Bugs in the Web3 world are quite insane! And so are the bounties. In the last video, we've covered the vulnerability in Aurora that allowed to much take money from anyone's wallet without any interaction from them. https://youtu.be/Ol62FnY6mw8
Web3
Web3 Security Library
A lot of you ask me about the Web3 content. I will be publishing some videos about it soon but in the meantime, check out the repo where the Immunefi team gather all the resources about guides, tools, bugfix reviews and everything else about Web3 security....
Web3 Learning Corner #7 – the hourly rate of a top smart contract auditor
Capture the Ether On Capture the Ether, I did two tasks: Token Sale Token whale Both of them were about over/underflows which is no longer the case in later versions of Solidity but I still think it’s good to have these fundaments. How The Opyn Ethereum Contract was...
Web3 learning corner #6 – a $120,000 clickjacking
Capture the Ether I continued to solve tasks from Capture the Ether CTF. I completed the Public Key task which was rather easy - about retrieving a public key from an existing blockchain transaction. The Fuzzy Identity took me much longer than it should. It was quite...
Web3 learning corner #5 – more CTFs and some real smart contracts
In the last two issues, there was no web3 learning corner. It’s simply because last weeks I was working on BBRE Premium, the new website, marketing and so on. There were a lot of boring tasks which I usually do outside my normal working schedule. I don’t do things...
Smart contract security checklist
I haven’t fully gotten into the world of smart contracts security yet but I already see how costly mistakes are here. In this Stack Exchange thread, there’s a checklist for smart contract developers. It is surely not complete but a good starting point....
Web3 learning corner #4
In the last two weeks, I didn’t do anything practical related to learning web3. It’s mostly due to me preparing a new BBRE Pemium website. But I watched two videos in this time. Advanced Smart Contract Hacking One was a presentation from RSA Conference 2019 about...
Break into smart contract hacking
I don’t know how about you but when I see bounties of $100k, $500k or a million bucks, I can’t counteract thinking about learning smart contract hacking. However, now is not the time for me - I want to stabilise a bit with the web stuff before jumping to something...
Web3 learning corner #3 – preparing a BBRE video
Solidity, Blockchain, and Smart Contract Course – Beginner to Expert Python Tutorial At the moment, I am at 9h 50m of the solidity course on freeCodeCamp , just before the chapter about NFTs. I rather fast-forwarded through the Defi & Aave lessons but I will watch...
Finding web2 bugs on NFT websites
When I think about hacking NFTs, hacking smart contracts is what comes to my mind. But it’s not necessarily the case. Zseano doesn’t know how to hack smart contracts yet but he has decided to test a few NFT websites and approach them with his extensive knowledge about...