Content pfp
Content
@
https://warpcast.com/~/channel/eth-security
0 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 1 🛡️ This week starts with several security exercises. Intentionally buggy contracts to get into auditing headspace. Today’s challenge was a Layer0 implementation which had several bugs around mis handled fees calculations, hard coded variables, and faulty access controls.
1 reply
0 recast
1 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 2 🛡️ We had two fun challenges today that required some onchain sleuthing. First we needed to recovery some tokens from an account that “lost” its PK but had used EIP-7702 and delegated to a multi call contract. Second we had to recover some tokens from a vulnerable treasury contract using signature malleability.
1 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 3🛡️ Quiz 1 was one of those where I sniffed out the vulnerable code but struggled making a PoC. The struggle was well worth it as I now have a very clever vulnerability in the memory bank 🏦 Quiz 2 included a lending protocol that had insurance to socialize bad debt. This mechanism could be gamed because it did not ensure the debt was still bad when it repaid the lending protocol.
1 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 4🛡️ Devtooligan (legend) gave us a hands-on bug hunt in a Uniswap V2 integration. It swapped tokens, then added liquidity, but did so inefficiently and left tokens stuck in the contract. We also got a 🔥 video from Dev about their own fellowship experience. My biggest takeaways are to collaborate, don’t get stuck trying to find everything, and start by creating a list of "strings to pull on" when first looking at the code in question.
1 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 5 🛡️ Friday’s challenge saw a major flaw in a custom L1 → L2 token & bridge involving hard-coded minting logic and an accounting discrepancy. When a user deposited WETH on L1, the bridge always minted L2_WETH, regardless of the L2 token the user specified. However, the deposits mapping tracked balances using the user-supplied L2 token address, not L2_WETH. This mismatch allowed an attacker to create a spoofed L2 token that passed interface checks and pointed to WETH on L1. They could deposit WETH, receive L2_WETH, then withdraw using their custom token, unlocking their original WETH on L1 while keeping the L2_WETH. Result: infinite free WETH on L2. The second challenge was a timing puzzle on mainnet involving complex state dependencies. I’ll revisit that one later—brain was cooked.
1 reply
0 recast
0 reaction