BlockThreat - Week 42, 2020

A relatively quiet week with news of arrests and fines popping up from law enforcement agencies from across the world. IOHK published a very interesting whitepaper on 51% attacks, future SushiSwap clones have an interesting backdoor to exploit, brainwallets are still a really bad idea, politicians are stealing government’s electricity to mine crypto and other news in this week’s edition.

News

• OKEx founder, Xu Mingxing, arrested in China. The exchange has suspended withdrawals citing the need for the key held by Xu.
• FinCEN fined Larry Dean Harmon $60M for running coin-mixing services Helix and Coin Ninja. A separate investigation is running in parallel on charges of conspiracy to launder money and operating an unlicensed money transmitter.
• Several prefectures in Japan received bomb threats demanding 40BTC to avoid the disaster. The incident is similar to the series of bomb threats demanding Bitcoin sent to various government agencies in 2018.

Vulnerabilities

• A reward manipulation vulnerability in SushiSwap’s MasterChef contract was disclosed by Dracula Protocol. The vulnerability can only be exploited by the smart contract owner at the time of the deployment.
• Binance Android Wallet was vulnerable to accessibility services misuse which could be used by malware to steal users’ funds. Gustuff and other malware families use Accessibility Services to target crypto wallets.

Research

• ECIP Comparison for 51% Attack Resistance whitepaper by IOHK analyzes pros and cons of various 51% attack mitigations including checkpointing, timestamping, RSK, Veriblock, PirlGuard, and MESS. The latter mitigation was recently deployed in ETC to combat three back-to-back attacks.
• Ethereum’s Dark Forest is worth cultivating invites everyone to embrace adversarial nature of decentralized systems rather than trying to avoid it.
• An interesting bug in Solidity compiler reported by Certora which results in garbage data being written into persistent storage.
• Call me Ishmael is a fun exercise by BitMEX Research to see just how quickly bots will steal brainwallets on Bitcoin network.
• Uniswap Swindle - Scammer Speaks Out is an interview with a fake ICO scammer.

Competitions

• Ethereum Classic Labs is hosting Chasing the Ghost: Network Security Hackathon which challenges players to develop system to combat 51% attacks.
• 2nd Solidity Underhanded Contest end of October deadline is approaching.

Fun

• Cryptography vs. Big Brother: How Math Became a Weapon Against Tyranny is part two of a four-part documentary series by ReasonTV on the cypherpunk movement.

Cheers!

-Peter