{"id":22041919,"url":"https://github.com/blocksecteam/blocksec_academy","last_synced_at":"2025-03-23T13:32:56.846Z","repository":{"id":52997337,"uuid":"519081001","full_name":"blocksecteam/blocksec_academy","owner":"blocksecteam","description":null,"archived":false,"fork":false,"pushed_at":"2023-01-20T04:13:57.000Z","size":9558,"stargazers_count":157,"open_issues_count":0,"forks_count":17,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-01-28T19:46:20.851Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blocksecteam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-07-29T04:37:03.000Z","updated_at":"2024-12-30T18:30:51.000Z","dependencies_parsed_at":"2023-02-11T23:45:38.775Z","dependency_job_id":null,"html_url":"https://github.com/blocksecteam/blocksec_academy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blocksecteam%2Fblocksec_academy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blocksecteam%2Fblocksec_academy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blocksecteam%2Fblocksec_academy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blocksecteam%2Fblocksec_academy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blocksecteam","download_url":"https://codeload.github.com/blocksecteam/blocksec_academy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245108348,"owners_count":20562028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-30T12:10:30.194Z","updated_at":"2025-03-23T13:32:56.821Z","avatar_url":"https://github.com/blocksecteam.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# BlockSec Academy\n\n[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/BlockSecTeam.svg?style=social\u0026label=Follow%20%40BlockSecTeam)](https://twitter.com/BlockSecTeam)\n\n## Attack/Vulnerability Analysis on Medium\n\n- [[Dec 15, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract](https://blocksecteam.medium.com/beyond-the-market-risk-a-logic-bug-identified-in-sushiswaps-kashipairmediumriskv1-contract-80ead49d8d6d)\n[[Sushi Swap](https://www.sushi.com/) | *BSC*]\n\n- [[Oct 10, 2022] How we recover the stolen funds for TransitSwap (and BabySwap)](https://blocksecteam.medium.com/how-we-recover-the-stolen-funds-for-transitswap-and-babyswap-2a68c9f4d66f)   \n[[Transit Swap](https://swap.transit.finance/) | *BSC*]\n\n- [[Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project](\nhttps://blocksecteam.medium.com/our-short-analysis-of-the-accusation-of-the-wintermute-project-dbde1ed11ef8)   \n[[wintermute](https://www.wintermute.com/) | *Ethereum*]\n\n- [[Sep 21, 2022] Our short analysis of the Profanity tool vulnerability](https://blocksecteam.medium.com/our-short-analysis-of-the-profanity-tool-vulnerability-9f0477f0c3c0)   \n[*Ethereum*]\n\n- [[Sep 19, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW](https://blocksecteam.medium.com/reveal-the-message-replay-attacks-on-ethereumpow-64e4feee991c)   \n[[EthereumPoW](https://ethereumpow.org/) | *EthereumPoW*]\n\n\n- [[Sep 19, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol](https://blocksecteam.medium.com/a-new-memory-overwrite-vulnerability-discovered-in-wyvern-protocol-5285996c297d)   \n[[OpenSea](https://opensea.io) | *Ethereum*]\n\n\n- [[Aug 5, 2022] How Unchecked Mapping Makes $200M Losses of Nomad Bridge](https://blocksecteam.medium.com/attack-analysis-how-unchecked-mapping-makes-200m-losses-of-nomad-bridge-441336e28924)   \n[[Nomad Bridge](https://app.nomad.xyz//) | *Ethereum*]\n\n- [[Jun 16, 2022] Our Take on the Inverse Finance Security Incident: Price Manipulation Attack](https://medium.com/@blocksecteam/price-oracle-manipulation-attack-on-inverse-finance-a5544218ea91)   \n[[Inverse Finance](http://www.inverse.finance/) | \n*Ethereum* | Oracle vulnerability]\n\n- [[Jun 7, 2022] How a Critical Bug in Solana Network was Detected and Timely Patched](https://medium.com/@blocksecteam/how-a-critical-bug-in-solana-network-was-detected-and-timely-patched-a701870e1324)    \n[[Solana Network](https://solana.com/) | \n*Solana* | CWE-682]\n\n- [[May 31, 2022] How the Mirror Protocol got Exploited](https://medium.com/@blocksecteam/how-the-mirror-protocol-is-exploited-33b5c1d48322)          \n[[Mirror Protocol](https://www.mirror.finance/) | *Ethereum* | Double Claiming Attack]\n\n\n- [[May 18, 2022] The Analysis of FEGtoken Security Incident: Devil’s in the Details](https://medium.com/@blocksecteam/the-analysis-of-fegtoken-security-incident-devils-in-the-details-ea554f52bdcb)   \n[[FEGtoken](https://fegtoken.com/) | *Ethereum* | Access Control, Untrusted External Call]\n\n- [[May 16, 2022] Revisiting the CashioApp Security Incident](https://medium.com/@blocksecteam/revisiting-the-cashioapp-security-incident-61277fd39baa)\n[[CashioApp](https://cashio.app/#/print/) | *Solana* | Access Control]\n\n\n- [[May 6, 2022] How to exploit the same vulnerability of MetaPool in two different ways (Nerve Bridge / Saddle Finance) — What you see is not what you get](https://medium.com/@blocksecteam/how-to-exploit-the-same-vulnerability-of-metapool-in-two-different-ways-nerve-bridge-saddle-774c271c8243)    \n[[MetaPool](https://metapool.app/) | *Near* | Pricing Mechanism]\n\n- [[Apr 23, 2022] How Akutar NFT loses 34M USD](https://medium.com/@blocksecteam/how-akutar-nft-loses-34m-usd-60d6cb053dff)    \n[[Akutar NFT](https://www.aku.world/) | *Ethereum* | DoS Attack]\n\n\n- [[Apr 21, 2022] How to verify a signature in a wrong way — the AssociationNFT case](https://medium.com/@blocksecteam/how-to-verify-a-signature-in-a-wrong-way-the-associationnft-case-5a913e9b8a1d)   \n[[The Association NFT](https://theassociationnft.com/) | *Ethereum* | Double Claiming Attack, Signature Verification]\n\n\n- [[Apr 4, 2022] The Race Against Time and Strategy: About the AnySwap Rescue and Things We Have Learnt](https://medium.com/@blocksecteam/the-race-against-time-and-strategy-about-the-anyswap-rescue-and-things-we-have-learnt-4fe086b186ac)    \n[[Anyswap](https://multichain.org/) | *Fantom* | Access Control]\n\n- [[Mar 31， 2022] Tracing the Stolen Fund of the Ronin Bridge](https://medium.com/@blocksecteam/tracing-the-stolen-fund-of-the-ronin-bridge-6cb0965d913)\n[[Ronin Bridge](https://bridge.roninchain.com/) | *Ronin* | \nPrivate Key Leakage]\n\n- [[Mar 31, 2022] Revest Finance Vulnerabilities: More than Re-entrancy](https://medium.com/@blocksecteam/revest-finance-vulnerabilities-more-than-re-entrancy-1609957b742f)   \n[[Revest Finance](https://revest.finance/) | *Ethereum* |  Reentrancy, Access Control]\n\n- [[Mar 13, 2022] [Not All Tokens Are Good] The quick analysis of the Paraluni attack](https://medium.com/@blocksecteam/not-all-tokens-are-good-the-quick-analysis-of-the-paraluni-attack-fabef25f714c)  \n[[Paraluni](https://twitter.com/paraluni) | *Ethereum* |  Reentrancy, Unchecked Input Token]\n\n- [[Mar 22， 2022] Revisiting the Wormhole Attacks](https://medium.com/@blocksecteam/revisiting-the-wormhole-attacks-b821c3374ea6)\n[[Wormhole Network](https://wormholenetwork.com/) | *Solana* | Access Control]\n\n- [[Mar 21, 2022] LI.FI Attack: a Cross-chain Bridge Vulnerability? No, It’s Due to Unchecked External Call!](https://medium.com/@blocksecteam/li-fi-attack-a-cross-chain-bridge-vulnerability-no-its-due-to-unchecked-external-call-c31e7dadf60f)   \n[[LI.FI](https://li.fi/) | *Ethereum* | Unchecked External Call]\n\n- [[Mar 17, 2022] The short analysis of the flashloan attack to the APE AirDrop](https://medium.com/@blocksecteam/the-short-analysis-of-the-flashloan-attack-to-the-ape-airdrop-490a7d6a1479)    \n[[BAYC](https://boredapeyachtclub.com/#/) | *Ethereum*]\n\n- [[Feb 3, 2022] When “SafeMint” Becomes Unsafe: Lessons from the HypeBears Security Incident](https://medium.com/@blocksecteam/when-safemint-becomes-unsafe-lessons-from-the-hypebears-security-incident-2965209bda2a)    \n[[HyperBears NFT](https://hypebears.io/) | *Ethereum* | Untrusted External Call, Reentrancy]\n\n- [[Jan 28, 2022] When “SafeTransfer” Becomes Unsafe: lessons from the QBridge security incident](https://medium.com/@blocksecteam/when-safetransfer-becomes-unsafe-lesson-from-the-qbridge-security-incident-c32ecd3ce9da)     \n[[Qubit Finance](https://qbt.fi/app) | *Ethereum*]\n\n- [[Jan 16, 2022] How a vulnerability is silently fixed by Coin98](https://medium.com/@blocksecteam/how-a-vulnerability-is-silently-fixed-by-coin98-f910e70398e3)      \n[[Coin98](https://coin98.com/) | *BSC* | Unchecked Input Parameters]\n\n\n- [[Dec 30, 2021] New Integer Overflow Bug Discovered in Solana rBPF](https://medium.com/@blocksecteam/new-integer-overflow-bug-discovered-in-solana-rbpf-7729717159ee)\n[[Solana Network](https://solana.com/) | *Solana* | Interger Overflow]\n\n- [[Nov 18, 2021] The analysis of Nerve Bridge Security Incident](https://medium.com/@blocksecteam/the-analysis-of-nerve-bridge-security-incident-ead361a21025)   \n[[Nerve Network](https://nerve.network/) | *BSC*]\n\n- [[Nov 6, 2021] The Initial Analysis of the bZx Security Incident](https://medium.com/@blocksecteam/the-initial-analysis-of-the-bzx-security-incident-7daf2c6b58f3)  \n[[bZx Protocol](https://bzx.network/) | *Ethereum* | Possible Private Key leakage]\n\n- [[Oct 22, 2021] The analysis of Indexed Finance Security Incident](https://medium.com/@blocksecteam/the-analysis-of-indexed-finance-security-incident-8a62b9799836)  \n[[Indexed Finance](https://indexed.finance/) | *Ethereum* | \nPrice Manipulation]\n\n- [[Oct 10, 2021] [The Butterfly Effect] The Compound Security Incident Caused by a Bugfix](https://medium.com/@blocksecteam/the-butterfly-effect-the-compound-security-incident-caused-by-a-bugfix-8f2052e9a759)   \n[[Compound Finance](https://compound.finance/) | *Ethereum*]\n\n\n- [[Sep 22, 2021] The Real Root Cause of the Vee Finance Security Incident](https://medium.com/@blocksecteam/the-real-root-cause-of-the-vee-finance-security-incident-8ed6562814e5)   \n[[Vee Finance](https://vee.finance/home) | *Ethereum* | Unchecked Input Parameters]\n\n- [[Aug 28, 2021] A short analysis of the wild exploitation of CVE-2021–39137](https://medium.com/@blocksecteam/the-analysis-of-the-wild-exploitation-of-cve-2021-39137-f1c9ffcdd210)    \n[[Ethereum Network](https://ethereum.org/en/) | *Ethereum* | \nCVE-2021–39137]\n\n- [[Aug 15, 2021] The Retrospection of the Poly Network Hack from a Security Researcher perspective](https://medium.com/@blocksecteam/the-retrospection-of-the-poly-network-hack-from-a-security-researcher-perspective-7b9f5c6f06d1)  \n[[Poly Network](https://poly.network/#/)]\n\n- [[Aug 12, 2021] The Further Analysis of the Poly Network Attack](https://medium.com/@blocksecteam/the-further-analysis-of-the-poly-network-attack-6c459199c057)   \n[[Poly Network](https://poly.network/#/)]\n\n- [[Aug 11, 2021] The initial analysis of the PolyNetwork Hack](https://medium.com/@blocksecteam/the-initial-analysis-of-the-polynetwork-hack-270ac6072e2a)   \n[[Poly Network](https://poly.network/#/)]\n\n- [[Aug 9, 2021] The analysis of the Zerogoki attack](https://medium.com/@blocksecteam/the-analysis-of-the-zerogoki-attack-da4e0807b184)    \n[[Zerogoki](https://zerogoki.org) | *Ethereum* | \nPrice Manipulation]\n\n- [[Aug 4, 2021] The Analysis of the Popsicle Finance Security Incident](https://medium.com/@blocksecteam/the-analysis-of-the-popsicle-finance-security-incident-9d9d5a3045c1)\n[[Popsicle Finance](https://popsicle.finance/) | *Ethereum* | Double Claim Attack]\n\n- [[Jul 21, 2021] The Analysis of the Sanshu Inu Security Incident](https://medium.com/@blocksecteam/the-analysis-of-the-sanshu-inu-security-incident-28c0c7c0e783)\n[[Sanshuinu](https://sanshuinu.finance/) | *Ethereum* | \nDeflation Token]\n\n- [[Jul 19, 2021] The Analysis of the Array Finance Security Incident](https://medium.com/@blocksecteam/the-analysis-of-the-array-finance-security-incident-bcab555326c1)\n[Array Finance | *Ethereum* | Price Manipulation]\n\n- [[May 9, 2021] Price manipulation attack in reality (again): RariCapital incident](https://medium.com/@blocksecteam/price-manipulation-attack-in-reality-again-raricapital-incident-8f2047bc3575)\n[[RariCapital](https://app.rari.capital/) | *Ethereum* | \nPrice Manipulation]\n\n- [[Jan 3, 2021] Security incident on Seal Finance](https://medium.com/@blocksecteam/security-incident-on-seal-finance-fa79c27a1c3b)    \n[[Seal Finance](http://seal.finance/) | *Ethereum* | \nReentrancy]\n\n- [[Jan 3, 2021] Deposit Less, Get More: yCREDIT Attack Details](https://medium.com/@blocksecteam/deposit-less-get-more-ycredit-attack-details-f589f71674c3)\n[[YCredit](https://ycredit.tools/) | *Ethereum*]\n\n- [[Dec 18, 2020] Flash Loan Attack on Plouto Vault](https://medium.com/@blocksecteam/flash-loan-attack-on-plouto-vault-197da1531758)  \n[Plouto| *Ethereum*]\n\n- [[Dec 3, 2020] Loopring(LRC) Protocol Incident](https://medium.com/@blocksecteam/loopring-lrc-protocol-incident-66e9470bd51f)    \n[LRC Protocol| *Ethereum* | Price Manipulation]\n\n\n## Secure Contract Development\n### Secure the Solana Ecosystem\n- [[Mar 9, 2022] Secure the Solana Ecosystem (1) — Hello Solana](https://blocksecteam.medium.com/secure-the-solana-ecosystem-1-hello-solana-bb7ecc1e6b21)\n\n- [[Mar 18, 2022] Secure the Solana Ecosystem (2) — Calling Between Programs](https://blocksecteam.medium.com/secure-the-solana-ecosystem-2-calling-between-programs-5fa3d947c4ed)\n\n- [[Mar 27, 2022] Secure the Solana Ecosystem (3) — Program Upgrade](https://blocksecteam.medium.com/secure-the-solana-ecosystem-3-program-upgrade-5590c746016)\n\n- [[Apr 6, 2022] Secure the Solana Ecosystem (4) — Account Validation](https://blocksecteam.medium.com/secure-the-solana-ecosystem-4-account-validation-2e28b062de0b)\n\n- [[Apr 10, 2022] Secure the Solana Ecosystem (5) — Multi-Sig](https://blocksecteam.medium.com/secure-the-solana-ecosystem-5-multi-sig-99b74bbb3bfe)\n\n- [[Apr 24, 2022] Secure the Solana Ecosystem (6) — Multi-Sig2](https://blocksecteam.medium.com/secure-the-solana-ecosystem-6-multi-sig2-ef3e8d6cfe6f)\n\n- [[Apr 29, 2022] Secure the Solana Ecosystem (7) — Type Confusion](https://medium.com/@blocksecteam/secure-the-solana-ecosystem-7-type-confusion-90dbc19cd0cb)\n\n### Rust\n- [[Oct 12, 2021] Rust智能合约养成日记（1）合约状态数据定义与方法实现](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484442\u0026idx=1\u0026sn=45940463885e133e05a74228a45c4be3\u0026scene=21#wechat_redirect)\n\n- [[Oct 17, 2021] Rust智能合约养成日记（2）编写Rust智能合约单元测试](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484468\u0026idx=1\u0026sn=fcbe194fb8824fd35243dc90002b227a\u0026scene=21#wechat_redirect)\n\n- [[Oct 24, 2021] Rust智能合约养成日记 （3）Rust智能合约部署，函数调用及Explorer的使用](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484488\u0026idx=1\u0026sn=bad2ebad4f412166e1ccadd9d3adcb68\u0026scene=21#wechat_redirect)\n\n- [[Oct 31, 2021] Rust智能合约养成日记（4）Rust 智能合约整数溢出](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484508\u0026idx=1\u0026sn=07c79e70e726e7f64e45cf9751f84575\u0026chksm=c0a850f5f7dfd9e3934eec7692e2e44dfbd319435aee6e405eeda82a3b80361248279095c706\u0026scene=21#wechat_redirect)\n\n- [[Nov 12, 2021] Rust 智能合约养成日记（5）合约安全之重入攻击](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484515\u0026idx=1\u0026sn=f726c77d6ac4441ff5a82aaa8f639da7\u0026chksm=c0a850caf7dfd9dc6b7de5f5f9b509b78918ed1546800c65ea15b347f18f3c5556f6ec831f4e\u0026scene=21#wechat_redirect)\n\n- [[Nov 23, 2021] Rust 智能合约养成日记（6）拒绝服务攻击](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484541\u0026idx=1\u0026sn=47fef1a045b741490ce41a339aef994e\u0026chksm=c0a850d4f7dfd9c2a830fa467e4b5ce5b4e9c20d906de49b0f35cdc9e57594df4cd5a3885dee\u0026scene=21#wechat_redirect)\n\n- [[Dec 9, 2021] Rust 智能合约养成日记（7）合约安全之计算精度](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484549\u0026idx=1\u0026sn=2d93b38d50a40e636d05c237ade28476\u0026chksm=c0a8502cf7dfd93a02a4b8365c27c7e855286a14314690247fcd8b5ea286aa72454c17489f2d\u0026scene=21#wechat_redirect)\n\n- [[Jan 13, 2022] Rust 智能合约养成日记（8）合约安全之权限控制](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484607\u0026idx=1\u0026sn=1313f2b8e36f2e0c4b6c2672ce3cd00a\u0026chksm=c0a85016f7dfd900761d09fb67be2b058319444be29c9fd8b465daa6b7910c908a953c65f578\u0026scene=21#wechat_redirect)\n\n- [[Feb 25, 2022] Rust 智能合约养成日记（9）合约升级](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484676\u0026idx=1\u0026sn=8e5048dcbfd29e53c6622c4bbfaf5a70\u0026chksm=c0a851adf7dfd8bba97f0b4fac8b066ed27daa8388e7865f7e728ec607cf718d63d5ee2ba07a\u0026scene=21#wechat_redirect)\n\n- [[Mar 25, 2022] Rust 智能合约养成日记（10-1）Spuntnik DAO](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484722\u0026idx=1\u0026sn=fa26ec7d847a6b2a07d4de0f514772be\u0026scene=21#wechat_redirect)\n\n- [[Apr 1, 2022] Rust 智能合约养成日记（10-2）Sputnik DAO::Factory合约解读](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484763\u0026idx=1\u0026sn=a94b36f736ce77852968fcd0c9704165\u0026scene=21#wechat_redirect)\n\n- [[Apr 24, 2022] Rust 智能合约养成日记（10-3）Sputnik DAO::提案介绍](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484836\u0026idx=1\u0026sn=fa60fd3617336f187f344ffe8e10e670\u0026chksm=c0a8510df7dfd81b67914044dbdf9dd6fb6a9f1d07cdc5f0d64c76cfa2de2c997fab87038ea9\u0026token=1019309428\u0026lang=zh_CN#rd)\n\n### Move\n- [[Nov 7, 2022] Security Practices in Move Development (1): Hello World](https://blocksecteam.medium.com/security-practices-in-move-development-1-hello-world-42d0e44f3725)\n\n- [[Nov 21, 2022] Security Practices in Move Development (2): Aptos Coin](https://blocksecteam.medium.com/security-practices-in-move-development-2-aptos-coin-abe7ab7509fb)\n\n\n\n### NFT\n- [[Aug 5, 2022] Secure Smart Contract Development — Code Reentrancy in NFT Contracts](https://medium.com/@blocksecteam/secure-smart-contract-development-code-reentrancy-in-nft-contracts-fa6799a3966c)\n\n- [[Aug 12, 2022] Secure Smart Contract Development (2) — How to Use Digital Signature and Use It Right in NFT (Markets)](https://medium.com/@blocksecteam/secure-smart-contract-development-2-how-to-use-digital-signature-and-use-it-right-in-nft-cc7ed246c009)\n\n\n## Misc\n### AML\n- [[Sept 13, 2021] 暴露出来的只是冰山一角：深度挖掘Colonial Pipeline事件背后隐藏的故事](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484265\u0026idx=1\u0026sn=03c4f5f3e25678abf2fe64d2575733fb\u0026chksm=c0a857c0f7dfded6460dd0d8fd6e242ffe5a3b414ade80db04f8958d1a658ee9a401deb5be54\u0026token=1019309428\u0026lang=zh_CN#rd)\n\n- [[Oct 02, 2021][BlockSec AML研究分析之二] Colonial Pipeline事件分析展示界面](https://mp.weixin.qq.com/s?__biz=MzkwMjIwMjgyMg==\u0026mid=2247484406\u0026idx=1\u0026sn=3b2e9bf6985b9fb5032d529904bb0335\u0026chksm=c0a8575ff7dfde492c39ba9575a686fa615f0e1b6ba5006d0d94082dbc12712646402305565d\u0026token=1019309428\u0026lang=zh_CN#rd)\n\n### Others\n\n- [[Dec 15, 2022] Getting Started with Phalcon 2.0](https://blocksecteam.medium.com/getting-started-with-phalcon-2-0-253da584ca91)\n\n- [[Dec 15, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract](https://blocksecteam.medium.com/beyond-the-market-risk-a-logic-bug-identified-in-sushiswaps-kashipairmediumriskv1-contract-80ead49d8d6d)\n\n- [[Dec 1, 2022] BlockSec and Tokenlon Reached Strategy Partnership](https://blocksecteam.medium.com/blocksec-and-tokenlon-reached-strategy-partnership-2d488b6a12e3)\n\n- [[Nov 18, 2022] Getting Started With MetaDock](https://blocksecteam.medium.com/getting-started-with-metadock-5e3b3aeb64d4)\n\n- [[Nov 1, 2022] Rustle: the First Automatic Auditor for NEAR Community](https://blocksecteam.medium.com/rustle-the-first-automatic-auditor-for-near-community-9256bdeb7e1c)\n\n- [[Oct 10, 2022] How we recover the stolen funds for TransitSwap (and BabySwap)](https://medium.com/@blocksecteam/how-we-recover-the-stolen-funds-for-transitswap-and-babyswap-2a68c9f4d66f)\n\n- [[Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project](https://medium.com/@blocksecteam/our-short-analysis-of-the-accusation-of-the-wintermute-project-dbde1ed11ef8)\n\n- [[Sep 21, 2022] Our short analysis of the Profanity tool vulnerability](https://medium.com/@blocksecteam/our-short-analysis-of-the-profanity-tool-vulnerability-9f0477f0c3c0)\n[[Profanity tool](https://github.com/johguse/profanity)]\n\n- [[Sep 20, 2022] The Two Sides of the Private Tx Service (on Binance Smart Chain)](https://blocksecteam.medium.com/the-two-sides-of-the-private-tx-service-on-binance-smart-chain-a76917c3ce51)\n\n- [[Sep 18, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW]( https://medium.com/@blocksecteam/reveal-the-message-replay-attacks-on-ethereumpow-64e4feee991c)\n\n- [[Sep 8, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol](https://medium.com/@blocksecteam/a-new-memory-overwrite-vulnerability-discovered-in-wyvern-protocol-5285996c297d)\n\n- [[Aug 24, 2022] BlockSec and GoPlus Reached Strategy Partnership to Explore the Field of “Web 3.0 Security”](https://medium.com/@blocksecteam/blocksec-and-goplus-reached-strategy-partnership-to-explore-the-field-of-web-3-0-security-ffa63fb9590)\n\n- [[Mar 7, 2022] How to Make the BlockChain Attack “Blockable”](https://medium.com/@blocksecteam/how-to-make-the-blockchain-attack-blockable-1c741aea64c3)\n\n- [[Aug 17, 2021] Tradeoff Between Convenience and Security: Unlimited Approval in ERC20](https://medium.com/@blocksecteam/unlimited-approval-in-erc20-convenience-or-security-1c8dce421ed7)\n\n\n# Twitter\n\n- [[Jan 18, 2023] UpSwing Finance attack](https://twitter.com/BlockSecTeam/status/1615521051487932418)\n[[UpSwing Finance](https://twitter.com/UpswingFinance) | *Ethereum* | Design flaw of the $UPStkn token ]\n\n- [[Jan 17, 2023] Reply to Forta](https://twitter.com/BlockSecTeam/status/1615373777533308929)\n\n- [[Jan 17, 2023] Omniestategroup attack](https://twitter.com/BlockSecTeam/status/1615232012834705408)\n[[Omniestategroup](https://www.omni-psi.com/intro-page) | *BSC* | Insufficient check of the arguments ]\n\n- [[Jan 17, 2023] Voltage Finance Exploiter activity](https://twitter.com/BlockSecTeam/status/1615203339930832897)\n\n- [[Jan 17, 2023] Phalcon Update: Simulator on mobile](https://twitter.com/BlockSecTeam/status/1615021788655943680)\n\n- [[Jan 16, 2023] MidasCapitalXYZ attack](https://twitter.com/BlockSecTeam/status/1614864084956254209)\n[[MidasCapital](https://midascapital.xyz/) | *BSC* | Unexcepted external call ]\n\n- [[Jan 12, 2023] Maybe a Rugpull of 2M BUSD on Avalanche](https://twitter.com/BlockSecTeam/status/1613518029840683013)\n\n- [[Jan 12, 2023] UF Dao of XDAO attack](https://twitter.com/BlockSecTeam/status/1613507804412940289)\n[[XDAO](https://www.xdao.app/) | *BSC* | Incorrect parameter setting ]\n\n- [[Jan 12, 2023] Maybe a Rugpull of 2M BUSD related to a SwapHelper contract](https://twitter.com/BlockSecTeam/status/1613492776712249344)\n\n- [[Jan 12, 2023] ThreeBodyOF attack](https://twitter.com/BlockSecTeam/status/1613430775789289478)\n[[ThreeBody](https://twitter.com/ThreeBodyOF) | *BSC* | Use of the rebasing token ]\n\n- [[Jan 12, 2023] RoeFinance attack](https://twitter.com/BlockSecTeam/status/1613267000913960976)\n[[Roe Finance](https://www.roe.finance/) | *Ethereum* | Limited liquidity of the pool ]\n\n- [[Jan 11, 2023] Suspicious activities duting BRA attack](https://twitter.com/BlockSecTeam/status/1613139824227291138)\n\n- [[Jan 10, 2023] Phalcon supports Arbitrum](https://twitter.com/BlockSecTeam/status/1612821280268451841)\n\n- [[Jan 10, 2023] $BRA attack](https://twitter.com/BlockSecTeam/status/1612701106982862849)\n[[$BRA](https://bscscan.com/address/0x449fea37d339a11efe1b181e5d5462464bba3752) | *BSC* | Logic Flaw ]\n\n- [[Jan 10, 2023] MetaDock recommendation on CryptoSlate](https://twitter.com/BlockSecTeam/status/1612606245218979840)\n\n- [[Jan 9, 2023] Reply to KeyStone](https://twitter.com/BlockSecTeam/status/1612388204648493057)\n\n- [[Jan 7, 2023] Reply to Lossless](https://twitter.com/BlockSecTeam/status/1611416763669020673)\n\n- [[Jan 7, 2023] Agree with @pcaversaccio about zero allowance](https://twitter.com/BlockSecTeam/status/1611405528969936896)\n\n- [[Jan 5, 2023] Phalcon biggest update yet: Source code view and fund flow chart](https://twitter.com/BlockSecTeam/status/1611016320874852354)\n\n- [[Jan 4, 2023] Getting started with Phalcon 2.0](https://twitter.com/BlockSecTeam/status/1611360090258538497)\n\n- [[Jan 4, 2023] Rustle got Honorable Mentions in the NEAR Hackathon](https://twitter.com/BlockSecTeam/status/1610633786194288644)\n\n- [[Jan 4, 2023] $FUT rugged 2M+](https://twitter.com/BlockSecTeam/status/1610605662500974595)\n\n- [[Jan 4, 2023] 0 value transfer phishing moves to Polygon](https://twitter.com/BlockSecTeam/status/1610589402798891008)\n\n- [[Jan 4, 2023] Recommend MetaDock](https://twitter.com/BlockSecTeam/status/1610571036570914817)\n\n- [[Jan 4, 2023] Phishing campaign towards TrustPad](https://twitter.com/BlockSecTeam/status/1610309720278958080)\n\n- [[Jan 3, 2023] Thanks Adrian Hetman](https://twitter.com/BlockSecTeam/status/1610267076534599681)\n\n- [[Jan 3, 2023] Phalcon update notice](https://twitter.com/BlockSecTeam/status/1610235548983263233)\n\n- [[Jan 3, 2023] Gas-token scam alert](https://twitter.com/BlockSecTeam/status/1610232910539378690)\n\n- [[Jan 3, 2023] $GDS attack](https://twitter.com/BlockSecTeam/status/1610167174978760704)\n[[$GDS](https://twitter.com/GDS_chain) | *BSC* | LP Mining mechanism vulnerability ]\n\n- [[Dec 29, 2022] MetaDock's privacy policy](https://twitter.com/BlockSecTeam/status/1608443114884333574)\n\n- [[Dec 29, 2022] Jay attack](https://twitter.com/BlockSecTeam/status/1608372475225866240)\n[[JAY](https://app.jaypeggers.com/sellNFTs) | *Ethereum* | Contract-level reentrancy ]\n\n- [[Dec 28, 2022] MetaDock daily efficiency tip](https://twitter.com/BlockSecTeam/status/1608128497851207680)\n\n- [[Dec 27, 2022] MetaDock daily efficiency tip](https://twitter.com/BlockSecTeam/status/1607758288850161670)\n\n- [[Dec 25, 2022] CryptoRubic attack](https://twitter.com/BlockSecTeam/status/1606993118901198849)\n[[Rubic exchange](https://rubic.exchange/) | *Ethereum* | Arbitrary function call ]\n\n- [[Dec 25, 2022] New Phishing scam using a fake MetaMask](https://twitter.com/BlockSecTeam/status/1606969617947451393)\n\n- [[Dec 24, 2022] Recommend MetaDock to users](https://twitter.com/BlockSecTeam/status/1606629267676495874)\n\n- [[Dec 19, 2022] Open source phishing urls](https://twitter.com/BlockSecTeam/status/1605883653208391680)\n\n- [[Dec 19, 2022] MetaDock update: integrates Deth.net](https://twitter.com/BlockSecTeam/status/1604718627172732929)\n\n- [[Dec 18, 2022] Recommend MetaDock to users](https://twitter.com/BlockSecTeam/status/1604481080966275077)\n\n- [[Dec 16, 2022] Recommend MetaDock to users](https://twitter.com/BlockSecTeam/status/1603729596381216768)\n\n- [[Dec 16, 2022] Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract](https://twitter.com/BlockSecTeam/status/1603633067876155393)\n\n- [[Dec 16, 2022] Reply to MetaDock about CashioApp Exploiter](https://twitter.com/BlockSecTeam/status/1603590101425983489)\n\n- [[Dec 15, 2022] 0 value phishing](https://twitter.com/BlockSecTeam/status/1603414327972667392)\n\n- [[Dec 14, 2022] NimbusPlatform attack](https://twitter.com/BlockSecTeam/status/1602877048124735489)\n[[NimbusPlatform](https://nimbusplatform.io/) | *BSC* | Price Manipulation]\n\n- [[Dec 13, 2022] ElasticSwap attack](https://twitter.com/BlockSecTeam/status/1602517243598114816)\n[[ElasticSwap](https://twitter.com/ElasticSwap) | *Ethereum* | Mix/misuse of two accounting systems]\n\n- [[Dec 12, 2022] Talk about MEV bot](https://twitter.com/BlockSecTeam/status/1602666756253925378)\n\n- [[Dec 13, 2022] $BGLD attack](https://twitter.com/BlockSecTeam/status/1602335214356660225)\n[[$BGLD](https://bscscan.com/address/0xc2319e87280c64e2557a51cb324713dd8d1410a3) | *BSC* | Charge an extra fee on transferring]\n\n- [[Dec 12, 2022] Open source MetaDock](https://twitter.com/BlockSecTeam/status/1602296025661640705)\n\n- [[Dec 12, 2022] Phishing website alert](https://twitter.com/BlockSecTeam/status/1602203688012943360)\n\n- [[Dec 10, 2022] Phishing scam website alert](https://twitter.com/BlockSecTeam/status/1601594772380037120)\n\n- [[Dec 10, 2022] Recommend Mopsus based on Pocket Universe's thread](https://twitter.com/BlockSecTeam/status/1601279629373112321)\n\n- [[Dec 7, 2022] MetaDock update: shortcuts, productive widgets, Open-source notice](https://twitter.com/BlockSecTeam/status/1600482845470097409)\n\n- [[Dec 7, 2022] BNB-AES pool attack](https://twitter.com/BlockSecTeam/status/1600442137811689473)\n[[BNB-AES pool](https://bscscan.com/tx/0xca4d0d24aa448329b7d4eb81be653224a59e7b081fc7a1c9aad59c5a38d0ae19) | *BSC* | Deflation token]\n\n- [[Dec 7, 2022] BNB-AES pool attack](https://twitter.com/BlockSecTeam/status/1600432715399983107)\n\n- [[Dec 6, 2022] Phalcon update: horizontal scroll bar, bug fixed](https://twitter.com/BlockSecTeam/status/1600060225943269377)\n\n- [[Dec 6, 2022] Let ChatGPT expain pseudorandom number generation vulnerability](https://twitter.com/BlockSecTeam/status/1600029061920657409)\n\n- [[Dec 6, 2022] RoastFootball attack](https://twitter.com/BlockSecTeam/status/1599991294947778560)\n[[Roast Football](https://twitter.com/RoastFootball) | *BSC* | Weak pseudorandom number generation vulnerability]\n\n- [[Dec 5, 2022] FTX whitehat/heist activity](https://twitter.com/BlockSecTeam/status/1599604070398193664)\n\n- [[Dec 2, 2022] Attacker's activity during Ankr exploit](https://twitter.com/BlockSecTeam/status/1598681204882300929)\n\n- [[Dec 2, 2022] Phalcon update: addresses highlighting, custom ABI parsing, custom label](https://twitter.com/BlockSecTeam/status/1598667524258004992)\n\n- [[Dec 2, 2022] Ankr exploite incident](https://twitter.com/BlockSecTeam/status/1598514978428157954)\n\n- [[Dec 2, 2022] Profit calculation of an Attacker related to Ankr exploit](https://twitter.com/BlockSecTeam/status/1598625878455373824)\n\n- [[Dec 2, 2022] Ariva Coin rugpull or private key compromised](https://twitter.com/BlockSecTeam/status/1598621473115377666)\n[[Ariva Digital](https://ariva.digital/) | *BSC* | Rug pull or Private Key Compromised]\n\n- [[Dec 2, 2022] Ankr private key compromised](https://twitter.com/BlockSecTeam/status/1598504838949900289)\n[[Ankr](https://www.ankr.com/) | *BSC* | Private Key Compromised]\n\n- [[Dec 1, 2022] Contract hacked by price manipulation](https://twitter.com/BlockSecTeam/status/1598262002010378241)\n[[Contract](https://bscscan.com/address/0x0fd03ca89545c2ca342c8b9785c2383b8b8eabc5) | *BSC* | Price Manipulation]\n\n- [[Dec 1, 2022] Reach a strategic partnership with TokenLon](https://twitter.com/BlockSecTeam/status/1598157438166786048)\n\n- [[Nov 30, 2022] $OCASH scam](https://twitter.com/BlockSecTeam/status/1597943125099438080)\n\n- [[Nov 30, 2022] Fake phishing on rarible](https://twitter.com/BlockSecTeam/status/1597867409095806976)\n[[Rarible](https://rarible.com/) | *Ethereum* | exploiting the unlimited approval issue]\n\n- [[Nov 27, 2022] Reply to @ballsyalchemist](https://twitter.com/BlockSecTeam/status/1596713324204675072)\n\n- [[Nov 26, 2022] Boshen's Wallet investigation, abuse MEV](https://twitter.com/BlockSecTeam/status/1596513467141591042)\n\n- [[Nov 26, 2022] Reply to bertcmiller about MEV](https://twitter.com/BlockSecTeam/status/1595712830338048001)\n\n- [[Nov 24, 2022] MetaDock updated: integrates Tenderly, Transaction Viewer, DeBank, Dedaub](https://twitter.com/BlockSecTeam/status/1595704166860861441)\n\n- [[Nov 23, 2022] NUM attack](https://twitter.com/BlockSecTeam/status/1595346020237352960)\n[[Numbers Protocol](https://www.numbersprotocol.io/) | *Ethereum* | incompatible with the Multichain Router]\n\n- [[Nov 23, 2022] NUM attack](https://twitter.com/BlockSecTeam/status/1595308075690340352)\n[[Numbers Protocol](https://www.numbersprotocol.io/) | *Ethereum* | fake Multichain transfer]\n\n- [[Nov 23, 2022] Boshen asset tracking](https://twitter.com/BlockSecTeam/status/1595262314600886274)\n[[Boshen](https://twitter.com/boshen1011/status/1595239850596306944) | *Ethereum*]\n\n- [[Nov 22, 2022] MetaDock updated: smoother on BTC.com](https://twitter.com/BlockSecTeam/status/1595019201588367361)\n\n- [[Nov 22, 2022] Profanity vulnerability](https://twitter.com/BlockSecTeam/status/1594969078367936512)\n\n- [[Nov 22, 2022] AAVE is fine](https://twitter.com/BlockSecTeam/status/1594931190997610496)\n\n- [[Nov 21, 2022] FTX accounts drainer activity](https://twitter.com/BlockSecTeam/status/1594627046935871493)\n\n- [[Nov 21, 2022] Security Practices in Move Development (2): Aptos Coin](https://twitter.com/BlockSecTeam/status/1594584270362021888)\n\n- [[Nov 21, 2022] FTX whitehat created a multisig wallet](https://twitter.com/BlockSecTeam/status/1594528398348816384)\n\n- [[Nov 19, 2022] Glad to help manifoldfinance](https://twitter.com/BlockSecTeam/status/1593636758167560192)\n\n- [[Nov 18, 2022] Reply to amber's Security Researcher](https://twitter.com/BlockSecTeam/status/1593477080582262785)\n\n- [[Nov 18, 2022] MetaDock: a chrome extension aims to imporove the usability of blockchain explorers](https://twitter.com/BlockSecTeam/status/1593473535833350146)\n\n- [[Nov 17, 2022] ConvexFinance was not hacked](https://twitter.com/BlockSecTeam/status/1593093458994286592)\n\n- [[Nov 16, 2022] DFX Finance vulnerability](https://twitter.com/BlockSecTeam/status/1592734292727455744)\n[Sheep_Farm22 | *BSC* | incorrect implementation of register function]\n\n- [[Nov 14, 2022] Phalcon updates, faster and API](https://twitter.com/BlockSecTeam/status/1592177763536211970)\n\n- [[Nov 12, 2022] FTX heist](https://twitter.com/BlockSecTeam/status/1591455813897707520)\n\n- [[Nov 11, 2022] DFX Finance vulnerability](https://twitter.com/BlockSecTeam/status/1590962548593283072)\n[[DFX Finance](https://dfx.finance/) | *Ethereum* | deposits vulnerability]\n\n- [[Nov 11, 2022] DFX Finance attacker on the move](https://twitter.com/BlockSecTeam/status/1590960299246780417)\n\n- [[Nov 7, 2022] Security Practices in Move Development (1): Hello World](https://twitter.com/BlockSecTeam/status/1589567009347760128)\n\n- [[Nov 3, 2022] FMoney Finance Rescue](https://twitter.com/BlockSecTeam/status/1587998109648683010)\n[[FMoney Finance](https://fmoney.finance/) | *Ethereum*]\n\n- [[Nov 3, 2022] Skyward Finance Attack](https://twitter.com/BlockSecTeam/status/1587998109648683010)\n[[Skyward Finance](https://app.skyward.finance/) | *NEAR* | 'redeem_skyward' vulnerability]\n\n- [[Nov 1, 2022] Rustle: the first automatic auditor for NEAR community](https://twitter.com/BlockSecTeam/status/1587439644081545216)\n\n- [[Oct 30, 2022] Phalcon's simulation on Ethdev contract](https://twitter.com/BlockSecTeam/status/1587120755015581701)[[ETHDev contract](0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae) | *Ethereum*]\n\n- [[Oct 30, 2022] DAppNode profanity rescue](https://twitter.com/BlockSecTeam/status/1586671125735825408)\n[[DAppNode](https://dappnode.com/) | *Ethereum* | the profanity vulnerability]\n\n- [[Oct 28, 2022] Mopsus: industry-leading transaction pre-execution service](https://twitter.com/BlockSecTeam/status/1586024551036596226)\n\n- [[Oct 28, 2022] friesDAO profanity rescue](https://twitter.com/BlockSecTeam/status/1585863541571014657)\n[[friesDAO](https://fries.fund/) | *Ethereum* | the profanity vulnerability]\n\n- [[Oct 28, 2022] V8Token attack](https://twitter.com/BlockSecTeam/status/1585824018925355008)\n[V8Token | *BSC* | 'updateUserBalance' logic vulnerability]\n\n- [[Oct 27, 2022] Collaborate with losslessdefi](https://twitter.com/BlockSecTeam/status/1585642914864300033)\n[[Losslessdefi](https://twitter.com/losslessdefi)]\n\n- [[Oct 27, 2022] Team Finance](https://twitter.com/BlockSecTeam/status/1585587617063895041)\n[[Team Finance](https://www.team.finance/) | *Ethereum* | Fake token]\n\n- [[Oct 27, 2022] UVT attack](https://twitter.com/BlockSecTeam/status/1585580096026734592)\n[[UVToken](https://www.uvtoken.com/) | *BSC* | Lack of sanity check]\n\n- [[Oct 27, 2022] VTF attack](https://twitter.com/BlockSecTeam/status/1585575129936977920)\n[VTF token | *BSC* | 'updateUserBalance' logic vulnerability]\n\n- [[Oct 26, 2022] n00dleSwap attack](https://twitter.com/BlockSecTeam/status/1584959295829180416)\n[n00dleSwap | *Ethereum* | ERC777-based reentrncy]\n\n- [[Oct 25, 2022] ULME attack](https://twitter.com/BlockSecTeam/status/1584839309781135361)\n[ULME | *BSC* | Indirect price manipulation attack caused by unrestricted access control]\n\n- [[Oct 20, 2022] Health attack](https://twitter.com/BlockSecTeam/status/1583073442433495040)\n[Health | *BSC* | Price Manipulation]\n\n- [[Oct 19, 2022] MEV bot was attacked](https://twitter.com/BlockSecTeam/status/1582715252428660736)\n\n- [[Oct 18, 2022] BitKeepOS contract was hacked](https://twitter.com/BlockSecTeam/status/1582261040334901249)\n[[Bitkeep](https://t.co/RoXJg4fuDf) | *BSC* | Looks like its function allows the attacker to execute an arbitrary call]\n\n- [[Oct 17, 2022] Phalcon Update: Transaction Simulation supports BSC](https://twitter.com/BlockSecTeam/status/1581964129056628740)\n\n- [[Oct 14, 2022] Phalcon Update: Simulate a transaction](https://twitter.com/BlockSecTeam/status/1580937962652475396)\n\n- [[Oct 14, 2022] MEV bot was exploited](https://twitter.com/BlockSecTeam/status/1580779311862190080)\n\n- [[Oct 13, 2022] Profanity Rescue](https://twitter.com/BlockSecTeam/status/1580558111844155392)\n\n- [[Oct 12, 2022] ATK attacfk](https://twitter.com/BlockSecTeam/status/1580095325200474112)\n[ATK | *BSC* ]\n\n- [[Oct 12, 2022] Carrot attack](https://twitter.com/BlockSecTeam/status/1579908411235237888)\n[Carrot | *BSC* | Public FunctionCall]\n\n- [[Oct 11, 2022] TempleDao attack](https://twitter.com/BlockSecTeam/status/1579843881893769222)\n[[TempleDao](https://templedao.link/) | *Ethereum* | Insufficient Access Control]\n\n- [[Oct 11, 2022] QANplatform deployer address is vulnerable](https://twitter.com/BlockSecTeam/status/1579781207503802369)\n\n- [[Oct 11, 2022] Indexed Finance Exploiter's address is vulnerable](https://twitter.com/BlockSecTeam/status/1579776638380048385)\n\n- [[Oct 11, 2022] Profanity vulnerability](https://twitter.com/BlockSecTeam/status/1579769525247279104)\n\n- [[Oct 10, 2022] Phalcon supports Avalanche C-Chain](https://twitter.com/BlockSecTeam/status/1579448545706651648)\n\n- [[Oct 9, 2022] Phalcon Dark Mode Launched](https://twitter.com/BlockSecTeam/status/1579088375969378307)\n\n- [[Oct 7, 2022] Binance Cross-chain Bridge Attack](https://twitter.com/BlockSecTeam/status/1578290988959035395)\n\n- [[Oct 6, 2022] RES Attack Analysis](https://twitter.com/BlockSecTeam/status/1578041521273962496)\n[RES token | *BSC* | Price Manipulation]\n\n- [[Oct 4, 2022] Whitehat rescue of vulnerable addresses generated by the vanity tool](https://twitter.com/BlockSecTeam/status/1577146334863560705)\n\n- [[Oct 2, 2022] BabySwap Attack Analysis](https://twitter.com/BlockSecTeam/status/1576441612812836865)\n[[BabySwap](https://home.babyswap.finance/) | *BSC* ]\n\n- [[Oct 2, 2022] Transit Swap Attack Analysis](https://twitter.com/BlockSecTeam/status/1576428812514250753)\n[[Transit Swap](https://www.transit.finance/) | *BSC* | Unlimited Approval]\n\n- [[Sep 29, 2022] Announcement of Phalcon Launch](https://twitter.com/BlockSecTeam/status/1575485620578709505)\n\n- [[Sep 27, 2022] Our short analysis of the Accusation of the Wintermute Project](https://twitter.com/BlockSecTeam/status/1574738202744655872)\n\n- [[Sep 23, 2022] RADT-DAO Attacl Analysis](https://twitter.com/BlockSecTeam/status/1573252869322846209) \n[RADT-DAO | *BSC* | Price Manipulation]\n\n- [[Sep 21, 2022] Our short analysis of the Profanity tool vulnerability](https://twitter.com/BlockSecTeam/status/1572614722029260804)\n\n- [[Sep 20, 2022] The Two Sides of the Private Tx Service (on Binance Smart Chai)](https://twitter.com/BlockSecTeam/status/1572241994155720705)\n\n- [[Sep 20, 2022] Wintermute Attack Analysis](https://twitter.com/BlockSecTeam/status/1572158675606982656)\n[[Wintermute](https://www.wintermute.com/) | *Ethereum* | Leaked Private Key]\n\n- [[Sep 18, 2022] Reveal the “Message’’ Replay Attacks on EthereumPoW](https://twitter.com/BlockSecTeam/status/1571433997460459521)\n\n- [[Sep 16, 2022] BlockSec Academy | About 61.8% (67.1K / 108.5K) of the #NFT projects are suffering from the holder pooling risk](https://twitter.com/BlockSecTeam/status/1570609612768026624)\n\n- [[Sep 14, 2022] BlockSec Academy | NFT Assets Off-Chain Risk](https://twitter.com/BlockSecTeam/status/1569946202573254656)\n\n- [[Sep 9, 2022] DeFi Alert](https://twitter.com/BlockSecTeam/status/1567928377432051713)\n[0xEd850799CF22b66cb4911539425f8A41423D0933 | *BSC*]\n\n- [[Sep 9, 2022] NFT Security Report 2022 ](https://twitter.com/BlockSecTeam/status/1567918184619032576)\n\n- [[Sep 8, 2022] A new memory overwrite vulnerability discovered in Wyvern Protocol](https://twitter.com/BlockSecTeam/status/1567843681008492544)\n\n- [[Sep 8, 2022] $ROI(Ragnarok Online Invasion) Attack Analysis](https://twitter.com/BlockSecTeam/status/1567746825616236544)\n[Ragnarok Online Invasion | *BSC* | Access Control Vulnerability]\n\n- [[Sep 8, 2022] No-Open Source Contract Attack](https://twitter.com/BlockSecTeam/status/1567706201277988866)\n[0x8b068e22e9a4a9bca3c321e0ec428abf32691d1e | *BSC*]\n\n- [[Sep 6, 2022] DeFi Alert](https://twitter.com/BlockSecTeam/status/1567027459207606273)\n\n- [[Sep 5, 2022] DeFi Alert](https://twitter.com/BlockSecTeam/status/1566606770650300416)\n[0xea41bbd80ac69807289d0c4f6582ab73e96834d0 | *BSC* | Price Manipulation]\n\n- [[Aug 31, 2022] No-Open Source Contract Attack](https://twitter.com/BlockSecTeam/status/1564890919023034369)  \n[0x40c994299fb4449ddf471d0634738ea79c734919 | *BSC* | Logic Vulnerability]\n\n- [[Aug 24, 2022] KaoyaSwap Attack Analysis](https://twitter.com/BlockSecTeam/status/1562286943957708800)   \n[KaoyaSwap | *BSC* | Logic Vulnerability]\n\n- [[Aug 17, 2022] Where is the $190M? --An Initial Analysis of the Nomad Bridge Attack Lost Funds](https://twitter.com/BlockSecTeam/status/1559785673770487809)\n[[Nomad Bridge](https://www.nomad.xyz/) | *Ethereum* | Logic Vulnerability]\n\n- [[Aug 16, 2022] Do not directly sell NFT airdrop after ETH merge](https://twitter.com/BlockSecTeam/status/1559485426104418304)\n\n- [[Aug 12, 2022] Secure Smart Contract Development (2) — How to Use Digital Signature and Use It Right in NFT (Markets) ](https://twitter.com/BlockSecTeam/status/1557981700218847232)\n\n- [[Aug 10, 2022] ANCH Attack](https://twitter.com/BlockSecTeam/status/1557207585375531009)\n[ANCHStake Protocol | *BSC* | Logic Vulnerability]\n\n- [[Aug 10, 2022] XSTABLE.PROTOCOL Attack](https://twitter.com/BlockSecTeam/status/1557195012042936320)\n[XSTABLE.PROTOCOL | *BSC* | Logic Vulnerability]\n\n- [[Aug 8, 2022] EGD_Finance Attack](https://twitter.com/BlockSecTeam/status/1556496717843148801)\n[EGD_Finance | *BSC* | Price Manipulation]\n\n- [[Aug 4, 2022] Freedom Protocol Rug\u0026Pull](https://twitter.com/BlockSecTeam/status/1555116309955850241)\n[[Freedom Protocol](https://www.freedomprot.com/) | *BSC* | Rug]\n\n- [[Aug 2, 2022] Nomad Bridge Exploit](https://twitter.com/BlockSecTeam/status/1554390772585500674)\n[[Nomad Bridge](https://www.nomad.xyz/) | *Ethereum* | Logic Vulnerability]\n\n- [[Jul 14, 2022] SpaceGodzilla Attack](https://twitter.com/BlockSecTeam/status/1547456591900749824)    \n[[SpaceGodzilla NFT](https://twitter.com/SpaceGodzilla_c) | \n*Ethereum* | Price Manipulation]\n\n- [[Jul 13, 2022] Wash trading to arbitrage on LooksRare](https://twitter.com/BlockSecTeam/status/1547220280061607936)  \n[[LooksRare](https://looksrare.org/) | *Ethereum* | Wash trading]\n\n- [[Jul 10, 2022] ParallelFi Attack](https://twitter.com/BlockSecTeam/status/1546141457933025280)      \n[[Parallel Finance](https://parallel.fi/) | *Ethereum* | \nReentrancy]\n\n- [[Jul 1, 2022] How to sell an NFT to a buyer with a high price without the buyer's consent](https://twitter.com/BlockSecTeam/status/1542846129456709633)     \n[[Quixotic](https://quixotic.io/) | *Ethereum* | Access Control, Signature Verification]\n\n- [[Jun 26, 2022] XCarnival_Lab Attack](https://twitter.com/BlockSecTeam/status/1541070850505723905)   \n[[XCarnival_Lab](https://xcarnival.fi) | *Ethereum* | Access Control]\n\n- [[Jun 2, 2022] CoFiXProtocol Exploit](https://twitter.com/BlockSecTeam/status/1532059317616058368)    \n[[CoFiX Protocol](https://cofix.tech/) | *Ethereum* | Access Control]\n\n- [[May 26, 2022] How is a honeypot contract trapped by an MEV bot](https://twitter.com/BlockSecTeam/status/1529832324774625281)   \n[Honeypot]\n\n- [[May 24, 2022] Hackerdao Attack](https://twitter.com/BlockSecTeam/status/1529084919976034304)    \n[[Hackerdao](https://www.hackerdao.xyz/) | *BSC*]\n\n- [[May 21, 2022] bDollarFi Attack](https://twitter.com/BlockSecTeam/status/1527882159528083456)   \n[[bDollar Finance](https://twitter.com/bdollar_fi) | *BSC* | Price Manipulation]\n\n- [[May 9, 2022] Fortress Protocol Attack](https://twitter.com/BlockSecTeam/status/1523530484877209600)    \n[[Fortress Protocol](https://fortress.loans/) | *BSC* | Price Oracle Manipulation]\n\n- [[Apr 27, 2022] BnBBrokers Attack](https://twitter.com/BlockSecTeam/status/1519249933832171520)    \n[[BnBBrokers](https://bnbbrokers.app/) | *BSC* | Reentrancy]\n\n- [[Apr 23, 2022] AkuDreams Exploit](https://twitter.com/BlockSecTeam/status/1517740643325714432)    \n[[Akutars](https://www.aku.world/) | *Ethereum*]\n\n- [[Apr 21, 2022] Zeed Protocol Exploit](https://twitter.com/BlockSecTeam/status/1517052623354232832)    \n[[Zeed Protocol](https://twitter.com/zeedcommunity) | *BSC* |\nReward Distribution Vulnerability]\n\n- [[Apr 18, 2022] BeanstalkFarms Attack](https://twitter.com/BlockSecTeam/status/1515732238612430849)   \n[[Beanstalk Farms](https://twitter.com/BeanstalkFarms) | \n*Ethereum*]\n\n- [[Apr 13, 2022] ElephantStatus Attack](https://twitter.com/BlockSecTeam/status/1513966074357698563)   \n[[Elephant Money](https://linktr.ee/elephant_money) | *BSC* | Price Manipulaiton, Reentrancy]\n\n- [[Apr 10, 2022] Gym Network Attack](https://twitter.com/BlockSecTeam/status/1512832398643265537)   \n[[Gym Network](https://gymnetwork.io/) | *BSC* | Price Manipulaiton]\n\n- [[Apr 2, 2022] Inverse Finance Attack](https://twitter.com/BlockSecTeam/status/1510271190749032453)   \n[[Inverse Finance](https://www.inverse.finance/) | \n*Ethereum* | Price Manipulaiton]\n\n- [[Mar 31, 2022] Ola Finance Attack](https://twitter.com/BlockSecTeam/status/1509466576848064512)    \n[[Ola Finance](https://ola.finance/) | *Ethereum* | Reentrancy]\n\n- [[Mar 27, 2022] Classic Single-contract Re-entrancy Attack](https://twitter.com/BlockSecTeam/status/1508065573250678793)\n[[Rena](https://rena.finance/) | *Ethereum* | Reentrancy]\n\n- [[Mar 24, 2022] CashioApp Attack](https://twitter.com/BlockSecTeam/status/1506664679200149506)  \n[[Cashio App](https://cashio.app/) | *Solana* | Access Control]\n\n- [[Mar 20, 2022] Scam token BmDoge](https://twitter.com/BlockSecTeam/status/1505550140299685889)   \n[[BmDoge](https://bscscan.com/address/0x0be34a21d808161bcb84f4afba708560ab6c316b) | *BSC* | Backdoor Function]\n\n- [[Mar 15, 2022] Agave Lending Attack](https://twitter.com/BlockSecTeam/status/1503754973867569155)    \n[[Agave Fiannce](https://agave.finance/) | *Gnosis Chain* | Untrusted external call]\n\n- [[Mar 15, 2022] Deus Finance Exploit](https://twitter.com/BlockSecTeam/status/1503638069240827910)   \n[[Deus Finance](https://deus.finance/) | *Fantom* | Price Manipulation]\n\n- [[Mar 9, 2022] PXPNFTsGame Attack](https://twitter.com/BlockSecTeam/status/1501474711599198211)    \n[[PiratexPirate](https://piratexpirate.io/) | *Ethereum* | Private Key Leakage]\n\n- [[Mar 4, 2022] The rough analysis on the BTC donation to Ukraine](https://twitter.com/BlockSecTeam/status/1499757354115809288)\n\n- [[Mar 3, 2022] How to shop free for NFT](https://twitter.com/BlockSecTeam/status/1499321063372898304)\n\n- [[Jan 18, 2022] Crosswise Finance Attack](https://twitter.com/BlockSecTeam/status/1483335951833518082)   \n[[Crosswise Finance](https://crosswise.finance/) | *Ethereum* | Access Control]\n\n- [[Dec 30, 2021] SashimiSwap Attack](https://twitter.com/BlockSecTeam/status/1476516736422019082)   \n[[SashimiSwap](https://sashimiswap.org/) | *Ethereum*]\n\n- [[Nov 30, 2021] MonoXFinance Attack](https://twitter.com/BlockSecTeam/status/1465690478414761992)    \n[[MonoX Finance](https://monox.finance/home) | *Ethereum*]\n\n- [[Nov 21, 2021] FormationFi Attack](https://twitter.com/BlockSecTeam/status/1462216654570463238)    \n[[Formation Finance](https://twitter.com/VisorFinance) | *Ethereum*]\n\n- [[Oct 28, 2021] CreamFinance Attack](https://twitter.com/BlockSecTeam/status/1453393444047441923)    \n[[Cream Finance](https://cream.finance/) | *BSC* | Oracle Vulnerability]\n\n- [[Sep 15, 2021] NowSwap Attack](https://twitter.com/BlockSecTeam/status/1438100688215560192)    \n[[NowSwap Protocol](http://nowswap.org/) | *Ethereum* | Semantic Inconsistenty]\n\n- [[Sep 14, 2021] KlondikeFinance Attack](https://twitter.com/BlockSecTeam/status/1437704673385857026)   \n[[Klondike Finance](http://klondike.finance/) | *Ethereum*]\n\n- [[Sep 3, 2021] Siren Protocol Attack](https://twitter.com/BlockSecTeam/status/1433682132090568705)    \n[[Siren Protocol](https://siren.xyz/) | *Ethereum* | Reentrancy]\n\n- [[Aug 17, 2021] XSURGEDEFI Attack](https://twitter.com/BlockSecTeam/status/1427482803134894080)\n[[Xsurge](https://xsurge.net/) | *Ethereum* | Reentrancy, Price Manipulation]\n\n\n\n# Media Coverage\n\n- [[Jan 14, 2023] 디파이, NFT 온체인 리스크 쉽게 확인하기 ](https://contents.premium.naver.com/professorjo/research/contents/230114125451591td)\n\n- [[Jan 12, 2023] First Mover Asia: The Next Avraham Eisenberg Isn’t Going to Be a ChatGPT-Powered ‘Script Kiddie’](https://www.coindesk.com/markets/2023/01/12/first-mover-asia-the-next-avraham-eisenberg-isnt-going-to-be-a-chatgpt-powered-script-kiddie/)\n\n- [[Jan 9, 2023] Introducing MetaDock: A secure and efficient trove of Web3 tools and resources](https://cryptoslate.com/press-releases/introducing-metadock-a-secure-and-efficient-trove-of-web3-tools-and-resources/)\n\n- [[Dec 6, 2022] Minted: How the DeFi Wallet NFT Marketplace Works in Detail](https://crypto.com/university/minted-defi-wallet-nft-marketplace)\n\n- [[Dec 5, 2022] Attackers Net $20M through Ankr and Helio exploits](https://www.moneycontrol.com/news/business/cryptocurrency/top-cryptocurrency-news-on-december-5-front-running-scams-to-increase-by-500-defi-protocols-suffer-a-20-million-hack-coinbase-apple-at-loggerheads-and-more-9649111.html)\n\n- [[Dec 3, 2022] Hack Saldırısı Bu Altcoin’i Yerle Bir Etti: Fiyat Sıfıra Gidiyor!](https://tr.tradingview.com/news/cointurk:e965d877b:0/)\n\n- [[Dec 2, 2022] Attackers pocket $20 million in exploits on Ankr and Helio](https://coinmarketcap.com/headlines/news/attacker-pockets-20-million-in-exploits-on-ankr-and-helio/)\n\n- [[Dec 2, 2022] Hackers get away with $20 million in twin attacks on Ankr and Helio](https://invezz.com/news/2022/12/02/hackers-get-away-with-20-million-in-twin-attacks-on-ankr-and-helio/)\n\n- [[Dec 2, 2022] Binance pausa saques em meio a hack ao protocolo Ankr](https://www.criptofacil.com/binance-pausa-saques-em-meio-a-hack-ao-protocolo-ankr/)\n\n- [[Nov 11, 2022] DeFi Platform DFX Finance Says it Has Been Hacked for $7.5M](https://blockchain.news/news/defi-platform-dfx-finance-says-it-has-been-hacked-for-$7.5m)\n\n- [[Nov 11, 2022] Polychain-backed DFX Finance hacked for $7.5 million](https://www.theblock.co/post/185796/polychain-dfx-finance-hacked)\n\n- [[Nov 9, 2022] Desenvolvimento Seguro de Contratos Inteligentes (1) - Reentrância de Código em Contratos NFT](https://www.web3dev.com.br/panegali/desenvolvimento-seguro-de-contratos-inteligentes-1-reentrancia-de-codigo-em-contratos-nft-5a59)\n\n- [[Nov 7, 2022] Skyward Finance Reportedly Suffers $3M Exploit on Near Protocol](https://coinculture.com/au/business/skyward-finance-reportedly-suffers-3m-exploit-on-near-protocol/)\n\n- [[Nov 4, 2022] Crypto : Les escrocs du Merge d'Ethereum (ETH)](https://www.cointribune.com/crypto-les-escrocs-du-merge-dethereum-eth/)\n\n- [[Nov 4, 2022] Skyward Finance Suffers $3M Lost From Finance Attack](https://blog.mexc.com/skyward-finance-suffers-3m-lost-from-financial-attack/)\n\n- [[Nov 4, 2022] Developers of pNetwork bridge drain $4.3 million from PancakeSwap in ‘white hat’ attack](https://coinmarketcal.com/en/news/developers-of-pnetwork-bridge-drain-4-3-million-from-pancakeswap-in-white-hat-attack)\n\n- [[Nov 4, 2022] Developers of pNetwork bridge drain $4.3 million from PancakeSwap in 'white hat' attack](https://www.theblock.co/post/182969/developers-of-pnetwork-bridge-drain-4-3-million-from-pancakeswap-in-white-hat-attack)\n\n- [[Nov 3, 2022] Hacker Steals $3 Million Worth of Tokens From Skyward Finance](https://vpnoverview.com/news/hacker-steals-3-million-worth-of-tokens-from-skyward-finance/)\n\n- [[Nov 3, 2022] Skyward Finance Allegedly Suffers $3M Loss in Exploit](https://www.coinspeaker.com/skyward-finance-3m-loss-exploit/)\n\n- [[Oct 31, 2022] BlockSec Debunks Rumours of $532M Smart Contract Hack](https://crypto.news/blocksec-debunks-rumours-of-532m-smart-contract-hack/)\n\n- [[Oct 30, 2022] Hackers nab $14.5M from DeFi platform Team Finance](https://www.scmagazine.com/brief/breach/hackers-nab-14-5m-from-defi-platform-team-finance)\n\n- [[Oct 27, 2022] DeFi platform robbed of nearly $15 million in hack](https://therecord.media/defi-platform-robbed-of-nearly-15-million-in-hack/)\n\n- [[Oct 18, 2022] New Community-Based Security Mechanism Launched By BNB Chain To Protect Users](https://www.blockchain-council.org/news/new-community-based-security-mechanism-launched-by-bnb-chain-to-protect-users/)\n\n- [[Oct 17, 2022] TempleDAO Hacked Funds Deposited to Tornado Cash](https://blockworks.co/news/templedao-hacked-funds-deposited-to-tornado-cash)\n\n- [[Oct 16, 2022] Wintermute repays $92M TrueFi loan on time despite suffering $160M hack](https://cointelegraph.com/news/wintermute-repays-92m-truefi-loan-on-time-despite-suffering-160m-hack)\n\n- [[Oct 13, 2022] Someone abused FTX’s withdrawal fee subsidy to mint $70,000 of XEN](https://www.theblock.co/post/176923/someone-abused-ftxs-withdrawal-fee-subsidy-to-mint-70000-of-xen)\n\n- [[OCt 7, 2022] A $568 Million Hack of Binance Coin Roils Crypto Sector Anew](https://www.bloomberg.com/news/articles/2022-10-06/bnb-chain-says-bsc-temporarily-paused-on-irregular-activity)\n\n- [[Sep 19, 2022] BlockSec detects replay exploit with ETHPoW tokens](https://www.theblock.co/post/170953/blocksec-detects-replay-exploit-with-ethpow-tokens)\n\n- [[JULY 10, 2022] Hacker drains $1.4 million worth of ETH from NFT lender Omni](https://www.theblock.co/post/156800/hacker-drains-1-4-million-worth-of-eth-from-nft-lender-omni)\n\n- [[JUN 17, 2022] Inverse Finance exploited again for $1.2M in flash loan oracle attack](https://cointelegraph.com/news/inverse-finance-exploited-again-for-1-2m-in-flashloan-oracle-attack)\n\n- [[MAY 13, 2022] How to protect yourself from the recent spate of ‘crypto muggings’](https://cointelegraph.com/news/how-to-protect-yourself-from-the-recent-spate-of-crypto-muggings)\n\n- [[May 3, 2022] Spate of Exploits Snares Rari Capital and Saddle Finance for $90M Escalation of Malicious Attacks Shows No Sign of Abating](https://finance.yahoo.com/news/spate-exploits-snares-rari-capital-091600216.html)\n\n- [[May 1, 2022] Fei Protocol Offers $10M Bounty After $80M Rari Capital Exploit](https://decrypt.co/99103/fei-protocol-offers-10m-bounty-after-80m-rari-capital-exploit)\n\n- [[APR 22, 2022] Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct](https://cointelegraph.com/news/hacker-bungles-defi-exploit-leaves-stolen-1m-in-contract-set-to-self-destruct)\n\n- [[APR 22, 2022] Finance Redefined: Hacker bungles DeFi exploit, dYdx's decentralization goals, and more](https://cointelegraph.com/news/finance-redefined-hacker-bungles-defi-exploit-dydx-s-decentralization-goals-and-more)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblocksecteam%2Fblocksec_academy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblocksecteam%2Fblocksec_academy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblocksecteam%2Fblocksec_academy/lists"}