The E in Solidity stands for easy.

Dear @paraswap, could you please display the full address in the warning box? So that 0xWho can reverse resolve the address to a readable name, which I rely on it to confirm the address.

Join millions who have switched to Grok.

a frontend hijacking attack on Convex. this is exactly why the wallet should display a human-readable ENS name for the smart contract address they are interacting with;. and the reason I added this feature to @TallyCash 3 months ago:

0xWho is an open-sourced Chrome extension:

RT @CurveFinance: This happened in the problem was them rolling a vulnerable LP token price oracle (sers, we have….

the attacker then sold the DOLA tokens for usdt and then sold usdt for wbtc and repaid the flashloan, netted ~$1.3m of profit. btw, Curve also earned ~$3m fees out of these large vol trades.

.@InverseFinance now believes the crv3c is worth much more than it's actual value, so the attacker can borrow out 10m DOLA with only $4.7m worth of collateral. that's ~$5m of bad debt to the protocol.

root cause: using balanceOf(CRV3C) for price oracle. the attacker exploited it by taking a half-billion wbtc flashloan and swapping thru CRV3C, deliberately took a huge slippage!. the pool got $0.5b of wbtc with only $75m usdt, pool lp token price go up!.

i know it can be hard to wrap your head around the txs, I use 0xWho to label the addresses:

It's a classic flashloan-aided oracle manipulation attack: btw, flashloans can be quite expensive, Aave earned $0.5M interest on this one tx alone.

. @InverseFinance was exploited ~1.3hrs ago on a new cToken (anYvCrv3Crypto) they deployed and added to the comptroller 22 days ago. It's never been touched until this exploit. so this new cToken appears to be a pre-launch product.

oracle manipulation is easy when you are using balanceOf.

currently building a chrome ext which will show you a tooltip with a human readable name (from your address book) whenever you select an address. it supports ENS reverse resolution; tells if it's a contract or EOA, + the ether balance. this chrome ext is gonna be called: 0xWho?

RT @insuredao: We are honored to introduce the new ReportingDAO member, .@WatchPug_, a team of web3 security professionals!. In combination….

Here is my submission to the @gelatonetwork Vernissage:.

⚠️ Oct 20, 9 AM UTC, an attacker exploited PancakeHunny and stole 2.3M. The root cause: inappropriate usage of a low liquidity pool makes it vulnerable to price manipulation to create artificial profits. Read more:

WATCHPUG is proud to have received a quarter million ($250K) bug bounty award from @PancakeBunnyFin for a critical bug in the Zap function. Thank you! @PancakeBunnyFin @immunefi

The Poly Network hack explained.

At 2 AM UTC on Aug 4, @Wault_Finance‘s WUSD on BSC was exploited and drained $800k (370 ETH) out of the WUSD/BUSD LP. WUSD is a stable coin backed by USDT and WEX. We believe it's an economic attack rooted in the design of WUSD. Read our analysis:

RT @immunefi: Today, we want to share with you couple repos that will help you master blockchain pentesting and smart contract dev. https….