Pengun
@dot_pengun
Followers
191
Following
868
Media
36
Statuses
317
Penguin Blockchain Security Researcher. Not just Penguin. Pengun.
Joined January 2023
Finally, the payout on @Blast_L2 from @cantinaxyz has been revealed.π° Exploring Geth nodes and building a poc was very insightful. I didn't find many vulnerabilities, but I'm satisfied that I found high vulnerabilities in the most popular L2.
2
1
14
hope you didn't need `tx.origin == msg.sender`
EIP-3074 was just approved to go live in the next Ethereum hard fork. This EIP will forever change how users interact on EVM chains, making wallet UX simpler, cheaper, and more powerful. Here's a high level overview of EIP-3074 and how it'll change the game π§΅:
0
2
9
@SSS_HQ exploit (whitehat rescue) root cause was simple transfer logic bug. transferFrom(me, me, amount) will multiply your balance They audited token contract. Audit catch only 1 low issue π
SSS token is non upgradable this can't be fix. Don't swap and remove all liquidity.
We have been exploited, it's mint related. We are still looking into the code. Tokens were minted and sold into the LP. Transaction: https://t.co/F4XeqdyJu2 the exploited funds are in this wallet:
0
1
1
Welcome... to the new largest competition in history with @eulerfinance! π° $1,250,000 USDC ποΈ May 20th - June 17th π @cantinaxyz Invite only. Don't have one? Details below:
94
142
296
another million contest π
Welcome... to the new largest competition in history with @eulerfinance! π° $1,250,000 USDC ποΈ May 20th - June 17th π @cantinaxyz Invite only. Don't have one? Details below:
0
0
0
LFGπ₯
Welcome @Curvance to the @cantinaxyz as we kick off the 2nd largest competition of the year! π° $375,000 USDC ποΈ February 26th, 20:00 PM UTC (6 Weeks) π (Competition Link Provided Below) Loading... Need an invite? Details Below πΎπͺ
0
0
1
A 𧡠on how yesterday's @MIM_Spell attack worked. The protocol did everything right. They rounded in the protocol's favour whenever they should but one additional function, meant to only reduce the user's funds, ended up enabling the attack. How?
15
94
466
Thanks to @Official_Chonii quick fix, we can now safely use Raffle Machine again As a member of the community, I'm proud to have kept our product safe. Always put security first!
0
0
4
Today @KonguNFT launched Raffle Machine. However, the feature contained vulnerabilities that could be manipulated by an arbitrary user. I reached out to @SilverbackAvi and fortunately we communicated right away.
2
1
9
π¨π¨π¨ RED ALERT π¨π¨π¨: Do not interact with ANY dApps until further notice. It appears that a commonly used web3 connector has been compromised which allows for injection of malicious code affecting numerous dApps.
493
3K
6K
Awesome checklist
Using checklists can be a real lifesaver when you're gearing up for a security review or diving into protocol audits. There's a variety out there β some cover the basics, while others zero in on specific protocols. Take a look at these checklists, they're like your secret weapon
0
0
1
I totally agree
Tell yourself youβll grow a little bit everyday and stop comparing your sucesso to others. Everyoneβs path is different. These are the things that help you stay on track when your learning something new. And donβt forget to journal and have check ins. Check in with myself once
0
0
2
What truly matters is focusing on your daily growth and development. Keep in mind, when you focus on improving yourself every day, success and results will naturally follow. To me and other security researchers: Let's be better today than we were yesterday!
0
0
5
For instance, you might hear about someone earning a five-figure payout with private audit in a month, or someone else reporting a bug every week. These comparisons, however, aren't necessary. They often distract us from our own paths and potential achievements.
1
0
5
π Ever feel like you're not moving forward or growing anymore? It might be time to consider if you're caught up in comparing yourself to others too much. It's easy to look at others and measure their success against our own.
1
1
9
I'm currently doing an appchain security review. This vulnerability gave me a good insight π
Vulnerability in Cosmos SDK allows attackers to force upgrade of blockchain binary. Attackers can inject malicious string into stdout log to trigger Cosmovisor to upgrade to malicious binary. Explore a real blockchain RCE with @Dooflin5 π https://t.co/CgbxD7WGUT
1
0
5
Vulnerability in Cosmos SDK allows attackers to force upgrade of blockchain binary. Attackers can inject malicious string into stdout log to trigger Cosmovisor to upgrade to malicious binary. Explore a real blockchain RCE with @Dooflin5 π https://t.co/CgbxD7WGUT
0
6
18