Chaofan Shou Profile picture
phd student @ucberkeley working on security (#fuzzing #plse #llm) / cofounder @fuzzland_
Aug 24 14 tweets 5 min read
Confession: I and @tonyke_bot printed ~$20K in 4hrs by sandwiching @four_meme_ trade. Here are the technical details, code, and giveaways 🧵🧵 Image We saw a few high-profit sandwiches on Thursday at midnight. This is uncommon because the profit for most sandwiches today is less than $1.

Join our group to watch interesting MEV bots together: t.me/+GU0tYsLwVPs4M…
Image
Jul 25 4 tweets 3 min read
We stopped a $2.8M hack targeting AllianceBlock.

Details👇🧵 Image Vulnerabilities: AllianceBlock upgraded one of its staking contracts to accept new tokens due to the Bonq DAO hack two years ago. Two storage variables were deleted in the new implementation, making the storage slot `initialized` (originally at 0x12, with value 1) aliased with a slot (0xf) holding an address. The value of `initialized` is important because it indicates whether the contract has been initialized. The contract is supposed to be only initialized once.

As an address is 160 bits, the leading 96 bits in the slot are all 0s. After aliasing, `initialized` is now at slot 0xf's 95th bit, which is 0, making the contract uninitialized.

Under the current state, an attacker can re-initialize the contract. In AllianceBlock's staking contract, re-initializing can reset the `rewardRate`, `rewardToken`, and `stakingToken`. To drain `rewardToken` in the contract, one can simply inflate the `rewardRate` such that by staking a very small amount of tokens, they can get an infinite amount of reward tokens back.

It becomes a bit tricky to steal `stakingToken`. One possible way would be resetting the `stakingToken` to a contract the attacker can control, and conduct a fake stake. As soon as the developer upgrades the contract again, the attacker can backrun the upgrade transaction to unstake real staking tokens, draining them without paying anything. There might be additional ways to exploit, as we did not dig too deep.

Upgrade Tx:
Decompiled New Implementation: etherscan.io/tx/0x48dcb38af…
app.dedaub.com/decompile?md5=…Image
Apr 14 9 tweets 3 min read
Technical details on how we made $10k/hr by mining $ORE via @bloXrouteLabs @jito_sol and GPUs.

[1/8] 🧵Image @bloXrouteLabs @jito_sol [2/8] WTF is $ORE

ORE is a token on Solana with a mining program. One can claim ORE from the mining program by sending correct nonces (calculated by trying hashes) to it.

A mining tx looks like this: Image
Dec 13, 2023 7 tweets 4 min read
😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability.

Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.) On 12/11, @rabbit_2333 posted details about an XSS on the Twitter subdomain .

analytics.twitter.com
May 9, 2023 8 tweets 2 min read
How to make $800k every day by rug pulling?

A tutorial 🧵[1/7] Image Create an ERC20 token, preferably with some funky names.

Some examples 👇

[2/7] Image
May 8, 2023 4 tweets 2 min read
gg! Our fuzzer can solve all challenges automatically in <16hrs on single core with some fine tunings 🔥🔥

Will share the writeup

Try it out: github.com/fuzzland/ityfu… And kudos to @publicqi for solving even faster than the fuzzer and using less gas
Apr 20, 2023 8 tweets 7 min read
🈹 Stop buying #pepedao / #pipipump / #bobcoin, owner can rug you.

Scammer deployed >67 malicious tokens. These contracts are obfuscated and designed to bypass @GoplusSecurity & @Token_Sniffer's rugpull analysis.

~$300k funds have already been rugged.

#ScamAlert #rugpull twitter.com/i/web/status/1… Image @GoplusSecurity @Token_Sniffer So, what's going on?

1. The attacker uses "oowner" to define the owner so that analysis considers the contract has no owner -- really benign in the eye of static analysis! twitter.com/i/web/status/1…