Pods Finance has a rewards system built into the protocol. If you decide to put issue options, then the contract will mint rewards for you. The vulnerability, which was present in both rewards...
RocketPool and Lido are both third party staking pools for Ethereum 2.0. Proof of stake, vs. proof of work, is the future, as it should make the Ethereum much more performant. Instead of random...
PancakeSwap is a platform for swapping tokens and many other functionality. In this blog post, the author goes into the lottery functionality. The vulnerable code persisted in several other...
The author beings with a quick statement: "A common misconception in building software is that if every component in a system is individually verified to be safe, the system itself is also safe"....
MCDEX is a decentralized exchange and layer 2 platform that allows users to trade perpetual contracts. When performing batch trades, a user can provide the liquidity pool contract. The liquidity...
Tidal Finance is a discretionary mutual cover protocol that offers the DeFi community the ability to hedge against the failure of any DeFi protocol or asset. In normal person terms, this is...
Belt Finance has a strategy token. This represents shares within the pool of assets. Each token is given out proportionally (pro rata) for assets put into the strategy contract. The strategy token...
HomoraBankv2 allows for the usage of a custom smart contract for providing logic called a spell. The only check performed is that the loan is greater than the borrowed amount for custom contracts....
Pancake Bunny is a yield farming aggregator and optimizer for Binance Smart Chan (BSC) and Ethereum. The attacker took out a flash loan before doing this attack on BNB and Tether (USDT). First,...
Cream is a decentralized lending protocol (just like a ton of things on the blockchain). In the Cryptocurrency space, an Automated Market Maker (AMM) is used for calculating the cost of an asset...
Mirror Protocol allows users to take long or short positions on tech stocks. To bet on a stock, you must lock collateral for a minimum of 14 days. After the trade concludes, they can unlock the...
Crema is an Automated Market Maker (AMM) that allows users to concentrate their funds into a specific zones for trading. This allows users to use of their resources, instead of a small fraction of...
Poly is a cross chain protocol. It is essentially a bridge between two contracts. In order to do this, a special contract gets called from an EOA to update the state from blockchain to blockchain....
The Financial Non-Fungible Token (FNFT) of Revest has vaults that allow the transferring of access to these vaults. This works by a user sending some asset, such as wETH to the contract. Then,...
Bunker Finance is a borrow and lend platform specifically for getting money for NFTs as collateral. Essentially, you can fund loans by using NFTs. When depositing NFTs as collateral on Bunker, the...
Authored by Dexter Shin McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them... The post New HiddenAds malware affects 1M+ users and hides on the Google...
Visit our booth and attend one of our many sessions at re:Inforce this week.
Wiz leverages its leading Cloud Security Graph to help Cloud Defenders quickly understand, with the click of a button— what happened, where it happened, and how to respond.
Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the...
A consensus method is how a group of entities come to a single source of truth. Bitcoin and Ethereum uses proof of work in order to do this. Newer blockchains are using proof of stake. This means...
An unauthorised party has seized control of the @avtestorg Twitter account, nuked its profile picture and banner, replaced its name and description with a full-stop, and set about retweeting...
We invite you to attend Wiz Research's four technical sessions as well as the Wiz party at Flight Club Boston.
Balancer is a specialized AMM that allows trading pools of more than 2 coins. Most of the time, these pools are 2 coins, where the price is self balancing and really simple: Balance of token A *...
Vee Finance is a lending protocol that is mainly forked from Compound Protocol but adds a little bit more functionality. Slippage is the cost between attempted buying price and the real buying...
I can't tell you not to seek ethical hacking certification from EC-Council. But I can suggest that if you are looking for an online university to boost your cybersecurity career, you don't settle...
I’ve come to realise that I wasn’t the only one that has never actually exploited an HTTP Request Smuggling vulnerability, three years after James Kettle reminded the world of it. Like many, I’ve...
On 2022-07-18, an incident was reported, involving an unknown actor, gaining initial access via Cloud native misconfig, to achieve Supply chain attack, Denial of wallet.
On 2022-07-11, a campaign was reported, involving Bondnet, gaining initial access via Password attack, targeting Microsoft SQL Server to achieve Resource hijacking.
On 2022-07-07, a campaign was reported, involving 8220 Gang, gaining initial access via 1-day vulnerability, to achieve Resource hijacking.
Firmware analysis is an essential part of security research and targeted search for vulnerabilities in IoT products. This article examines conventional methods of dynamic analysis and some less...