Forwarded from Vladimir S. | Officer's Channel (officercia)
Just a bunch of freshly released web3 security tools:
• getrecon.substack.com/p/introducing-recon-invariant-testing
• x.com/msolomon44/status/1793071526167843069
• x.com/swissknifexyz
• x.com/youfelll/status/1795117529783791876
• github.com/ioterw/tracevm
More here: github.com/OffcierCia/tips-solidity-code-auditors
#audit #solidity #web3
• getrecon.substack.com/p/introducing-recon-invariant-testing
• x.com/msolomon44/status/1793071526167843069
• x.com/swissknifexyz
• x.com/youfelll/status/1795117529783791876
• github.com/ioterw/tracevm
More here: github.com/OffcierCia/tips-solidity-code-auditors
#audit #solidity #web3
Recon
Introducing Recon: Invariant Testing Made Easy
I’m Alex The Entreprenerd, I’ve been developing on the EVM since 2019, having worked with BadgerDAO in shipping eBTC, Building multiple Yield Strategies, one of which was used in production by Yearn, as well as multiple small Open Source Contributions
Forwarded from Vladimir S. | Officer's Channel (officercia)
AGGREGATOR
Just a bunch of freshly released web3 security tools: • getrecon.substack.com/p/introducing-recon-invariant-testing • x.com/msolomon44/status/1793071526167843069 • x.com/swissknifexyz • x.com/youfelll/status/1795117529783791876 • github.com/ioterw/tracevm…
glide.r.xyz
Glider | Next-gen code query framework
Run code analysis on millions of smart contracts across every integrated EVM blockchains at breakneck speed.
Forwarded from Vladimir S. | Officer's Channel (officercia)
Just a bunch of freshly released web3 security tools! ⚒️
• x.com/officer_cia/status/1798421885769908672
#security #audit #web3 #solidity
• x.com/officer_cia/status/1798421885769908672
#security #audit #web3 #solidity
X (formerly Twitter)
Officer's Notes (@officer_cia) on X
Just a bunch of freshly released web3 security tools! ⚒️
• https://t.co/ZtRFhPL4KA
• https://t.co/D5AlqeCGgv
• @swissknifexyz
• https://t.co/rVsfMbbaZa
• https://t.co/0ECisOy4qX
• https://t.co/lpv9Ow7qcT by @xyz_remedy
More tools below!
https://t.co/AxVmisHn4Y
• https://t.co/ZtRFhPL4KA
• https://t.co/D5AlqeCGgv
• @swissknifexyz
• https://t.co/rVsfMbbaZa
• https://t.co/0ECisOy4qX
• https://t.co/lpv9Ow7qcT by @xyz_remedy
More tools below!
https://t.co/AxVmisHn4Y
Forwarded from Vladimir S. | Officer's Channel (officercia)
Have you ever wondered how auditors manage to keep track of all the records and notes?
Check out ⬇️
• x.com/xyz_remedy/status/1798437635154649564
#security #audit #offtopic
Check out ⬇️
• x.com/xyz_remedy/status/1798437635154649564
#security #audit #offtopic
X (formerly Twitter)
Remedy (@xyz_remedy) on X
Have you ever wondered how auditors manage to keep track of all the records and notes?
In fact, there are also some tricks (like @obsdmd ) & life-hacks involved. Mentalist @officer_cia was glad to teach us a number of interesting practices!
https://t.co/jsMzOG40Zk
In fact, there are also some tricks (like @obsdmd ) & life-hacks involved. Mentalist @officer_cia was glad to teach us a number of interesting practices!
https://t.co/jsMzOG40Zk
Forwarded from Vladimir S. | Officer's Channel (officercia)
WANTED Web3 researchers, authors, writers, and hunters!
Your one-of-a-kind opportunity to provide public value while increasing the number of people who read your writings. Please add them to our wiki.r.security, and let us work together to keep this place safe!❤️
#audit #web3
Your one-of-a-kind opportunity to provide public value while increasing the number of people who read your writings. Please add them to our wiki.r.security, and let us work together to keep this place safe!
#audit #web3
Please open Telegram to view this post
VIEW IN TELEGRAM
WEB3 Vulnerapedia
Main Page
Forwarded from Vladimir S. | Officer's Channel (officercia)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (officercia)
It’s influenced by codeQL and on-chain SemGrep and it works with deployed smart contracts. Although, we deal with source code as it offers you more information in contrast to bytecode!
It also already led to a critical bug disclosure to Nouns DAO and a $30k bounty reward!
Please apply: x.com/officer_cia/status/1818684266454093854?1
#audit #web3 #security
It also already led to a critical bug disclosure to Nouns DAO and a $30k bounty reward!
Please apply: x.com/officer_cia/status/1818684266454093854?1
#audit #web3 #security
Forwarded from Vladimir S. | Officer's Channel (officercia)
Glider queries can describe complex bugs and find matches on all live smart contracts within dozens of seconds!
You often ask us about real queries and use cases, and we have something to share👇
• https://x.com/xyz_remedy/status/1820768545615085946?s=46
#audit #web3
You often ask us about real queries and use cases, and we have something to share
• https://x.com/xyz_remedy/status/1820768545615085946?s=46
#audit #web3
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Remedy (@xyz_remedy) on X
🔐 To catch such bugs, use a query ensuring all user inputs are validated against the signature hash. This prevents excluded inputs from allowing unintended logic execution, securing the contract’s behavior.
🔍 Example query to detect missing inputs in signature…
🔍 Example query to detect missing inputs in signature…
Forwarded from Vladimir S. | Officer's Channel (officercia)
Here’s an example we shared with our Community of how excluding certain user inputs from a hash message exploitation attack vector can be caught with Glider 👇
• https://x.com/elen__kay/status/1821125802949280062?s=46
Found this interesting👀 Join our Discord to learn more 🫡
#audit #web3
• https://x.com/elen__kay/status/1821125802949280062?s=46
Found this interesting
#audit #web3
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (officercia)
Remedy commits to Web3’s security by providing cutting-edge solutions and services, and we are eager to highlight our partner, LineaBuild.
Projects building on Linea can now quickly launch bug bounty programs and benefit from:
- No commissions and listing fees
- Free triaging during beta (powered by hexens.io security teams)
- One-of-a-kind ZK proof of duplicate
- Access to glide.R.xyz, our flagship technology
Join R.xyz to enhance security across Ethereum!
#audit #web3 #security
Projects building on Linea can now quickly launch bug bounty programs and benefit from:
- No commissions and listing fees
- Free triaging during beta (powered by hexens.io security teams)
- One-of-a-kind ZK proof of duplicate
- Access to glide.R.xyz, our flagship technology
Join R.xyz to enhance security across Ethereum!
#audit #web3 #security