Smart Contract Security Newsletter #45

Shayan Eskandari
ConsenSys Diligence
4 min readOct 7, 2020

We have a few new blog posts for you:

  • Breaking Ethereum Nodes with Teatime: A tool focusing on attacks on the P2P layer and the node software itself, working on ETH1.0 and JSON-RPC interfaces.
  • LibP2P: Multiaddr — Enode — ENR ?! : There are multiple ways to convey a node’s peer-to-peer address and identity. multiaddr, enode, and ENR are the ones used in the Ethereum network stack. In this article, we are going to shed some light on them. Also a web-app for easy conversions between these encodings.
  • Detecting Ownership Takeovers Using Mythril : How to write a detection module for Mythril to detect the unwanted ownership transfers of your smart contract.
  • 2nd Solidity Underhanded Contest : The goal of this contest is to write innocent-looking Solidity code, which pretends to be clear and straightforward, but actually contains malicious behavior or backdoors.

Do you consider yourself a smart contract hacker? Or do you know someone that might be? Good news, ConsenSys Diligence is hiring.

Distilled News

Front-running in the dark forest and saving Lien Finance

You may have read the great article by Dan Robinson on the state of front-running bots on Ethereum network. Last week a group of whitehat hackers, including Alex Wade from Diligence, got together to save $9 million from Lien Finance’s vulnerable contract.

On the side note, there are some other interesting analysis on the front-running bots watching the Ethereum mempool:

Is DeFi really decentralized? KuCoin Hack Story

Last week, over $150 million was siphoned out of KuCoin exchange. Shortly after, a few tokens that were affected by this hack started to fork to remove the hacked balance from their pool, and some other DeFi projects froze the hackers address to prevent helping the hacker to launder the stolen funds. Other than USDT, ALEPH was also amongst these DeFi projects that froze the hacker’s assets. The hacker might also have been found.

More on DeFi security incidents

If you enjoy this newsletter please share it with your friends, or ask them to sign up here Smart Contract Security Newsletter

--

--