660efad97a9a70cb0fe969c755439772c) | info@leverj.io | | -| Loopring | LRC | [Etherscan](https://etherscan.io/token/0xef68e7c694f40c8202821edf525de3782458639f) | bounty@loopring.org | [Bug bounty](https://medium.com/loopring-protocol/bug-and-optimization-bounty-for-smart-contracts-c2c855f3a748) | +| Loopring | LRC | [Etherscan](https://etherscan.io/token/0xef68e7c694f40c8202821edf525de3782458639f) | bounty@loopring.org | | Loom Network | LOOM | [Etherscan](https://etherscan.io/token/0xa4e8c3ec456107ea67d3075bf9e3df3a75823db0) | security@loomx.io | | | Mainframe | MFT | [Etherscan](https://etherscan.io/token/0xdf2c7238198ad8b389666574f2d8bc411a4b7428) | security@mainframe.com | | -| Maker | MKR | [Etherscan](https://etherscan.io/token/0x9f8f72aa9304c8b593d555f12ef6589cc3a579a2) | | | -| Melon Token | MLN | | security@melonport.com | | +| Maker | MKR | [Etherscan](https://etherscan.io/token/0x9f8f72aa9304c8b593d555f12ef6589cc3a579a2) | | | Melon Token | MLN | | security@melonport.com | | | Monaco | MCO | [Etherscan](https://etherscan.io/token/0xb63b606ac810a52cca15e44bb630fd42d8d1d83d) | contact@mco.crypto.com | | -| Mithril | MITH | [Etherscan](https://etherscan.io/token/0x3893b9422cd5d70a81edeffe3d5a1c6a978310bb) | | | -| Mixin | XIN | [Etherscan](https://etherscan.io/token/0xa974c709cfb4566686553a20790685a47aceaa33) | contact@mixin.one | | +| Mithril | MITH | [Etherscan](https://etherscan.io/token/0x3893b9422cd5d70a81edeffe3d5a1c6a978310bb) | | | Mixin | XIN | [Etherscan](https://etherscan.io/token/0xa974c709cfb4566686553a20790685a47aceaa33) | contact@mixin.one | | | MUI Token | MUI | [Etherscan](https://etherscan.io/token/0x35321c78a48dd9ace94c8e060a4fc279a3a2d9fc) | wallet@sovereignwallet.network | | | Nahmii | NII | [Etherscan](https://etherscan.io/token/0xac4f2f204b38390b92d0540908447d5ed352799a) | security@hubii.com | | | Nectar | NEC | [Etherscan](https://etherscan.io/token/0xcc80c051057b774cd75067dc48f8987c4eb97a5e) | bounty@ethfinex.com | | @@ -164,8 +154,7 @@ This document is a work in progress. We're happy to accept feedback, questions, | Nuls | NULS | [Etherscan](https://etherscan.io/token/0xb91318f35bdb262e9423bc7c7c2a3a93dd93c92c) | hi@nuls.io | | | Numeraire | NMR | [Etherscan](https://etherscan.io/address/0x1776e1f26f98b1a5df9cd347953a26dd3cb46671) | security@numer.ai | | | ODEM | ODEM | [Etherscan](https://etherscan.io/token/0xbf52f2ab39e26e0951d2a02b49b7702abe30406a) | info@odem.io | | -| OmiseGO | OMG | [Etherscan](https://etherscan.io/token/0xd26114cd6EE289AccF82350c8d8487fedB8A0C07) | | | -| Orderbook BTC | OBTC | [Etherscan](https://etherscan.io/token/0x76ed39003c6ca656c1f5e5e2524eff03feeb6bfc) | security@orderbook.io | [Instructions](https://help.orderbook.io/security-and-account-protection/how-to-report-a-bug-or-security-vulnerability-to-orderbook-team) | +| OmiseGO | OMG | [Etherscan](https://etherscan.io/token/0xd26114cd6EE289AccF82350c8d8487fedB8A0C07) | | | Orderbook BTC | OBTC | [Etherscan](https://etherscan.io/token/0x76ed39003c6ca656c1f5e5e2524eff03feeb6bfc) | security@orderbook.io | [Instructions](https://help.orderbook.io/security-and-account-protection/how-to-report-a-bug-or-security-vulnerability-to-orderbook-team) | | Orderbook USD | OUSD | [Etherscan](https://etherscan.io/token/0xca075cf7496d7fee464ceb98ccfbd3b6408bdf63) | security@orderbook.io | [Instructions](https://help.orderbook.io/security-and-account-protection/how-to-report-a-bug-or-security-vulnerability-to-orderbook-team) | | Paypex | PAYX | [Etherscan](https://etherscan.io/token/0x62a56a4a2ef4d355d34d10fbf837e747504d38d4) | contact@paypex.org | | | POA20 Bridge | POA20 | [Etherscan](https://etherscan.io/token/0x6758b7d441a9739b98552b373703d8d3d14f9e62) | security@poanetwork.com | [Security page](https://forum.poa.network/c/general/security) | @@ -174,13 +163,9 @@ This document is a work in progress. We're happy to accept feedback, questions, | Populous | PPT | [Etherscan](https://etherscan.io/token/0xd4fa1460f537bb9085d22c7bccb5dd450ef28e3a) | info@populous.co | | | Power Ledger | POWR | [Etherscan](https://etherscan.io/token/0x595832f8fc6bf59c85c527fec3740a1b7a361269) | support@powerledger.io | | | Pundi X | NPXS | [Etherscan](https://etherscan.io/token/0xa15c7ebe1f07caf6bff097d8a589fb8ac49ae5b3) | contact@pundix.com | | -| QASH | QASH | [Etherscan](https://etherscan.io/token/0x618e75ac90b12c6049ba3b27f5d5f8651b0037f6) | | | -| Quantstamp | QSP | [Etherscan](https://etherscan.io/token/0x99ea4db9ee77acd40b119bd1dc4e33e1c070b80d) | security@quantstamp.com | | -| RChain | RHOC | [Etherscan](https://etherscan.io/token/0x168296bb09e24a88805cb9c33356536b980d3fc5) | | | -| Ren | REN | [Etherscan](https://etherscan.io/address/0x408e41876cccdc0f92210600ef50372656052a38) | | | -| Sai | SAI | [Etherscan](https://etherscan.io/token/0x59adcf176ed2f6788a41b8ea4c4904518e62b6a4) | | | | -| Salt | SALT | [Etherscan](https://etherscan.io/token/0x4156D3342D5c385a87D264F90653733592000581) | salt_security@saltlending.com | | -| SelfKey | KEY | [Etherscan](https://etherscan.io/token/0x4cc19356f2d37338b9802aa8e8fc58b0373296e7) | help@selfkey.org | | | +| QASH | QASH | [Etherscan](https://etherscan.io/token/0x618e75ac90b12c6049ba3b27f5d5f8651b0037f6) | | | Quantstamp | QSP | [Etherscan](https://etherscan.io/token/0x99ea4db9ee77acd40b119bd1dc4e33e1c070b80d) | security@quantstamp.com | | +| RChain | RHOC | [Etherscan](https://etherscan.io/token/0x168296bb09e24a88805cb9c33356536b980d3fc5) | | | Ren | REN | [Etherscan](https://etherscan.io/address/0x408e41876cccdc0f92210600ef50372656052a38) | | | Sai | SAI | [Etherscan](https://etherscan.io/token/0x59adcf176ed2f6788a41b8ea4c4904518e62b6a4) | | | Salt | SALT | [Etherscan](https://etherscan.io/token/0x4156D3342D5c385a87D264F90653733592000581) | salt_security@saltlending.com | | +| SelfKey | KEY | [Etherscan](https://etherscan.io/token/0x4cc19356f2d37338b9802aa8e8fc58b0373296e7) | help@selfkey.org | | | | SpankChain | SPANK | [Etherscan](https://etherscan.io/token/0x42d6622dece394b54999fbd73d108123806f6a18) | security@spankchain.com | | | Synthetix | SNX | [Proxy](https://contracts.synthetix.io/ProxySynthetix) [Underlying](https://contracts.synthetix.io/Synthetix) | security@synthetix.io | | | Synths (all flavors) | sUSD, sETH, etc | [Proxy sUSD](https://contracts.synthetix.io/ProxysUSD) | security@synthetix.io | | @@ -191,8 +176,7 @@ This document is a work in progress. We're happy to accept feedback, questions, | Tether | USDT | [Etherscan](https://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7) | security@tether.to , security@bitfinex.com | | | TrueUSD | TUSD | [Etherscan](https://etherscan.io/token/0x8dd5fbce2f6a956c3022ba3663759011dd51e73e) | hello@trusttoken.com | | | USDCoin | USDC | [Etherscan](https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48) | usdc-security@circle.com | | -| Veritaseum | VERI | [Etherscan](https://etherscan.io/token/0x8f3470A7388c05eE4e7AF3d01D8C722b0FF52374) | | | -| Waltonchain | WTC | [Etherscan](https://etherscan.io/token/0xb7cb1c96db6b22b0d3d9536e0108d062bd488f74) | info@waltonchain.org | | +| Veritaseum | VERI | [Etherscan](https://etherscan.io/token/0x8f3470A7388c05eE4e7AF3d01D8C722b0FF52374) | | | Waltonchain | WTC | [Etherscan](https://etherscan.io/token/0xb7cb1c96db6b22b0d3d9536e0108d062bd488f74) | info@waltonchain.org | | | WAX | WAX | [Etherscan](https://etherscan.io/token/0x39bb259f66e1c59d5abef88375979b4d20d98022) | support@wax.io | | | Zilliqa | ZIL | [Etherscan](https://etherscan.io/token/0x05f4a42e251f2d52b8ed15e9fedaacfcef1fad27) | security@zilliqa.com | |