Dedaub
@dedaub
Followers
7,224
Following
98
Media
156
Statuses
648
Security audits, static analysis, formal verification
🇪🇺 Book an audit ⟹
Joined January 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Pinned Tweet
The Dedaub team, in a study for the EF in 2021, identified an exhaustive list of contracts that were easier to exploit with **EIP-3074**
Included in the list where development contracts in Compound, 1inch & SushiSwap
Nowadays, this is much less of a concern
Let's see why ⬇️
1
14
56
The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!
Funds are safe - Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains 👏
The vulnerability allows re-entertrancy to drain the user's funds, mid-tx.
🧵
24
185
883
🚨 Euler suffered an attack
Analyzing 1 tx that shows an $8.9m+ return for the attacker
1. Flash loan
2. Deposit 20m DAI
3. Mint 200m eDAI
4. Repay 10m DAI
5. Mint 200m eDAI
6. Donate 100m eDAI to reserves
7. Liquidate yourself for 259m eDAI yields 38.9m DAI
8. Close flashloan
12
112
481
Following a serious vulnerability disclosed by our team, Uniswap redeployed one of the main contracts on Ethereum at Block 16075466
The contract, UniversalRouter, was also redeployed on all chains ↻
The vulnerability could drain user's funds between actions & led to a bounty!
16
87
455
Heads up: the Dedaub team has discovered a Solidity compiler bug impacting a *large* number of smart contracts.
The bug results in up to 90% of the deployed bytecode being "dead code", significantly increasing gas costs when deploying and operating smart contracts.
🧵 👇
22
80
349
🆕 We've just released a *killer* feature for security researchers - storage browsing for smart contracts.
You can now browse private variables, or navigate complex, nested, data structures using the current blockchain state.
13
66
309
Getting to the bottom of the "34 billion" Poly network hack with a technical postmortem.
TL ; DR
Poly network had a simple 3 of 4 multisig arrangement over 2 years!
Looking at the final event we found that the private keys to the addresses marked were compromised.
30
74
291
We'll be releasing technical postmortem for the Multichain vulnerability, which we reported.
But first, *REVOKE* YOUR APPROVALS ⚠️
6
21
230
BREAKING: Computing students arrested for *disclosing* a vulnerability in a Web2 app
This happened in Malta, very recently
Our team reached out and helped:
- Two of them have been hired
- We're covering their legal
- Engaging in discussions with authorities
11
35
260
The Dedaub team has discovered a Solidity compiler bug that breaks equality, with functions.
The bug has been confirmed and is expected to be fixed in Solidity 0.9
Let's deep-dive into the mechanics behind this bug, function compilation, and how it's being fixed.
🧵
2
56
236
A number of Comp forks have been hacked, chiefly Hundred Finance
@compoundfinance
V2 forks, satisfying conditions, e.g., cToken.totalSupply == 0, can be drained
However, no active protocols on
@FantomFDN
are affected. We verified this hours after the original attack w/Watchdog
9
51
211
A few days ago we disclosed one of the largest vulnerabilities. Ever.
The disclosure helped protect
@MultichainOrg
and
@FantomFDN
Learn all about it in our article.
7
53
210
The root cause of the thirdweb vulnerability is that 2 independent OpenZeppelin libraries *ERC2771 & Multicall* interact badly, when combined
📎
This allows spoofing the _msgSender() with all sorts of access control issues, including LOSS of funds❗
🧵
7
53
176
Future Ethereum will be using Verkle trees, which have significant cryptographic advantages.
In a study (2021) we did for the Ethereum team, the changes to gas metering increase gas by 26% on average (sometimes a lot more)
Why?
Is it worth it?
Can we mitigate this? 🧵👇🏿
3
23
123
Starting today, the largest projects deploying on Fantom got a powerful layer of security - Watchdog.
Why is this important? Cont. 👇🏻
29
28
116
Watchdog analyses operate on the actual bytecode of contracts (via decompilation as seen here)
As a result, compiler bugs can also be caught by these analyses
Yesterday's
@CurveFinance
hack could have been prevented had a cross-reentrancy analysis on this codebase been run
1
12
114
We're excited to announce that
@coinbase
has engaged Dedaub as a security services provider for core contracts on Base.
We look forward to further secure this fast-growing ecosystem
Congrats on a successful launch and opening
@BuildOnBase
mainnet to everyone!
6
21
99
TL ; DR 💔
The
@TeamUnibot
hack would have been prevented, for very little effort, had they checked the analysis warnings produced by Watchdog.
Vulnerability was flagged 3 full days before hack / 10 minutes after deployment.
Source code not required.
2
14
100
🔍 We've just completed an audit of
@illuminexswap
for
@OasisProtocol
IllumineX is a privacy-preserving protocol performing cross-chain exchanges. It runs on Oasis Sapphire, a confidential EVM-based network that leverages Trusted Execution Environments.
5
16
89
🆕Decompile to Yul!
New feature on Contract Library.
Why Yul?
As a standard IR of Solidity (and inline assembly language), you can reverse engineer opaque smart contracts in more ways.
Here's a few more advantages⬇️
5
18
94
⚠️ >$1B hack PoC
Last year our team discovered a novel smart contract attack vector: Phantom functions
We applied this vector to Multichain, with a PoC that enabled any 3rd party user to transfer all approved WETH to them (largest hack by $ value)!
(Permit2 fixes it)
🧵⬇️
0
8
92
An theoretical but novel reentrancy attack vector is enabled by the Dencun Ethereum fork, due to EIP-1153 (Transient Storage)!
Shown 👇is a fictitious exchange using temp storage for orders
The low cost of TSTORE allows state-changing reentrantant calls via Solidity's transfer
3
15
88
A new type of MEV participant (validator) has emerged that eats MEV bots
These deconstruct bundles, replace txs with their own for profit E.g.,
1. User's swaps WETH for STG
2. Bot 🥪 (1), by 1st inflating STG's price
3. Validator *replaces* (1) with opposite swap for profit ⬇️
2
14
79
Dedaub's transation debugger 🐛 on Contract Library is one of the most advanced debuggers for EVM chains. Originally developed to reverse-engineer complex hacks after none of the debuggers we tried worked.
It still feels much faster than other mainstream debuggers on large txs
4
19
73
If you work with nodes on Ethereum or other EVM networks, you may have needed to extract storage contents for a contract. We do, all the time! If you’d like to see how it can be done over 100 times faster (!), read on. Full details in our blog post: .
3
6
73
Couldn't agree more,
@Chainlink
! Security is non-negotiable in the Web3 space🔒
We're proud to be working with projects like Chainlink that set high standards for security 🤝
Looking forward to meeting like-minded teams at
#SmartCon
2023!
1
8
65
Five (5) lines of code in one file that would have led to the draining an entire ecosystem of protocols through the Multichain bridge.
Over a USD 1B of WETH was available to be transferred due to “Phantom Functions”
Co-founder Yannis Smaragdakis at
@TheTrustX
@EFDevconnect
1
6
62
Our team previously found a Solidity compiler bug that can cause up to 90% of the code being "dead code" (bloat).
It affects the majority of contracts using libraries recently deployed on all EVM chains.
This has been fixed in Solc 0.8.19!
1
7
53
As part of the disclosure in their bug bounty program we advised the team to add a reentrancy lock, and redeploy.
This modification was swiftly implemented before mass adoption of the UniversalRouter took place.
A bug bounty was also paid out.
5
1
58
Remember the very interesting Binance bridge hack? This led to $560m in funds lost, and BNB chain paused!
A day later we had pinpoited its root cause - an obscure issue in a Merkle proof verifier (see code⬇️)
[Other security researchers produced a PoC, which helped our
2
7
54
🚨Ongoing critical vulnerability and call to action 🚨
Thousands of live smart contracts are affected!
On supported chains, check below to see whether your smart contract is affected by the recent "thirdweb" vulnerability.
1) Go to
2) Navigate to your
1
4
49
~39 hours ago our security analysts got alerted of a terrible hack on Euler
We likely got alerted before the Euler team. Given the significance, we analyzed the attack in detail and posted on twitter
Below is a shot of our advanced monitoring solution: Watchdog
(w/redactions)
3
3
45
Announcing the integration of Contract Library () with the following chains:
@arbitrum
@BuildOnBase
@FantomFDN
@ethereum
Coming soon:
@optimismFND
&
@avax
Contract Library is a code explorer offering unique & indispensable features such as: (see 🧵)
4
8
46
EVM log decoding is trickier than it seems! When an event is emitted, like Transfer(address from, address to, uint256 value), we can know for sure which event it was, but not for which parameters, even with the full binary data of the event!
2
2
46
Recently, a client asked us about an observed
@CurveFinance
anomaly: when there is a buy order for an asset, the price *after* the buy can be *lower* than the price *before*. (And similar for sell/higher price.) How is this possible? Buying should raise the price, right? (1/15)
2
11
42
1/ Dedaub has completed a study for the
@ethereum
foundation, to assess the impact of EIP-3074. You can read the full report below:
1
13
41
The attack wasn't complex - no logic bugs exploited
- Attacker used keys to sign proof that they're owed BNB
- The total realized gain for the attacker is ~$5.5m
- Poly was previously exploited for $600m by Lazarus group
- Post-attack, it took Poly *7 hrs* to pause the protocol
5
2
40
Poly chain hack technical postmortem explains how the signature scheme of the cross-chain bridge was used as intended in smart contract Merkle verifier.
It is presumed the keeper private keys were compromised (or misused).
3
10
40
A while back, Curve advertised a method to price crypto LP tokens for third party protocols.
Code:
We now know that this has two serious issues:
1) Internal oracle manipulation
2) Read-only reentrancy, in some variants
🧵👇
1
7
37
🔬Cut through the noise when browsing smart-contracts
At Dedaub, we spend a significant amount of time browsing and investigating Smart Contracts. Unfortunately, most verified smart contracts contain additional artifacts which don't affect the final Smart Contract 📜
2
7
37
Lessons learned:
Clearly, your protocol's security should not be dependent on 3 EOAs.
Poly's response solution was too slow (7 hours). In contrast, Dedaub Watchdog can detect these kinds of malicious TXs in under 30s.
4
4
35
We have found small functions in projects like
@uniswap
or
@CurveFinance
where the gas may increase by an order of magnitude.
In our report, some recommendations are addressed to compiler engineers. There are lots of ways gas cost increases can be mitigated on future contracts.
4
3
35
Tornado Cash governance was hacked!
Summary and insights:
1. Attacker proposes seemingly legitimate proposal, but,
2. Executor has spiked "emergency stop" fn, *destroying* contract
3. Executor recreated
4. Votes pass, malicious proposal executed
5. (Next?) Pump TORN price & dump
3
7
36
Our team has successfully audited the EVM assembly implementation contract for EIP-4788
The contract stores the last few beacon block roots on
#Ethereum
- using ring buffers to manage data
Despite the small size, we found issues, which have now been resolved
Find out more 🧵👇
2
4
36
💡 Explore the logic of Smart Contract modifiers in our new post. Learn how a slight error in 'if (_msgSender() != owner() &&' can lead to significant system vulnerabilities. Important insights for Solidity programmers!
4
1
35
Update re: the Solidity compiler bug that's bloating deployments by including library functions only called in the constructor.
Unsure if this affects your project?
We've released an update that can help you determine the bloat % on your contract ⬇️
2
12
33
Let's delve into the
@thestandard_io
exploit that occurred on November 6th, 2023.
It is an excellent opportunity to re-emphasize that protocols should use defensive checks/assertions at every point their code interacts with a DEX.
1
3
33
#Uniswap
recently introduced the Universal Router. It unifies ERC20 and NFT swapping into a single swap router. Users can perform heterogenous actions, e.g., swapping multiple tokens and NFTs in one tx.
This router embeds a scripting language for all sorts of token actions.
1
2
31
How much of Solidity's generated code is junk?
On average, a third of the generated code can be removed, resulting in significant gas savings and increased network throughput.
In some cases (esp. with 💎 pattern) over 90% of the generated code is junk.
4
5
32
We advised the Uniswap team to add a reentrancy lock to the core execution of the new router, and redeploy.
This modification was swiftly implemented, fixing the issue before the router gaining mass adoption:
1
3
30
We independently verified the students acted responsibly before providing support.
For more info:
2
2
32
Last November,
#Uniswap
introduced the Universal Router unifying all sorts of heterogenous actions & improving UX, e.g., swapping multiple tokens and NFTs atomicly
However, on some token transfers, the code can reenter the Router and claim any tokens temporarily in the contract
4
0
29
We are proud to receive the generous, first-ever R bounty/Founders bounty (many thanks
@RobertMCForster
,
@ArmorFi
, and
@immunefi
) for the recent
@PrimitiveFi
vulnerability Disclosure.
0
7
28
There's more than meets the eye when it comes to the major Arbitrum outage last Friday 🚒
Was it just a simple increase in traffic that caused a ~3h outage, or were there other contributing factors?
🔗
Let's find out.
3
4
28
The AzukiDAO project suffered a hack ⚠️
Root cause - there is no check in the contract to see if the request to claim funds is unique, so the message can be replayed multiple times to drain the contract.
See them here:
Also, checking that *signed*
1
5
28
How can metamorphosis happen?
Q: Doesn't CREATE use the factory's nonce as part of entropy which determines new contract address?
A: SELFDESTRUCT instruction *resets* this nonce!
The contract factory for the malicious proposal was recreated using CREATE2 at predictable addr.
Explore Tornado Cash attacker's transactions here.
Interestingly, how did attacker's contract get recreated at the same address, despite being created using the CREATE opcode?
More on that soon...
0
0
4
1
0
27
⚠️ We are working hard (in collab with other researchers) to assess the impact of the new undisclosed thirdweb vulnerability to the entire ecosystem, using the Dedaub security analysis in Watchdog
Dedaub Watchdog can already scan your contract for this issue if you have access
3
3
26
This week, together with
@drdr_zz
and
@wh01s7
of SecuRing, we tackled a backlog of warnings from the Dedaub Watchdog tool, notifying around 100 holders of vulnerable accounts, with some $80M in funds exposed. (
@_trvalentine
had earlier produced the PoC.)
2
7
24
Please revoke your approvals ASAP. Someone is exploiting this.
1/A critical vulnerability that affected 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) has been reported and fixed.
All assets on both V2 Bridge and V3 Router are safe, and cross-chain transactions can be done safely.
More info👇
1
318
711
2
12
26
🚀 The popular Dedaub EVM bytecode decompiler now offers on-demand decompilation across any chain. Turn complex EVM bytecode into clear, Solidity-like code. Deep dive into Smart Contracts. 🔗 Get started
2
7
25
The issue (reported by Sifis), was discovered while using the Dedaub decompiler (Gigahorse).
Since then, we confirmed that the bug affects tens of thousands of contracts.
If your project uses Solidity (and libraries) it is likely affected.
1
1
24
🤩 Honored to join SEAL 911 and excited for the opportunity to contribute to upcoming SEAL ⚔️ Drills initiatives. Learn more 👉
1
3
24
Great news! Euler Finance Exploiter has returned a big chunk of the funds back to Euler Finance.
More details soon ⬇️
3
6
24
The
@solidity_lang
team will be disabling function pointer equality starting Solidity 0.9.
We're not aware of any uses of function equality in known protocols.
Fore more info:
1
1
22
Just wrapped up an incredible team retreat in Athens Riviera! 🎉 Four days of innovation, collaboration, and strategizing for the future of DeFi security. Here's to elevating Dedaub's impact on the blockchain ecosystem! 💪
0
1
22
@eulerfinance
Root cause analysis 🔬
The attacker's goal in the first 6 steps is to enter a position with a health factor as low as possible (underwater) but still escape liquidity checks. This is done 2 ways 👇
1
2
22
(Announcement)
We are working with
@eigenlayer
and are at advanced stages of finishing an audit covering important systems of EigenLayer, including:
- EigenDA, the first AVS (actively validated service)
- EigenLayer middleware
Stay tuned for updates.
1
0
22
One part of the PoC was implemented below.
The attacker also needs to implement code to reenter the router (calling execute) and sweep all token amounts.
The router may contain funds mid-transaction due to other actions and transfers in a complex swap...
1
1
21
One of the exploit txs was frontrun by a generalized frontrunner. On-chain negotiations between
@CurveFinance
deployer and frontrunner on the return of funds:
0
4
20
E.g.,
1) transfer an NFT
2) transfer the remaining funds.
The receipient of the NFT can easily reenter UniversalRouter (between steps 1 & 2) by calling transfer or sweep inside its onERC721Received handler and drain the entire amount!
1
1
20
Top tip💡
Use the "simulate transaction" feature on Contract Library before running a governance proposal, or signing an important tx
E.g., Tornado Cash Proposal 20:
2
2
20
We scanned the entire Ethereum chain for instances of this threat and warned other projects when applicable.
Dedaub's got your back :)
0
0
21
However, if third-party code is invoked at any point in the transfer (which manifests itself due to composition of protocols), the code can reenter the UniversalRouter and claim any tokens temporarily in the contract.
1
1
20
A few months ago, Curve promoted a technique for pricing crypto LP tokens for third-party protocols. Our analysis confirmed two pressing concerns:1) Internal oracle vulnerability 2) Read-only reentrancy risks, in specific cases👇 Curve: Vyper_contract
1
1
18
Such commands could include transfers to third party (potentially untrusted) recipients. In a correct implementation, such a transfer should send to the recipient only what the call parameters specify.
And nothing more.
1
1
19
The newly-released
@solidity_lang
0.8.21 compiler includes features contributed by one of our engineers.
SOLC now can:
- output Yul code in an AST format
- input Yul, generated by older compilers, for output in AST format
These options are very useful for code analysis tools.
1
0
16
New on : most powerful search around!
Unified search box over everything: active contracts, functions, events, errors!
1
2
17
Recently reported two DeFi vulnerabilities based on the same pattern, so we thought it's worth documenting.
1
6
18
Want to learn more / discuss?
Full report:
Discussion:
Presentation:
Livestream:
Thanks
@TimBeiko
for coordinating discussion around these EIPs on multiple channels
0
3
17
With optimizations, the function pointer to this function may also point to another function entry, conflating their id.
Fortunately, this is a rare corner case.
Most smart contracts don't use function pointer equality!
You can also work around this by disabling optimizations.
1
2
17
What a turn of events to the Euler Finance saga!
One attackers is trying to collaborate, but they are using an unsecure temp email!
2
4
16
We're even more excited now about the future of the Ethereum chain and the advantages Verkle trees can bring to the table.
In conclusion, the impact is not minimal but can be managed.
See more insights in our report from 18 mo ago:
0
0
16
Solidity supports higher-order functions, allowing functions to operate on functions *themselves*
Beyond the theory, impl. of function pointers is very-much tied to the underlying implementation of functions, i.e.,
JUMP targets or Selectors for intra/inter contract calls resp.
1
0
16
4/ The bug, as also exploited in
@samczsun
's PoC, is that one can go to any node in the proof path and add a `Right` hash (that verifies a forged, planted subtree). The code ignores this hash in the computation of the topmost root hash because the node already has a `Left` hash.
2
2
16
Curious about how small changes in Solidity code impact Smart Contract security?Explore our latest blog where we dissect the transition from 'require' to 'if/revert' and its significance in accurate negation
2
1
17
Preparing for a smart contract audit? 🧵
Here's seven things you need in your checklist ✔️
First, provide auditors with succinct, but comprehensive documentation.
This should explain the intent and design of your project, not just the code specifics.
2
0
16
Co-Founder Yannis Smaragdakis discusses bug patterns in Solidity leading to some major vulnerability disclosures, and the technology behind Watchdog.
Watch the presentation:
2
6
16
🚀 Introducing the Dedaub TX Simulator Snap for Metamask - Simulate your transactions before you execute! Discover more and install now:
0
0
16
Through our collaboration, we'll be pushing the boundaries of security automation. Our flagship security monitoring application (Watchdog) is being scaled to cover all major protocols running on Fantom.
Safety first! 🧑💻
Fantom is proud to announce a partnership with leading smart contract security firm
@Dedaub
🛠️
This partnership brings well-known security deployments of sophisticated analysis tools, including Watchdog, to all builders.
Read on:
22
83
358
1
3
13
Code is part of the state, requiring a witness.
~200gas will be charged for every 31B of accessed bytecode but accessing adjacent storage locations will be cheaper.
Both Solidity and Vyper compiler code generation algorithms are not tuned for this change!
2
1
14