From cc86167f39781e93b98cc148aeff1bee61df6cd8 Mon Sep 17 00:00:00 2001 From: goncaloMagalhaes Date: Wed, 1 Feb 2023 11:11:44 +0000 Subject: [PATCH] Additions: * add hack analyses folder * update bugfix reviews layout * add mev bot hack analysis * add tx viewers to Tools * add codeslaw Fixes: * replace 'this' for 'these' where it made sense --- Blockchain Concepts/README.md | 2 +- BugFixReviews/README.md | 38 ++------------------- Check This Out/README.md | 2 +- HackAnalyses/README.md | 54 ++++++++++++++++++++++++++++++ README.md | 63 +++++++++++++---------------------- Tools/README.md | 10 +++++- Vulnerabilities/README.md | 2 +- 7 files changed, 92 insertions(+), 79 deletions(-) create mode 100644 HackAnalyses/README.md diff --git a/Blockchain Concepts/README.md b/Blockchain Concepts/README.md index 5b2e527..5966dea 100644 --- a/Blockchain Concepts/README.md +++ b/Blockchain Concepts/README.md @@ -46,7 +46,7 @@ Blockchain Concepts Who holds the private key? In the custodial wallets a third party manages the private key, in the non-custodial ones is the user who holds the keys. Usually the centraliced exchanges are the ones who provide custodial wallets and you can get the non-custodial ones using Metamask or Trust Wallet for example. - Hot/Cold wallet: -The biggest difference between this wallets is if they are connected to the internet (hot wallet) or not (cold wallet) +The biggest difference between these wallets is if they are connected to the internet (hot wallet) or not (cold wallet) # Resources: diff --git a/BugFixReviews/README.md b/BugFixReviews/README.md index 752d1fa..85bdafb 100644 --- a/BugFixReviews/README.md +++ b/BugFixReviews/README.md @@ -1,12 +1,10 @@ Bugfix Reviews -------------------- -This are the real world cases, if you are interested in learning the theory about this vulnerabilities check: [Vulnerabilities](../Vulnerabilities/README.md) +These are real world cases of bug fixes reported through Immunefi. To learn more about smart contract vulnerabilities theory check: [Vulnerabilities](../Vulnerabilities/README.md) - [2023](#2023) - [January 2023](#january-2023) - - - [Hack Analysis: Nomad Bridge, August 2022](#hack-analysis-nomad-bridge-august-2022) - - [Hack Analysis: Beanstalk Governance Attack, April 2022](#hack-analysis-beanstalk-governance-attack-april-2022) + - [Moonbeam, Astar, And Acala Library Truncation Bugfix Review - $1M Payout](#moonbeam-astar-and-acala-library-truncation-bugfix-review-$1m-payout) - [2022](#2022) @@ -17,8 +15,6 @@ This are the real world cases, if you are interested in learning the theory abou - [November 2022](#november-2022) - [Mt Pelerin Double Transaction Bugfix Review](#mt-pelerin-double-transaction-bugfix-review) - - [Hack Analysis: Saddle Finance, April 2022](#hack-analysis-saddle-finance-april-2022) - - [Hack Analysis: Cream Finance Oct 2021](#hack-analysis-cream-finance-oct-2021) - [September 2022](#september-2022) @@ -124,18 +120,6 @@ This are the real world cases, if you are interested in learning the theory abou ## January 2023 -### [Hack Analysis: Nomad Bridge, August 2022](https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a) - -A routine upgrade on the implementation of one of Nomad’s proxy contracts marked a zero hash value as a trusted root, which allowed messages to get automatically proved. The hacker leveraged this vulnerability to spoof the bridge contract and trick it to unlock funds. - -- Vulnerability type: CommittedRoot set to ZERO. - -### [Hack Analysis: Beanstalk Governance Attack, April 2022](https://medium.com/immunefi/hack-analysis-beanstalk-governance-attack-april-2022-f42788fc821e) - -Beanstalk was the victim of a whopping $181M hack, which leveraged the lack of execution delay to push through a malicious governance proposal. - -- Vulnerability type: Lack of execution delay. - ### [Moonbeam, Astar, And Acala Library Truncation Bugfix Review — $1m Payout](https://medium.com/immunefi/moonbeam-astar-and-acala-library-truncation-bugfix-review-1m-payout-41a862877a5b) The bug, which was found within Frontier — the Substrate pallet that provides core Ethereum compatibility features within the Polkadot ecosystem–impacted Moonbeam, Astar Network, and Acala. The estimated potential damage from the vulnerability amounted to approximately $200m across the three projects, which was swiftly prevented @@ -146,12 +130,6 @@ The bug, which was found within Frontier — the Substrate pallet that provides ## December 2022 -### [Hack Analysis: Omni Protocol, July 2022](https://medium.com/immunefi/hack-analysis-omni-protocol-july-2022-2d35091a0109) - -The underlying vulnerability, reentrancy, was exploited across two different functions of the same smart contract. Notably, these functions were lacking reentrancy locks and did not follow the checks-effects-interactions pattern. By leveraging the re-entrancy vulnerability on two different functions and using two attacker contracts, the hacker was able to borrow against the collateral and make the market forget about it. - -- Vulnerability type: Re-entrancy. - ### [88MPH Theft Of Unclaimed MPH Rewards Bugfix Review](https://medium.com/immunefi/88mph-theft-of-unclaimed-mph-rewards-bugfix-review-1dec98b9956b) Allowed users to steal most of the 88MPH tokens generated from yield contract by depositing an asset and withdrawing the vested 88mph tokens immediately. @@ -166,18 +144,6 @@ The bug could have allowed users to drain contract funds. - Vulnerability type: Theft of funds. -### [Hack Analysis: Saddle Finance, April 2022](https://medium.com/immunefi/hack-analysis-saddle-finance-april-2022-f2bcb119f38) - -Price miscalculation when swapping a token for an LP token. - -- Vulnerability type: Logic, price calculation. - -### [Hack Analysis: Cream Finance Oct 2021](https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5) - -Analysis of Cream Finance exploit on Oct 2021, resulting in loss of $130m in available liquidity. - -- Vulnerability type: Oracle manipulation, Uncapped supply of token. - ## September 2022 ### [Aurora Improper Input Sanitization Bugfix Review](https://medium.com/immunefi/aurora-improper-input-sanitization-bugfix-review-a9376dac046f) diff --git a/Check This Out/README.md b/Check This Out/README.md index b5313f1..6b4b9cb 100644 --- a/Check This Out/README.md +++ b/Check This Out/README.md @@ -97,6 +97,6 @@ Check This Out - [How to PoC your Bug Leads](https://medium.com/immunefi/how-to-poc-your-bug-leads-5ec76abdc1d8) - [Elements of a good bug report by Joran Honig](https://typeshare.co/joranhonig/posts/elements-of-a-good-bug-report) - [Sample vulnerability Report by DanielVF](https://gist.github.com/DanielVF/66f459da88804d1fd917c47576c68523) -- [Check this Foundry Tutorials](../Tools/README.md#foundry-solidity-evm) +- [Check these Foundry Tutorials](../Tools/README.md#foundry-solidity-evm) - [DeFiHackLabs - Example POC's made with Foundry](https://github.com/SunWeb3Sec/DeFiHackLabs) - [Coinspect Security - EVM Attacks PoCs ](https://github.com/coinspect/learn-evm-attacks/tree/master/test) diff --git a/HackAnalyses/README.md b/HackAnalyses/README.md new file mode 100644 index 0000000..2c0f1f7 --- /dev/null +++ b/HackAnalyses/README.md @@ -0,0 +1,54 @@ +Hack Analyses +-------------------- +These are real world cases of bug fixes reported through Immunefi. To learn more about smart contract vulnerabilities theory check: [Vulnerabilities](../Vulnerabilities/README.md) + +- [2023](#2023) + - [Hack Analysis: 0xbaDc0dE MEV Bot, September 2022](#hack-analysis-0xbadc0de-mev-bot-september-2022) + - [Hack Analysis: Nomad Bridge, August 2022](#hack-analysis-nomad-bridge-august-2022) + - [Hack Analysis: Beanstalk Governance Attack, April 2022](#hack-analysis-beanstalk-governance-attack-april-2022) + +- [2022](#2022) + - [Hack Analysis: Omni Protocol, July 2022](#hack-analysis-omni-protocol-july-2022) + - [Hack Analysis: Saddle Finance, April 2022](#hack-analysis-saddle-finance-april-2022) + - [Hack Analysis: Cream Finance Oct 2021](#hack-analysis-cream-finance-oct-2021) + + +# 2023 + +## [Hack Analysis: 0xbaDc0dE MEV Bot, September 2022](https://medium.com/immunefi/0xbadc0de-mev-bot-hack-analysis-30b9031ff0ba) + +A smart contract MEV bot was hacked on the Ethereum blockchain, losing around 1,101 WETH. The hack took place just 30 minutes after the MEV bot pulled off a notoriously profitable arbitration that earned it 804 WETH. Since the smart contract code is unverified, this article shows how one can go about finding a vulnerability in a smart contract by just looking at its bytecode, past transactions and a bit of PoC trial and error action. + +- Vulnerability type: Lack of sufficient validation of flashloan caller leading to arbitrary function execution + +## [Hack Analysis: Nomad Bridge, August 2022](https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a) + +A routine upgrade on the implementation of one of Nomad’s proxy contracts marked a zero hash value as a trusted root, which allowed messages to get automatically proved. The hacker leveraged this vulnerability to spoof the bridge contract and trick it to unlock funds. + +- Vulnerability type: CommittedRoot set to ZERO. + +## [Hack Analysis: Beanstalk Governance Attack, April 2022](https://medium.com/immunefi/hack-analysis-beanstalk-governance-attack-april-2022-f42788fc821e) + +Beanstalk was the victim of a whopping $181M hack, which leveraged the lack of execution delay to push through a malicious governance proposal. + +- Vulnerability type: Lack of execution delay. + +# 2022 + +## [Hack Analysis: Omni Protocol, July 2022](https://medium.com/immunefi/hack-analysis-omni-protocol-july-2022-2d35091a0109) + +The underlying vulnerability, reentrancy, was exploited across two different functions of the same smart contract. Notably, these functions were lacking reentrancy locks and did not follow the checks-effects-interactions pattern. By leveraging the re-entrancy vulnerability on two different functions and using two attacker contracts, the hacker was able to borrow against the collateral and make the market forget about it. + +- Vulnerability type: Re-entrancy. + +## [Hack Analysis: Saddle Finance, April 2022](https://medium.com/immunefi/hack-analysis-saddle-finance-april-2022-f2bcb119f38) + +Price miscalculation when swapping a token for an LP token. + +- Vulnerability type: Logic, price calculation. + +## [Hack Analysis: Cream Finance Oct 2021](https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5) + +Analysis of Cream Finance exploit on Oct 2021, resulting in loss of $130m in available liquidity. + +- Vulnerability type: Oracle manipulation, Uncapped supply of token. diff --git a/README.md b/README.md index 2b85a8b..37c2b11 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ This is a collaborative repository that aims to contain all the information you | Starting Guides | [Inspect](#starting-guides) | Blockchain Concepts | [Inspect](#blockchain-concepts) | Bug Fix Reviews | [Inspect](#bugfix-reviews) +| Hack Analyses | [Inspect](#hack-analyses) | Smart Contracts | [Inspect](#smart-contracts) | Tools | [Inspect](#tools) | Vulnerabilities | [Inspect](#vulnerabilities) @@ -15,7 +16,8 @@ This is a collaborative repository that aims to contain all the information you | How to Add Resources | [Inspect](#how-to-add-resources) ## Starting Guides: - - [Hacking the Blockchain: Ethereum](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b) +- [Hacking the Blockchain: Ethereum](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b) +- [Your First Day as a Bug Bounty Hunter on Immunefi](https://medium.com/immunefi/your-first-day-as-a-bug-bounty-hunter-on-immunefi-9b101768a40c) ## Blockchain Concepts @@ -26,41 +28,25 @@ This is a collaborative repository that aims to contain all the information you - [Wallets](Blockchain%20Concepts/README.md#wallets) - [Resources:](Blockchain%20Concepts/README.md#resources) -## Bugfix Reviews +## Bugfix Reviews +- [2023](BugFixReviews/README.md#2023) - [2022](BugFixReviews/README.md#2022) - - [November 2022](BugFixReviews/README.md#november-2022) - - [September 2022](BugFixReviews/README.md#september-2022) - - [August 2022](BugFixReviews/README.md#august-2022) - - [July 2022](BugFixReviews/README.md#july-2022) - - [June 2022](BugFixReviews/README.md#june-2022) - - [May 2022](BugFixReviews/README.md#may-2022) - - [April 2022](BugFixReviews/README.md#april-2022) - - [March 2022](BugFixReviews/README.md#march-2022) - - [February 2022](BugFixReviews/README.md#february-2022) - - [January 2022](BugFixReviews/README.md#january-2022) - - [2021](BugFixReviews/README.md#2021) - - [December 2021](BugFixReviews/README.md#december-2021) - - [November 2021](BugFixReviews/README.md#november-2021) - - [October 2021](BugFixReviews/README.md#october-2021) - - [September 2021](BugFixReviews/README.md#september-2021) - - [August 2021](BugFixReviews/README.md#august-2021) - - [July 2021](BugFixReviews/README.md#july-2021) - - [June 2021](BugFixReviews/README.md#june-2021) - - [May 2021](BugFixReviews/README.md#may-2021) - - [April 2021](BugFixReviews/README.md#april-2021) - - [March 2021](BugFixReviews/README.md#march-2021) - - [February 2021](BugFixReviews/README.md#february-2021) - -## Smart Contracts +## Hack Analyses +- [2023](HackAnalyses/README.md#2023) +- [2022](HackAnalyses/README.md#2022) + + +## Smart Contracts - [Ethereum Virtual Machine](Smart%20Contracts/README.md#ethereum-virtual-machine) - [Solidity](Smart%20Contracts/README.md#solidity) - [Vyper](Smart%20Contracts/README.md#vyper) - [Huff](Smart%20Contracts/README.md#huff) + ## Tools - [Frameworks/ Programming Tools](Tools/README.md#frameworks-programming-tools) - [Hardhat (JS) EVM](Tools/README.md#hardhat-js-evm) @@ -78,7 +64,6 @@ This is a collaborative repository that aims to contain all the information you ## Vulnerabilities - [Logic](Vulnerabilities/README.md#logic) - - [Bad Arithmetics](Vulnerabilities/README.md#--bad-arithmetics) - [Integer underflow/overflow](Vulnerabilities/README.md#--integer-underflowoverflow) - [Checks](Vulnerabilities/README.md#--checks) @@ -99,19 +84,19 @@ This is a collaborative repository that aims to contain all the information you - [Transaction reorganization (MEV)](Vulnerabilities/README.md#transaction-reorganization-mev) - [Bad Randomness](Vulnerabilities/README.md#bad-randomness) - [Use of components with known vulnerabilities](Vulnerabilities/README.md#use-of-components-with-known-vulnerabilities) - - ## Check This Out: - - [CTFs to Enhance your Solidity Skills](Check%20This%20Out/README.md#ctfs-to-enhance-your-solidity-skills) -- [How to...](Check%20This%20Out/README.md#how-to) -- [Interviews](Check%20This%20Out/README.md#interviews) -- [Research Papers](Check%20This%20Out/README.md#research-papers) -- [People to Follow](Check%20This%20Out/README.md#people-to-follow) -- [Resources from YouTube](Check%20This%20Out/README.md#resources-from-youtube) -- [PoC like a pro](Check%20This%20Out/README.md#poc-like-a-pro) +## Check This Out: + - [CTFs to Enhance your Solidity Skills](Check%20This%20Out/README.md#ctfs-to-enhance-your-solidity-skills) + - [How to...](Check%20This%20Out/README.md#how-to) + - [Interviews](Check%20This%20Out/README.md#interviews) + - [Research Papers](Check%20This%20Out/README.md#research-papers) + - [People to Follow](Check%20This%20Out/README.md#people-to-follow) + - [Resources from YouTube](Check%20This%20Out/README.md#resources-from-youtube) + - [PoC like a pro](Check%20This%20Out/README.md#poc-like-a-pro) + - ## How to add Resources? - Please follow the structure of the file you are editing. Whenever possible add a description of the resource you want to share. Send a pull request adding in the comment your Twitter and Discord users to thank you for the contribution and receive XP in the Discord leveling system. +## How to add Resources? +Please follow the structure of the file you are editing. Whenever possible add a description of the resource you want to share. Send a pull request adding in the comment your Twitter and Discord users to thank you for the contribution and receive XP in the Discord leveling system. - Plagiarism: Word-for-word copying of portions of another's writing won't be allowed. +Plagiarism: Word-for-word copying of portions of another's writing won't be allowed. diff --git a/Tools/README.md b/Tools/README.md index 84920e2..824d37b 100644 --- a/Tools/README.md +++ b/Tools/README.md @@ -50,13 +50,17 @@ Tools It offers a variety of graphic outputs and details on the smart contracts' structure. # Blockchain Analysis -Blockchain network explorers. +Blockchain network explorers: - [Ethereum](https://etherscan.io) - [BNB Chain](https://bscscan.com) - [Polygon](https://polygonscan.com) - [Solana](https://solscan.io) - [Fantom](https://fantomscan.com) - [BitQuery](https://explorer.bitquery.io/) +Transaction viewers: +- [samczsun's Tx viewer](https://tx.eth.samczsun.com/) +- [Tenderly Dashboard](https://dashboard.tenderly.co/explorer) +- [Phalcon explorer](https://phalcon.blocksec.com/) # Activity Monitoring - [Forta Protocol](https://forta.org) @@ -96,6 +100,10 @@ Open data library for cryptocurrency assets. A blockchain analytics and compliance platform. +- [Codeslaw](https://www.codeslaw.app/) + +Smart search for verified smart contracts on the blockchain + # Vulnerability Scanners & Others: - [Slither](https://github.com/crytic/slither) diff --git a/Vulnerabilities/README.md b/Vulnerabilities/README.md index 6174443..b6a53f3 100644 --- a/Vulnerabilities/README.md +++ b/Vulnerabilities/README.md @@ -69,7 +69,7 @@ First of all, you need to understand what is `delegatecall` this function is a v # Access Control ## - Unprotected functions - Default Visibility - One of this common examples + One of these common examples ## - Signature Verification ## - Authentication with tx.origin