BlockThreat - Week 12, 2021
ElasticDAO | Vesper Finance | BT Finance | PancakeSwap | Immunefi
Multiple projects fixed critical vulnerabilities after getting responsible disclosures from Sam, Dedaub team, and others. In many cases these disclosures were facilitated using Immunefi which provides an excellent service to the community by connecting security researchers and various smart contract projects. It was an otherwise quiet week so we can finally enjoy a few fun research papers from Vitalik, Jimmy Song, and others.
News
- Immunefi launched a whitehat scholarship program to help sponsor up and coming security researchers.
Crime
- Chinese authorities arrested a SIM swapping ring targeting exchange users.
Vulnerabilities
- ElasticDAO fixed an infinite minting vulnerability after it was reported by samczsun and Tina Zhen. About $4.4M worth of ETH and EGT tokens were saved as a result of the responsible disclosure. Additional vulnerability details are available here.
- Dedaub reported yield skimming vulnerabilities in Vesper Finance and BT Finance DeFi apps.
- PancakeSwap patched a vulnerability in its lottery contract after it was responsibly disclosed through Immunefi.
Malware
- Black Kingdom ransomware targets unpatched exchange servers.
Research
- The Most Important Scarce Resource is Legitimacy by Vitalik Buterin
- Debunking the Empty Block Attack by Jimmy Song
- ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning.
- Aggregatable Distributed Key Generation.
Tools
- Conkas is a modular static analysis tool for Ethereum Virtual Machine (EVM) based on symbolic execution.
Thanks for joining me in this week’s edition and see you all next week!
- Peter Kacherginsky (iphelix)