Content pfp
Content
@
https://warpcast.com/~/channel/eth-security
0 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 1 🛡️ This week starts with several security exercises. Intentionally buggy contracts to get into auditing headspace. Today’s challenge was a Layer0 implementation which had several bugs around mis handled fees calculations, hard coded variables, and faulty access controls.
1 reply
0 recast
1 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 2 🛡️ We had two fun challenges today that required some onchain sleuthing. First we needed to recovery some tokens from an account that “lost” its PK but had used EIP-7702 and delegated to a multi call contract. Second we had to recover some tokens from a vulnerable treasury contract using signature malleability.
1 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 3🛡️ Quiz 1 was one of those where I sniffed out the vulnerable code but struggled making a PoC. The struggle was well worth it as I now have a very clever vulnerability in the memory bank 🏦 Quiz 2 included a lending protocol that had insurance to socialize bad debt. This mechanism could be gamed because it did not ensure the debt was still bad when it repaid the lending protocol.
1 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 4🛡️ Devtooligan (legend) gave us a hands-on bug hunt in a Uniswap V2 integration. It swapped tokens, then added liquidity, but did so inefficiently and left tokens stuck in the contract. We also got a 🔥 video from Dev about their own fellowship experience. My biggest takeaways are to collaborate, don’t get stuck trying to find everything, and start by creating a list of "strings to pull on" when first looking at the code in question.
1 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Day 5 🛡️ Friday’s challenge saw a major flaw in a custom L1 → L2 token & bridge involving hard-coded minting logic and an accounting discrepancy. When a user deposited WETH on L1, the bridge always minted L2_WETH, regardless of the L2 token the user specified. However, the deposits mapping tracked balances using the user-supplied L2 token address, not L2_WETH. This mismatch allowed an attacker to create a spoofed L2 token that passed interface checks and pointed to WETH on L1. They could deposit WETH, receive L2_WETH, then withdraw using their custom token, unlocking their original WETH on L1 while keeping the L2_WETH. Result: infinite free WETH on L2. The second challenge was a timing puzzle on mainnet involving complex state dependencies. I’ll revisit that one later—brain was cooked.
1 reply
0 recast
0 reaction
Phunko pfp
Phunko
@funkornaut
Electi Security Fellowship Week 1 Wrap Up 🛡️ Week 1 was super fun. The challenges were really good, and I'm starting to recognize new vulnerable patterns to look out for. I'll never forget that you can change the return value of a view function midway through calls—that challenge on Wednesday really stuck with me. It was interesting that two of the challenges involved bridging vulnerabilities. I'm excited to get into the actual auditing next week. We found out we'll be auditing Centrifuge, focusing on their ERC-7540 vaults. Incredibly stoked to work on this—Centrifuge has a great reputation in the space, and I've been wanting to dive deeper into more RWA protocols.
0 reply
0 recast
0 reaction