Adrian ⛩️ Hetman 🐺⚔️ Profile picture
DeFi Security Triager @immunefi | Hunting down DeFi Monsters 🏹🧟👻 | Tweets about #Blockchain #Ethereum #DeFi #InfoSec #Tech 🦇🔊 | Views are my own 🧐
25 Nov
(1/n) Ethereum, while being an extremely versatile blockchain, still has significant usability constraints.

Ethereum has trouble with scaling, that is, handling an increasing number of transactions.

And there have been some remarkable scaling solutions to alleviate this.

(2/n) The current Ethereum version has low transaction throughput and high latency in processing.

This means that transactions are both slow and prohibitively expensive. 🐢 💸

There are two general types of scaling solutions proposed for the above issues

On-chain and Off-chain
(3/n) On-chain scaling refers to any direct modification made to a blockchain, like data sharding and execution sharding in the incoming version of Ethereum 2.0.

Another type of on-chain scaling would be a sidechain with two-way bridge to Ethereum, like Polygon.
Read 11 tweets
24 Jun
1/ Do you think ERC20 approve() is safe? Well… 🧵

Function in itself is safe but there are two scenario where ERC20 approve() shows its rough edges.

First is a front-running attack on approve().

Imagine following scenario 👇
* Alice approves Bob for 20 Tokens
* After some time, Alice changes approve to 10
* Bob front-runs the Alice TX for approve(10)
* Bob spends 20 Tokens
* Alice TX passes
* Bob spends additional 10 Tokens from Alice.

Why is that?
3/ Attack is also possible because approve() overrides current allowance.

It doesn’t increase/decrease allowance in atomic manner.

How can we limit against that?

There are two approaches to limit the attack vector.
Read 15 tweets
23 Jun
1/How @ElevenFinance got hacked? 🧵

The exploit was possible due to a bug in emergencyBurn() function of ElevenNeverSellVault.

There is a transfer of previously deposited funds during the function call, but there is a lack of burning of Nerve shares to account for the transfer Image
2/ In other words, an attacker could double-spend Nerve shares he acquired during initial deposit to the vault.

emergencyBurn() didn’t burn 11NRV Tokens so an attacker used them in “withdrawAll()” to get additional LP Tokens in return.
3/ He burned LP Tokens on PancakeSwap getting the underlying tokens.

After repaying the FlashSwap, attacker was left with funds from burning second time the 11NRV Tokens.

This was done on multiple vaults on ElevenFinance, marking a total loss of $4.5M.
Read 4 tweets
21 Jun
1/ Why China is cracking down on #Bitcoin? 🧵

Currently many of the Chinese provinces where Bitcoin miners resided, rolled out new policies restricting or banning the #BTC miners.

Inner Mongolia, Xinjiang, Yunnan and Sichuan banned Bitcoin.
2/ Energy companies were told to stop providing energy to crypto miners due to them using too much electricity.

It became an illegal activity to mine cryptocurrencies. If someone would be found to do so regardless, they would be added to the blacklist of social credit system.
3/ All decision seems to be linked mainly with Energy usage.

China plans to achieve carbon neutrality by 2060 and reducing carbon intensity or the amount of carbon emitted per unit of GDP, by more than 65% by 2030.

Bitcoin mining ban can help with that.
Read 13 tweets