SunSec @EDCON 🇯🇵 @1nf0s3cpt Twitter profile

Pinned Tweet

SunSec @EDCON 🇯🇵

2 years

📑 Root cause analysis from past DeFi incidents. Hope this stuff can help devs to avoid the same mistakes as much as possible. Now covered 95 incidents. #DeFi #Web3

117

402

1K

Last Seen Profiles

@MaterPhysio

@kingz_DGC

@tech_must_flow

@DoctorsXr

@BukaMaksimka

@reo_yoimachi

@pnkc_awaji

@NeglectedCarrot

@HaiAlphonse

@sry11673

@a_16march

@joeforgg

@pelukgue

@shemalebekasiBO

@meyou_83

@MiltonOkanga

@mariawelter6

@ArabelPankra

@joelentine65

@hosokakin55

@tyvnn1ng

@ladbible

@demerobbin

@Seh_gal

@ramcasemi

@StruckClau19940

@AmeliaGirasol

@mahelajayaward5

@ManuelAguirreSi

@MalghaniNudrat

@PBTwBetis

@AshKittenn

@flumemusic

@lk00042

@ta_ma_go0

@DL73N7MPUDGVnIo

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

Hey, I have released my second web3 repo DeFiVulnLabs! ⭐️ This repo will help you to learn common smart contract vulnerabilities using Foundry. Supported 16 test cases, I will add more cases in future. @gakonst @brockjelmore #web3sec #foundry

GitHub - SunWeb3Sec/DeFiVulnLabs: To learn common smart contract vulnerabilities using Foundry!

To learn common smart contract vulnerabilities using Foundry! - SunWeb3Sec/DeFiVulnLabs

github.com

15

124

390

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

We will start to release web3 security tutorials in DeFiHackLabs. To train more ppl into web3 sec. First one series will be OnChain transaction debugging & writing poc using Foundry.😀 #1 . Tools #2 . Warm up #3 . Writing p0c step by step We will have English and Chinese version.

22

26

260

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥Web3 Security Onboarding Since the last time, 70+ DMs and many people who join the community often ask the same question: "How can I learn web3 security?" So, I have created an onboarding channel and added a lot of resources for them. 🤟

5

80

256

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥[Release] DeFiVulnLabs Solidity Security Testing Guide. 🌀Supports 47 types of vulnerabilities. 🪧Includes vulnerability description, mitigation and how to test. 🔖: I hope this stuff can help developers avoid the same mistakes as much as possible.

8

141

202

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

I made a simple one-page that includes root cause analysis and useful tools. Also, we have released a Mandarin version for root cause analysis. ✅中文版漏洞分析完成了. Thanks to @xrexinc security team! Feel free to re-tweet, lets build a better DeFi!

14

69

184

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

(1/3) 📑OnChain Transaction Debugging Lesson 1: Tools I will collaborate with @xrexinc @SlowMist_Team @GoplusSecurity @numencyber @realScamSniffer @WTFAcademy_ and cybersecurity communities work together to build Web3 Cybersecurity Academy. #web3sec

GitHub - SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry.

Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.

github.com

6

48

179

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

📕For those interested in Smart Contract Security: Learning and Roadmap, DM me and I will send you a batch of links.

8

81

174

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

📑I spent four whole weekends on my personal hackathon for a month, dedicating a total of 62.5 hours to auditing 8 protocols. It was really fun to read through the code and find issues, and I learned a lot in the process. Keep learning!🤟 #audit

1

3

93

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📑Web3 security course for devs👀 Read only reentrancy - short intro. This issue found by @chain_security #web3 #web3sec

3

37

156

SunSec @EDCON 🇯🇵

@1nf0s3cpt

6 months

🔥Congratulations to @xuwinniexu the audit team lead of DeFiHackLabs, for receiving an award of $500,000+ in the @zksync audit contest on @code4rena ! 🥇We are proud of you! 🎉Also, congratulations to our friends @ChainLight_io @Offside_Labs #zkSync #Rust

10

6

151

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Currently, we have around 74 web3 white hats in the community, which has increased by 50% in Q1. We are very happy to see so many talented people joining the web3 security industry. Join us: Next team event: we will play CTF by @numencyber

Discord - Group Chat That’s All Fun & Games

Discord is great for playing games and chilling with friends, or even building a worldwide community. Customize your own space to talk, play, and hang out.

discord.com

4

2

85

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥I am ready to start writing "DeFiHackLabs Solidity Security Testing Guide". Currently, it supports 47 types of vulnerabilities. My todo: 1.Add missed vulnerability descriptions to the test cases written before. 2.Create a Notion version. 3.Create a PDF version.

9

27

137

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

It looks like the Euler exploiter will return the funds. We are waiting for good news. 🤞 Euler exploiter's message:

1

3

65

SunSec @EDCON 🇯🇵

@1nf0s3cpt

11 months

🔥Root Cause Analysis Part 2 of Past DeFi Incidents. We have covered another 101 incidents. We hope this information can help developers avoid making the same mistakes as much as possible. 👉 #Web3 #DeFi

5

44

123

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

⭐️DeFiVulnLabs - This repo will help you to learn common smart contract vulnerabilities using Foundry. Supported 25 vulnerable types. 👉 #web3 #solidity #security

GitHub - SunWeb3Sec/DeFiVulnLabs: To learn common smart contract vulnerabilities using Foundry!

To learn common smart contract vulnerabilities using Foundry! - SunWeb3Sec/DeFiVulnLabs

github.com

3

28

109

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

Working on re-analyze all incidents of past exploited. Sort out vulnerability types and common mistakes. Status: 20% #DeFi #Web3

17

16

105

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🚀 DeFiHackLabs GitHub repository just hit 3K stars ⭐️ We couldn't have done it without the amazing contributions from our community. Thank you all for your hard work and support! 🙏 👉 Close to 200 past DeFi incidents and POCs for case studies.

5

22

107

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📕Web3 Cybersecurity Academy - OnChain Transaction Debugging. Lesson 4 - Write Your Own PoC (MEV bot) We will use a MEV bot (private tx) for case analysis, and decompile the code to make a POC. 👉 Feel free to retweet and spread knowledge. #web3sec

2

32

107

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥[Link updated] Root Cause Analysis of 101 DeFi Hacks!!! 👉English: 🧵This analysis is supported in 5 languages.

7

28

106

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: Phantom function in DeFiVulbLabs. Phantom function: Accepts any call to a function that it doesn't actually define, without reverting. 👉 #web3sec

4

23

100

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

📕Web3 Cybersecurity Academy - Solidity Security Lesson 1 by @Sm4rty_ : Smart Contract Audit Methodology & Tips. 👉 Feel free to retweet and spread knowledge. #web3sec #web3

Solidity Security - Lesson 1: Smart Contract Audit Methodology & Tips

Author: Sm4rty Summary: This blog outlines a methodology for auditing smart contracts. While there is no universal approach, this post provides insight into creating your own. Additionally, it...

defihacklabs.substack.com

3

33

94

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

a friend suggested that I could compile a forking bug list. But I found out @yAcademyDAO has already done it.

GitHub - YAcademy-Residents/defi-fork-bugs: Bugs in commonly forked DeFi protocols

Bugs in commonly forked DeFi protocols. Contribute to YAcademy-Residents/defi-fork-bugs development by creating an account on GitHub.

github.com

0

23

97

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📕Web3 Cybersecurity Academy - Enhancing user asset security Lesson 1 by @evilcos @SlowMist_Team : Blockchain dark forest selfguard handbook. This handbook is helpful in learning how to protect your funds and in implementing best security practices. 👉

2

32

93

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 months

🔥我們非常高興地宣佈, DeFiHackLabs 獲得來自華語公共物品基金 @GCCofCommons 的 3.5 萬美元捐贈! 這筆資金將作為我們的早期運營啟動資金, 將助力我們在 Web3 安全領域的不懈努力, 培育更多人才.🚀 DeFiHackLabs slogan: Let's make web3 more secure! 歡迎加入我們一起共建! #DeFiHackLabs #GCC

5

10

84

SunSec @EDCON 🇯🇵

@1nf0s3cpt

3 months

🔥 DeFiHackLabs Repo has hit 4.7k stars and 400 PoCs. Thanks all contributors.🫰 We see more than ten incidents each month, which indicates an unhealthy industry. Protocols must focus on security.🙏

3

16

90

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

MIMSpell - Arbitrary External Call Vulnerability Lost: ~$17k 👉Poc: Please remember this pattern and avoid it. At least 9 protocols have incurred a total loss of ~$4.1 million due to this vulnerability. 🧵

2

17

84

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🚨Top5 crypto drainers you should know: 1. Vemon drainer ~$27M 2. Monkey drainer ~$16.5M 3. Pussy drainer ~$14.2M 4. Inferno Drainer ~$7.1M 5. Pink drainer ~$1.7M 👇You can follow up with stats on the dune in the thread.

9

28

77

SunSec @EDCON 🇯🇵

@1nf0s3cpt

7 months

🔥DarkCat progress updates: Automatic PoC generator: 1. Rewritten the server with nodejs (it was python before). 2.Using interfaces instead of low level calls. 3. Support run forge test directly on web. Keep improving!

6

18

78

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Web3 DevSecOps is very important! I have learned a lot during the process of deploying the Protocol to the Mainnet recently. I will share some thoughts on how to protect your protocol in🧵 #web3sec #devops #sre

3

84

83

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Finally, I got the DarkHandBook. Thanks @SlowMist_Team @evilcos @IM_23pds 👉 Check how to improve your security awareness. DarkHandBook e-book:

13

12

81

SunSec @EDCON 🇯🇵

@1nf0s3cpt

9 months

🔥DeFiHackLabs achieved 1️⃣1️⃣th place in the 48-hour @paradigm_ctf 2023. We faced great challenges and learned a lot. Thanks all amazing teammates.

6

9

79

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🥳 We are honored to join BugRap bug bounty platform and collaborate together. #BugBounty #Safer #Web3

BugRap

@BugRap_Team

1 year

🥳👏We are thrilled to welcome #DeFiHackLabs @1nf0s3cpt leading Whitehat community to our #BugBounty platform. Their expertise and dedication to security will be invaluable in helping us identify and address vulnerabilities in #Web3 . Let's work together to make #DeFi safer ⛑️

2

15

5

4

44

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: Unsafe downcasting in DeFiVulbLabs. Unsafe downcasting occurs when downcasting from a larger integer type to a smaller one is done without checks, which can result in unexpected behavior. 👉 🧵Short analysis #web3sec

2

9

77

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥DeFiHackLabs monthly recap. We released 19 PoCs in July. Contributors: 🥇 @gbaleeeee contributed to 9 of them. 🥈 @kam8617 contributed to 7 of them. @eugenioclrc , Niluke and foxing. 👉Github: #web3sec

4

16

71

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: Empty loop in DeFiVulbLabs. Empty loop: Due to insufficient validation, An attacker can simply pass an empty array to bypass the loop & signature verification. 👉 🧵 Short analysis #web3sec

3

17

74

SunSec @EDCON 🇯🇵

@1nf0s3cpt

9 months

🔥Community Partners Announcement🚀 We extend our gratitude to our esteemed 22 partners for their unwavering support. The community shall persevere and flourish. Please refer to this notion for the contributions made by our partners. 👉

7

15

75

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: Price manipulation in DeFiVulbLabs. In the past, we have seen at least 10 or more hacking incidents targeting protocols that employ this pattern. It is strongly advised to avoid it. 👉 🧵Short analysis #web3sec

2

18

72

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

We got 4th place in the @NUMEN 48-hour CTFcontest 🚀 Made amazing new friends, learned a ton, and had a blast tackling challenges together 🌟 Our first community event playing #CTF was a huge success! Can't wait for the next one! 🥳 #DeFiHackLabs #web3security #teamwork

8

5

65

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: 3⃣3⃣ecrecover returns address(0) in DeFiVulbLabs. If v value isn't 27 or 28. ecrecover will return address(0). 👉 🧵Short analysis #web3sec

2

16

69

SunSec @EDCON 🇯🇵

@1nf0s3cpt

5 months

🫡A victim's wallet got compromised, he DM'd me immediately. After guiding this victim, we rescued a total of $20,800. The total loss was about $10,000. Scammer's addresses: 0x2f59b36f9df917e1c19bba7a7fb2e70c262e1ad3 0x39cbef53fdca2b7c7ca4cd108739ec74a6318ac3

10

5

71

SunSec @EDCON 🇯🇵

@1nf0s3cpt

7 months

🔥DeFiHackLabsGPT sometimes save me a lot of time.🥳 You can find👇 #GPT

6

14

65

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 months

We are thrilled to announce that DeFiHackLabs has received its first sponsorship from SlowMist @SlowMist_Team @evilcos . 👇Learn more about our vision and mission.

14

70

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: 3⃣7⃣ abi.encodePacked() Hash Collisions in DeFiVulbLabs. Using abi.encodePacked() with multiple variable length arguments can, in certain situations, lead to a hash collision. 👉 🧵Short analysis #web3sec

3

14

67

SunSec @EDCON 🇯🇵

@1nf0s3cpt

8 months

🔥DeFiHackLabs now has its own domain.

4

5

69

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🎁 I am grateful beyond words for the wonderful gift I received! Thanks to @BlockSecTeam @yajinzhou !

7

2

68

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥Just finished DeFiHackLabs' first private online event. Today's sessions: 1. Rescued over $600k for SushiSwap sharing by @HYDNSecurity 2. Web3 Red Team Tactics sharing by @fala133 Many alphas today. 🥳

5

10

65

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🌟DeFiHackLabs monthly recap. We released 20 PoCs in May. 🔥 @gbaleeeee contributed to 9 of them. Contributors: @yicunhui2 @0xCryptothink Kkaminsk86 @eugenioclrc @pks_eth 👀Attacks has grown twice compared to the past few months. 👉 #web3sec

4

18

66

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📕Web3 Cybersecurity Academy - Enhancing user asset security Lesson 3 by @GoplusSecurity : Learn Security Risks with a New Honeypot Scam. Can you spot any suspicious in the code? Details 👉 Feel free to retweet and spread knowledge. #web3sec

6

25

67

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Uniswap V4’s “hooks” feature will allow future developers to create on-chain limit orders, automatic deposits to lending protocols, auto-compounded (LP) fees, and many other innovations... 👀It is interesting to check for bugs and issues.

5

17

66

SunSec @EDCON 🇯🇵

@1nf0s3cpt

8 months

🥇DarkCat - Blockchain Security Guardian in CodeQuest Security Hackathon organized by @Quill_Academy . 🎁Reward: We got @Phalcon_xyz 1 year Dev plan. 🔥Generate POC in 5 seconds. 🧵This tool may be opened to security analysts[TBD] Project participants: @1nf0s3cpt @0xknot

6

64

SunSec @EDCON 🇯🇵

@1nf0s3cpt

7 months

🔥DeFiHackLabs Website: You can find our Discord, Youtube, Academy, Github on the website. Currently, the community has more than 2,852 members and 155 whitehats. 🫡 Join us to build together!

4

19

63

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: 3⃣6⃣ Slippage - Incorrect deadline & slippage amount in DeFiVulbLabs. 👉 🧵Short analysis #web3sec

3

9

63

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 months

🔥DeFiHackLabs Incentive Program We want to encourage more people to join the Web3 security space and for security researchers to contribute more to the ecosystem. Therefore, we are launching an incentive program. #web3sec #BUIDL

4

14

64

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📑Web3 Cybersecurity Academy - OnChain Transaction Debugging Lesson 2: Warm up We will introduce how to use block explorers Etherscan and Phalcon to analyze on-chain transactions and write simple tests using Foundry. #web3sec #foundry

1

22

62

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

EulerFinance - Business Logic Flaw. Lost: ~$200M Check POC: credit: @gbaleeeee

GitHub - SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry.

Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.

github.com

6

10

59

SunSec @EDCON 🇯🇵

@1nf0s3cpt

10 months

⭐️To learn how to participate in a CTF contest. You must know how to utilize fork testing and broadcast your exploit on-chain. I use the Ethernaut challenges as an example. 👉Check ethernaut-foundry-solutions

1

7

61

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

🌟2022 Year-End Recap - Happy New Year! Summary of my Web3 security achievements in 2022 (a thread): DeFiHackLabs Since: Jun 10, 2022 ⭐️Star: 2,000. 580 commits. Cover 146 incidents. 23 Contributors. Core contributors: @gbaleeeee @h0wsO1

GitHub - SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry.

Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.

github.com

2

12

60

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥Added description for Read-only reentrancy in DeFiVulnLabs. The Read-Only reentrancy is a flaw in smart contract design that allows attackers to exploit the "read-only" nature of a function to make unintended changes to the contract's state. 👉

4

9

56

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

📕Web3 Cybersecurity Academy - Solidity Security Lesson 3 by @QuillAudits : Guidelines for Auditing Staking Protocols. 👉 Feel free to retweet and spread knowledge. #web3sec #web3 #Solidity #LSD #LIDO #shanghai #audit #Solidity

3

16

59

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Web3 Cybersecurity Academy - OnChain Transaction Debugging Lesson 6 by @gbaleeeee Write Your Own PoC (Reentrancy) We use DFX Finance as an example to analyze cross-function Reentrancy. 👉 Feel free to retweet and spread knowledge. #web3sec #web3

2

15

62

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

Ankr aBNB - minting function without validation??? WTF, everyone is minting.

8

10

57

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

📕Web3 Cybersecurity Academy - Enhancing user asset security Lesson 7 by @ZenGo : Offline signatures can drain your wallet! Check: Part 1👉 Part 2👉 Feel free to retweet and spread knowledge. #web3sec

User Asset Security - Lesson 7: Offline signatures can drain your wallet (Part 2/2)

Author: ZenGo Wallet

defihacklabs.substack.com

1

16

58

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: 3⃣4⃣Oracle data feed is insufficiently validated in DeFiVulbLabs. 👉 🧵Short analysis #web3sec

4

7

59

SunSec @EDCON 🇯🇵

@1nf0s3cpt

10 months

Congrats to DeFiHackLabs CTF team takes 3 spots in top 5 🚀 ONLYPWNER is a platform focused on the security aspects of Ethereum and EVM smart contracts! Hands-on with real-world challenges:

5

12

60

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Good works 👍 @BlockSecTeam successfully blocked an attack to rescue 2,906 ETH. Then the attacker left a message:

BlockSec

@BlockSecTeam

1 year

We blocked an attack on @ParaSpace_NFT and rescued 2900 eth. Please contact us asap. Dmed 45 minutes ago but get no response.

147

127

872

3

5

59

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📑Web3 security course for devs 👀Data location - storage vs memory #web3 #web3sec

3

8

58

SunSec @EDCON 🇯🇵

@1nf0s3cpt

7 months

🌟2023 Year-End Recap - Happy New Year! Summary of my Web3 security achievements in 2023 DeFiHackLabs - compared to the end of 2022. Stars from 2,000 to 4,332 Commits from 580 to 1,668 Incidents covered from 146 to 335 Contributors from 23 to 61 🧵(1/14)

6

11

57

SunSec @EDCON 🇯🇵

@1nf0s3cpt

3 months

🚨 Many paid X accounts are initiating OMNI airdrop phishing.

4

9

40

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

Rubic - Arbitrary External Call Vulnerability Lost: $1.5M Root cause: Insufficient validation in routerCallNative for whitelisted USDC contract. p0c:

Rubic

@CryptoRubic

2 years

Rubicans, we want to be fully transparent with you about what’s happened, and here’s our understanding of the recent events:

15

4

23

1

10

56

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥We are cooking part 2 of the root cause analysis. Status: 15% #web3sec

7

9

55

SunSec @EDCON 🇯🇵

@1nf0s3cpt

4 months

I'm grateful for the invitation from @SlowMist_Team 🤟 The seats in the audience were almost completely filled. 🔥

5

7

59

SunSec @EDCON 🇯🇵

@1nf0s3cpt

3 months

I was glad to talk about Web3 Security & Web3 DevSecOps at the CYBERSEC Conference. Spread the word about Web3Sec. #Web3Sec #SEAL911 #AML

5

9

58

SunSec @EDCON 🇯🇵

@1nf0s3cpt

6 months

🔥DeFiHackLabs Discord has reached over 3,000 people. #web3 #security

9

6

56

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: 3⃣5⃣Precision Loss - rounding down to zero in DeFiVulbLabs. 👉 🧵Short analysis #web3sec

3

13

56

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Be careful transfer ETH on zkSync ❌payable(address).transfer(amount) ✅payable(address).call[value: <X>]("") #zkSync

Eden Au

@0xedenau

1 year

A project on zkSync raised 921 ETH ($1.7M) in a token sale, but funds are stuck forever in the smart contract. The transfer() function works on Ethereum and other EVM chains, but not on zkSync.

638

651

4K

4

16

55

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: First deposit bug in DeFiVulbLabs. First depositor can break minting of shares! 👉 🧵 Short analysis #web3sec

1

16

55

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 months

🔥We are glad to announce that DeFiHackLabs has received sponsorship from Security Alliance @_SEAL_Org founded by Paradigm's head of security @samczsun . 👇Learn more about our vision and mission. #web3sec #DeFiHackLabs #SecurityAlliance #SEAL911

8

10

57

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📑Web3 security course for devs👀 Divide before multiply - short intro. 👇Mitigation. #web3 #web3sec

2

12

53

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: 3⃣8⃣ Struct Deletion Oversight in DeFiVulbLabs. Incomplete struct deletion leaves residual data. If you delete a struct containing a mapping, the mapping won't be deleted. 👉 🧵Short analysis #web3sec

1

9

54

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

The DeFiVulnLabs repository just hit a major milestone of 1K stars🌟! 🚀 Welcome everyone to contribute together if you want to add an unlisted vulnerable type. #web3sec

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

⭐️DeFiVulnLabs - This repo will help you to learn common smart contract vulnerabilities using Foundry. Supported 25 vulnerable types. 👉 #web3 #solidity #security

3

28

109

6

8

54

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

🔐Web3 security awareness course for users👀 What is blind signing? 👇Check 3 types of signing mechanisms in this thread. #web3 #web3sec #nftphishing

3

13

53

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥I added 5 types of vulnerabilities to #DeFiVulbLabs this week. 🧵Check in thread. Stay vigilant and keep your #DeFi projects secure!🔒 #Blockchain #Security #Web3

GitHub - SunWeb3Sec/DeFiVulnLabs: To learn common smart contract vulnerabilities using Foundry!

To learn common smart contract vulnerabilities using Foundry! - SunWeb3Sec/DeFiVulnLabs

github.com

5

8

52

SunSec @EDCON 🇯🇵

@1nf0s3cpt

11 months

I just received 30 WTF Solidity books. I'll be shipping them out to the recipients. 🚀 @WTFAcademy_ @0xAA_Science

15

3

52

SunSec @EDCON 🇯🇵

@1nf0s3cpt

11 months

🪧DeFiHackLabs web3sec community has generated two teams🚀 🔥Audit team - Team lead: @akshaysrivastv We are fortunate to have one of the best mentors coaching us. 🔥CTF team - Team lead: @vinami We are going to have a lot of fun in the CTF.

5

12

54

SunSec @EDCON 🇯🇵

@1nf0s3cpt

6 months

I’m honored to be one of the members. Everyone has the same goal: to make the Crypto industry more secure. DeFiHackLabs has always been committed to this belief. Thanks @samczsun 🔥

samczsun

@samczsun

6 months

I'm back, did you miss me? I have some huge news! Over the last year and a half, I've been working on something big in secret with the rest of the crypto security community. Today, we're finally ready to reveal ourselves to the world. We are @_SEAL_Org

97

364

2K

8

2

53

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥 A new vulnerable type added: 4⃣0⃣txGasPrice manipulation in DeFiVulbLabs. Manipulation of the txGasPrice value, which can result in unintended consequences and potential financial losses. 👉 🧵Short analysis #web3sec

2

5

50

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

🛠️[Tools] to identify a DeFi scam token. 👇 Check links in this thread or notion. Notion updated #scam #rugpull

I'm SunSec | Notion

Let’s make web3 industry more secure!

web3sec.notion.site

4

16

52

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

⭐️DeFiHackLabs monthly recap. We released 14 PoCs in February. 🏆MVP: @gbaleeeee contributed 11 PoCs. 🔥Check p0c: #web #web3sec

3

9

48

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

Two weeks ago, about 80 ppl DM'd me, and I shared resources on smart contract security with them. Last week, I created a TG channel to help them. Let's see how things will turn out in a month. Current role distribution: 34% web3 sec 23% web3 dev 8% web2 dev 8% web2 sec 27% Others

3

7

48

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

To learn CosmWasm's common vulnerabilities. New vulnerable type will update every week at least. Contributed by whitehat @pun1sh3ll of the DeFiHackLabs. #CosmWasm #DeFiVulnLabs

GitHub - punishell/DeFiVulnLabsCosmWasm: DeFiVulnLabsCosmWasm

DeFiVulnLabsCosmWasm. Contribute to punishell/DeFiVulnLabsCosmWasm development by creating an account on GitHub.

github.com

2

17

47

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥After a long wait, the Spanish version of "101 Root Cause Analysis of DeFi Hacks" is finally out. Thanks to @PolGallardo_ for the translation. 👉 Spanish version:

8

6

48

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🌟DeFiHackLabs monthly recap. We released 10 PoCs in April. 🔥MVP: @gbaleeeee contributed to 4 of them. Contributors: @0xPoor4ever @0xCryptothink @NFTUSM @yicunhui2 👉 #web3sec

2

12

50

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🔥[Release] Web3 Cybersecurity Academy Substack I have released all articles on substack. 👉Subscribe to learn here: #web3sec

DeFiHackLabs’s Substack | SunSec | Substack

Web3 Cybersecurity Academy. Click to read DeFiHackLabs’s Substack, by SunSec, a Substack publication with thousands of subscribers.

defihacklabs.substack.com

1

20

48

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

🌟DeFiHackLabs monthly recap. We released 9 PoCs in March. MVP: @gbaleeeee 🔥contributed 5 PoCs. Check p0c: #web #web3sec #web3sec

3

8

52

SunSec @EDCON 🇯🇵

@1nf0s3cpt

1 year

In 2 hours, my project @UnitasProtocol will start the audit contest on @sherlockdefi . I would like to invite all of you to join and participate in the audit. Have fun! 👉Check

Unitas Protocol Contest - 36,400 USDC

Unitized stablecoins serving as units of account representing emerging market currencies. A new currency revolution.

audits.sherlock.xyz

4

8

48

SunSec @EDCON 🇯🇵

@1nf0s3cpt

11 months

Finally, we got 6st place MetaTrust CTF. The competition is getting more exciting with more skilled participants.🫡 We still need more cybersecurity talent for the web3 industry. 👉Join us DeFiHackLabs web3sec community:

4

2

46

SunSec @EDCON 🇯🇵

@1nf0s3cpt

4 months

🔥DeFiHackLabs' monthly recap: We released 13 PoCs in March. Contributors: @kam8617 and bznsix each contributed to 4 of them, followed by @0xsha , QiLOL, xkwang91, bixia and @akshaynexust .

3

7

47

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

⭐️DeFiHackLabs monthly recap. We released 18 PoCs in December of which 14 incidents happened in this month. 🏆MVP: @gbaleeeee contributed 12 PoCs. 🔥Check p0c: #web #web3sec

2

6

46

SunSec @EDCON 🇯🇵

@1nf0s3cpt

2 years

📕Web3 Cybersecurity Academy - 鏈上威脅分析第三課-實戰撰寫價格操縱攻擊重現 - PoC 篇 @h0wsO1 已 EGD Finance 事件為例, 手把手教你開發 POC. ⭐️English version soon. #web3sec

2

11

45