Halborn Profile picture
Elite Blockchain Cybersecurity // We’re Hiring!
Mar 13, 2023 5 tweets 4 min read
1/ Solidity is indispensable for developers building #decentralized applications‼️ This article will discuss how the delegatecall in #Solidity can introduce vulnerabilities in #smartcontracts and highlight measures for preventing issues associated with using it in your code.💡 2/ 𝗪𝗵𝗮𝘁 𝗜𝘀 𝗗𝗲𝗹𝗲𝗴𝗮𝘁𝗲𝗰𝗮𝗹𝗹?
In #Solidity, call and delegatecall are low-level interfaces for interacting with contracts. Triggering the call function in a contract causes the code at that address to execute in the context of the target contract.
Mar 13, 2023 10 tweets 3 min read
🚨 Halborn discovered massive #ZeroDay impacting Dogecoin and 280+ networks including Litecoin and Zcash, putting over $25 Billion of digital assets at risk!

🧵👇... 1/ In March 2022, Halborn started to evaluate #dogecoin under a contract and found several vulnerabilities which were fixed by the Dogecoin team.
Nov 15, 2022 6 tweets 5 min read
1/ In November 2022, Skyward Finance became the first project in the NEAR ecosystem on the Rekt leaderboard of the biggest #DeFi hacks. The attacker exploited vulnerabilities in the Skyward contracts to drain approximately $3.2 million in tokens from the project. #cryptocurrency 2/ The Skyward hack was made possible by a vulnerability in the redeem_skyward function within the project’s #SmartContracts. This function allows users to redeem the SKYWARD tokens they have earned for wNEAR tokens stored within the contract.

#Hacked #Blockchain #Security
Nov 14, 2022 7 tweets 3 min read
1/ Let's compare the four main types of #Blockchain Networks!🔗

We'll take a look at the main features, advantages, and disadvantages of each. 2/ Public: Public blockchains are permissionless, decentralized networks accessible to anyone.

#blockchain #decentralized
Oct 6, 2022 5 tweets 1 min read
1/ 🤫 Proving knowledge of a secret is a common requirement in security. For example, passwords are the most common form of user authentication.

Password-based authentication requires both parties (the user and the server) to know the secret. 2/ 0️⃣ Zero-knowledge proofs (or ZKPs) provide an alternative. With a ZKP, the prover can prove knowledge of a secret without revealing the secret itself.
Oct 5, 2022 9 tweets 2 min read
1/ ⛓️ Once and for all, how do Bitcoin and Ethereum compare? We explore... 2/ 🪙 Bitcoin is a decentralized, peer-to-peer digital currency that enables instant, global payments to anyone, anywhere.
Oct 5, 2022 9 tweets 2 min read
1/ 🚩 Exit scams are one of the major risks of investing in a cryptocurrency project. There are 7 red flags that may be a cause for concern... 2/ 🕵️ Anonymous Teams: It is much easier for a project team to steal the project’s funds and disappear if no one knows who they truly are.
Oct 4, 2022 6 tweets 1 min read
1/ 📘 In information security, the Blue Team refers to a group of defensive security pros tasked with maintaining internal defenses against any incoming cyber attacks.

But their job is only part of the security work needed within any given entity... 2/ 📕...On the other side of the Blue Team’s defensive approach comes the Red Team playing offense.

Red Teams consist of security pros, including ethical hackers, who try to overcome an organization’s cybersecurity controls.
Oct 4, 2022 7 tweets 1 min read
1/ 🥁 Introducing Part 1/3 of our Decentralized Finance Security series. 2/ 💰 DeFi’s ability to revolutionize the financial sector by offering decentralized, blockchain-based alternatives to traditional financial services has driven significant investment in the space.
Oct 3, 2022 10 tweets 2 min read
1/ 📜 A smart contract is a piece of code (now commonly deployed on blockchains) that automatically executes when specific conditions are satisfied. 2/ ⛓️ Because blockchains store information immutably, running smart contracts on them offers a unique layer of transactional transparency and security.
Jun 29, 2022 11 tweets 3 min read
A 🧵from Halborn + @ImmuneFi on the vulnerability that could have cost Port Finance $25 million if an attacker exploited the logic governing liquidation of obligations… On March 29, whitehat nojob reported a critical vulnerability ☠️ in Port Finance, a non-custodial money market protocol on @Solana.
May 23, 2022 18 tweets 6 min read
🚨 NFT & Gaming Security Alert for #EVM / #solidity projects 🚨
🧵 time on why weak PRNG can lead to technical users winning everything… First, we're excited to announce our audit of @exiledracers' smart contract - in the lead up to their mint on May 31. ✅
Our work together helped identify this ecosystem-wide issue of a weak pseudo-random number generator (PRNG) + Signature frontrunning/replay
Apr 6, 2022 7 tweets 3 min read
🚨 Halborn Discovers Zero-Day in CosmWasm 🚨
Read below for a 🧵 on our zero-day vulnerability in @CosmWasm smart contracts across 20+ blockchains… 1/ Last month, Halborn security researcher @OwlAtNite discovered a #zeroday vulnerability from the lack of normalization of addresses in Bech32 specification (a format for SegWit addresses) in #CosmWasm.