News /

Decentralized Identity: Passport to Web3

The internet was created without a native identity layer for people. Because of this, the issue of digital identity was relegated to websites and applications.

Dinosaur Eggs’ LiquidityPool Loophole Explained

In the summer of 2020, Chef Nomi (@NomiChef) [1] presented the MasterChef contract [2], one of the most redeployed contracts during the initial wave of DeFi mania. Many DeFi projects tweaked and re-deployed the MasterChef contract to build their yield farming features. However, some of them made mistakes while altering Chef Nomi’s recipe [3][4][5]. On October 6, 2021, we identified one of them.

Arweave: Enabling the Permaweb

The Arweave Protocol is designed to provide decentralized, scalable, and permanent on-chain data storage. Much like how Ethereum is the world’s computer, Arweave can be thought of as the world’s hard drive that never forgets. The protocol uses a combination of innovative blockchain technologies and clever game theory design to create a healthy and sustainable network.

Preventing Re-Entrancy Attacks — Lessons from History

In the short history of crypto/blockchains, re-entrancy attacks have undoubtedly become one of the most well-known type of exploits. TheDAO, which caused the hard-fork of Ethereum in the early days, led to the creation of the Ethereum Classic (ETC).

Ethereum Layer 2 Solutions

At the time of writing, 145K transactions are pending to be included in the Ethereum network. The surge in adoption of the Ethereum network, together with ETH price appreciation, has boosted the dollar costs of gas fees, resulting in an unfriendly experience for retail users. Layer 2 solutions aim to increase the network throughput by building ‘on top’ of Ethereum, without affecting the decentralization or security characteristics of the underlying blockchain.

BSC Flash Loan Attack: The Three Copycats

A series of attacks compromised several Binance Smart Chain (BSC) projects in May. Following PancakeBunny, three project forks — AutoShark, Merlin Labs, and PancakeHunny were also attacked using similar techniques. PancakeBunny suffered the most costly attack of the four, which saw nearly $45M in total damages. In this article, we dig into the details behind the attacks on the three copycats.

BSC Flash Loan Attack: PancakeBunny

In May 2021, we witnessed multiple hacks targeting BSC DeFi products. In particular, a loophole related to reward minting in the yield aggregator, PancakeBunny, was exploited to mint ~7M BUNNY tokens from nothing, leading to a $45M financial loss. After the hack, three forked projects — AutoShark, Merlin Labs, and PancakeHunny — were exploited using similar techniques. Below we dig into loophole and give a step-by-step account of the exploit by reproducing the attack against PancakeBunny.

Exploiting Spartan Protocol’s LP-Share Calculation Flaws

At midnight on Labour Day, Binance Smart Chain (BSC), the blockchain running EVM-compatible smart contracts, suffered its first flash loan attack. Over $30mm was drained from Spartan Protocol’s liquidity pool.