1/9
Today I’m starting a new chapter in my life by joining @TheBlock__ family as a Research Analyst. I am very grateful to @lawmaster and all the rest of the team who supported the materials that I published here.
Also from today, I will be using my real name Igor on Twitter.
2/9
All articles on Medium and the most interesting threads that were written as Frank will be listed below with a few comments. Take a few minutes of your time to find out about how Blockstack faked users or what MEV transactions look like. Let’s go.
3/9
The announcement that @blockstack has over 1 million users was just ridiculous, so I wondered if I could find anything on their blockchain.
Apparently, the answer should have been news of the integration of Firechat (fc-). The messenger is now dead.
medium.com/@FrankResearch…
4/9
Black Thursday for @MakerDAO, a couple of days after the event, seemed to me insufficiently researched, given that it was the largest DeFi protocol and users did not understand why they lost their collateral.
medium.com/@whiterabbit_h…
5/9
Two hacks in a row related to reentrancy in imBTC were my first high point. Back then, there were not yet as many analysts who could quickly understand what was happening.
6/9
In just a couple of days, I finished my research on the state of the treasury wallets of various ICO projects, which was an extended version of what @DiarNewsletter once did. The article has a link to wallets that you can follow.
medium.com/@FrankResearch…
7/9
Of course, strange high-fee transactions over the summer caught my attention. And even though my theory that it was a money laundering bot turned out to be incorrect, PlusToken’s trail is still there.
medium.com/@FrankResearch…
8/9
Having decided one day to check the order of transactions in blocks, I noticed that some miners sort transactions in a very strange way. As is now known, it was @Archer_DAO.
9/9
Of course, this is not a complete list, I also published:
- analysis of almost every DeFi hack, if I managed to be the first
- CRV launch
- many more
After joining The Block, there will be even more insights, so be sure to get a subscription if you don’t already have one.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Frank Topbottom

Frank Topbottom Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @FrankResearcher

26 Dec
1/6
Currently, 49% of addresses eligible to claim $1INCH tokens have done so.

They took 75% of what was originally available on a $1INCH distributor smart contract. This is primarily because many big claimers are liquidity providers, and they needed to create markets. Image
2/6
The chart shows the distribution of the first actions which were taken by the wallet owners with all their 1INCH tokens.

Only 19% are holding tokens or stake them in the @1inchExchange ecosystem.

Almost 25% of wallets sold all their tokens at once after a claim. Image
3/6
29% transferred all their tokens to another address. This is because these are mainly additional user wallets.

The “Others” includes wallets that performed actions with parts of the claimed tokens, such as sending tokens to several addresses or selling them in parts.
Read 6 tweets
21 Nov
1/11
I really like @FTX_Official and their flexibility, but let’s see how it started. One of their most interesting innovations during their launch were leveraged tokens - tokenized margin positions with daily rebalancing. Image
2/11
It’s worth noting that leveraged tokens were launched by @AlamedaResearch about two months before FTX launched them. They even got their own website: leveragedtokens.com Image
3/11
In fact, the operation mechanism of the tokens, with the exception of tokenization, was transferred from the traditional market - where such an instrument is called a leveraged ETF. Image
Read 11 tweets
17 Nov
1/8
6 hours ago, there was another attack using flash loan, this time @OriginProtocol was affected. This attack is similar to Akropolis hack, because the problem is in re-entrancy and use of a fake token. All of this was needed to manipulate rebasing. Let’s see how it happened:
2/8
1. Flash loan 70k ETH from dYdX
2. Swap 17.5k ETH for 7.86 mln USDT on Uniswap
3. Swap 52.5k ETH for 20.99 mln DAI on Uniswap
4. Allow to rebase the attack contract
5. Mint 7.5 mln OUSD with 7.5 mln USDT
3/8
6. Call MintMultiple() function with:
6.1 mint 20.5 mln OUSD with 20.5 mln DAI
6.2 mint 2k OUSD with 2k USDT with rebasing through re-entrancy because the second asset is a fake token
7. Swap 300k OUSD to 158.5k USDT on Uniswap
8. Swap 1 mln OUSD to 520.7k USDT on Sushiswap
Read 8 tweets
30 Sep
1/11 Okay, MEV is coming
MEV is a consequence of the fact that miners (pool operators) have the right to choose the tx order in a block.
They can be the first to:
- execute arbitrage
- get access to token offerings
- perform liquidation
Plus, they may not pay a fee for this.
2/11 As far as I know before, this was mainly used only for free distribution of rewards to miners. In this case, at the beginning of the transaction block, transactions are made to the pool miners, and only then all transactions, in order of decreasing gas price.
3/11 However, the DeFi boom led to the fact that more often, txs with not the highest gas price began to be the first in blocks. In some Spark Pool blocks, the first places in the block were occupied by txs from some address, although the price for gas in them was ~1 gwei.
Read 11 tweets
29 Sep
$ENM hacker used Tornado to fund his address a week ago. Right after that, he claimed $UNI tokens for one of arbitrage contracts and withdrew them to himself in another tx by simulating arb. In theory, this claim could be a hack, which is why a mixer might have been used.
But it was necessary to guess without source code that arb function would help to withdraw $UNI and then use it in a certain way. Because of this, I’m more confident that it was the creator of the arb contract himself - 0x2d033fe
My hypothesis based on on-chain data:

0x223034e = $ENM hacker
0x762bfbd = the contract from which the hacker withdrawn $UNI
0x2d033fe = address of creator of 0x762bfbd
0x2f14f72 = address which funded creator (very likely one owner)
Read 4 tweets
29 Jun
Two random facts about the hack of @BalancerLabs pools:
- the hacker made five 0.1 ETH withdrawals from Tornado, in the first of them relayer was used and the rest using his own address. Consequently, the hacker had experience with Tornado and he made at least 5 deposits there. ImageImage
Currently, there are 1312 unique addresses that deposited 0.1 ETH into Tornado. Of these, 112 made at least 5 deposits. In addition, the number of addresses can be reduced by using heuristics from this paper: arxiv.org/pdf/2005.14051…
It will be cool if someone takes a look at it.
- the contract that withdrew the money from the STA pool couldn't withdraw it from the STONK pool due to an "Out of gas" error. However, after 40 minutes, the hacker rewrote the code and drained funds from the second pool using a new contract. ImageImage
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!