Volodya
@0xVolodya
Followers
2K
Following
1K
Media
87
Statuses
356
Smart contract security researcher Currently available for projects π
Joined October 2015
π¨ The ULTIMATE auditing and smart contract security research checklist is officially out! We've aggregated over a myriad of sources, compiled the industry's best practices, and have prepared a systematic approach to auditing contracts. Here's how it works:
23
101
416
Took a break from staring intensely at Solidity to write a blog. I bring you: "A year of Competitive Audits" - my learnings from competing in contests for a year, and an honest review of the opportunities it gave me. Do check it out, it's full of alpha: https://t.co/DukbxO0Fn0
milotruck.github.io
A look into audit contests from the eyes of a competitive auditor in 2023.
59
53
404
An awesome finding, congratulations! π
The dangers of integer truncation: How the Zellic team found a critical vulnerability in the @AstarNetwork. This bug allowed an attacker to drain certain LP contracts on the Astar-EVM, with no bugs required in the contracts. Read more: π§΅π
0
0
7
In solmate ERC20 token does not decrease the allowance of the spender when such allowance has been set to the max value - type(uint256).max, thus approved to max value at one point in the future will revert π‘
2
0
5
Here it is: a technical blog breaking down everything you need to know for the upcoming $1.1M+ audit with @zksync π€ Read it now: https://t.co/Gmygtf8H09 (1/2)
2
18
92
Here's what I recommend to study: 1. Practice Rust. The circuits are all written in Rust. 2. Get familiar with common ZK terminology such as circuits, constraints, and gates. 3. Learn about common ZK bugs:
github.com
A community-maintained collection of bugs, vulnerabilities, and exploits in apps using ZK crypto. - 0xPARC/zk-bug-tracker
5
14
71
Incorrect block period constant π‘ Since zk is so popular now. This is a finding from a year ago on a zksync contest which received a whooping $70,985.01
2
6
35
Wow, is that the biggest hack in 2023? $200 million βΉοΈ
[Announcement] In the early morning of September 23, 2023 Hong Kong time, the database of Mixin Network's cloud service provider was attacked by hackers, resulting in the loss of some assets on the mainnet. We have contacted Google and blockchain security company @SlowMist_Team
1
0
8
π‘WETH contracts differ on different chains: transferFrom will work without allowance on the Ethereum chain if the sender is an address that executes the function. But it will revert on some other chains like polygon due to the fact that they always subtract the allowance
2
3
43
Openzeppelin contracts v5 pre-release is out: ERC1155Receiver: Removed in favor of ERC1155Holder. ERC2771Forwarder: Added deadline for expiring transactions, batching, and more secure handling of msg.value ERC20, ERC721, ERC1155: Deleted _beforeTokenTransfer and
4
7
64
"20 min read". It took me almost a whole day to understand this article by @0kage_eth. It was awesome to read his thoughts! https://t.co/nwJptutZN3
medium.com
ββ is published by 0Kage.
4
10
68
A beautiful article about LSD. Integration pitfalls by @MixBytes
https://t.co/DdP37QfQPN
mixbytes.io
In our new article we delve into the key concepts of different Liquid Staking protocols. Additionally, we shed light on potential security problems that may arise when integrating liquid staking...
1
0
8