-
Main Channel t.me/blockchain_lobsters
gm, is anyone familiar with https://x.com/salus_sec ?
the lending market they audited two month ago just got hacked. (LND_fi)
https://x.com/electisec/status/1921211750185054216?t=OV4TDOTxsnWTirdnvCt8aA&s=19
Читать полностью…
No problem. I'm gonna delete some of these posts in the interest of preventing potential chaos from disclosure if there are bad actors here
Читать полностью…
Thanks. You happen to know their TG profile? I did a quick search for that name in here & didn't see
Читать полностью…
If we are talking about 5792 (sendCalls) then there is a status code that indicates the execution status. Reading EIP would probably answer all the questions
Читать полностью…
That's not part of the 7702 standard. It can be both atomic and non atomic
Читать полностью…
DeFi is slower than web2 afaik. Security very important so takes years to release sometimes.
Читать полностью…
If we are not talking about strategic partnerships, but long term, like VC relations, the above method totally works
Читать полностью…
If any there are any BDs here - you should check this, it will 10x your efforts https://x.com/tech_mingler/status/1920905174068986071?s=46
Читать полностью…
https://edgeuno.cloud
They accept multiple cripto by Bitpay
I'm 99.9% certain about this bug. It's not really up for interpretation tbh. Something does what it shouldn't in their contracts & that has an indisputable impact on security.
Are there other devs here familiar w Safe or SC dev?
As of DeFi, which is my personal interest, all of my long term relationships comes from personal meetings. It's often start from groups -> private groups but always conclude with 1:1 conversations.
Читать полностью…
i can't help with anything really, but really appreciate your efforts here mate
Читать полностью…
You have a flag in 5792 whether to request atomically or no. If the flag is set to non atomically the wallet can still execute atomically but not the other way around.
Читать полностью…
Dont really understand the difference between atomic and sequential
Читать полностью…
I see, I meant for example if you use metamask atomic batch
Читать полностью…
Guys for eip7702 if one call fails out of 10 for example does the tx revert?
Читать полностью…
That's correct, and same basically for community, as part are users only and part are investors only
Читать полностью…
Devil in details here, so you need to segment:
1) What I've seen - VCs are handled by founders, not BDs. But again feels as Web2 thing.
2) Probably true for Web 2.5 (Stripe, Robinhood, other big guys )
3) DeFi - different dynamics of building relationship due to speed, remote environment and only occasional meetings. Plus male domination of the industry + people who often work at night - just because they like it or jetlagging.
As a bd, who knows tons of bds, this is very web2 video, more appropriate there :) in web3 people want to be intimate directly, less questions - like have a call aka sending calendly or first meeting invite after saying hello and brief blurb in text, no asking about my boyfriend or last Netflix show i watched :) so yes, room for improvement is there :)
Читать полностью…
reachout to seal911 let them check if its a bug they will take the conversations ahead and credit you
Читать полностью…
Not sure if it's ego or pride on the part of their lead dev I've been liaising with. Issue has been present since the first deployment of their logic. They just kept building more technical debt & ad-hoc solutions to compensate.
Issue is simply in the line of code in the checkSignatures function that provides a conditional path for verifying signatures based on their v byte value. Specifically, the code that dictates v > 30 allows for signature replay, destroys domain separation & allows for theft of funds via collision. I don't think the owners were "bamboozled" into signing something malevolent. It's entirely possible they signed something benign.
If not - least I could say is any entity that is custodying tens of millions (or >$100M flat out), should migrate to an in-house deployment. A lot of Safe's tooling is phenomenal. Almost the whole contract (logic) is very well built.
Unfortunately, the part where they did fuck up is somewhere that will still put entities carrying massive amounts in funds at risk.
To be clear, the attack vector has nothing to do w the $$ value of funds being custodied. I'm saying those targets represent enough of an incentive for a nation state willing to bank $20M into their operation (which would be extraordinary) ...
I think I found a legit zero day in Safe contracts. Spoke to lead engineer about it, he waved me off at first. Asked for some proofs of concept, then erroneously argued some things that have nothing to do with the bug / vulnerability I mentioned to him
Читать полностью…