Aug 4Analysis of large-scale theft of SolanaBackground overview On August 3, 2022, A large-scale incident of currency theft occurred on Solana, and a large number of users transferred SOL and SPL tokens without their knowledge. …Solana Network3 min read
Jul 20Analysis of Premint Malicious Code InjectionAccording to the SlowMist intelligence zone, Premint was attacked by hackers on July 17th. We immediately started our investigation and alerted the community via twitter.Nft5 min read
Jul 19Analysis of the Uniswap Phishing attackYou may be wondering why the Uniswap was in quotes, because this wasn’t an attack on Uniswap, it was more of an attack on the Uniswap liquidity provider. Here’s what happened: According to Harry.eth on twitter, tens of thousands of addresses received malicious tokens pretending to be from Uniswap. They…Uniswap3 min read
Jul 19Intro to Smart Contract Security Audits | RandomnessIn the last article, we learned about the characteristics of the ‘delegatecall’ function and how it’s properly used. In this article, we’ll help you understand another function of smart contracts that’s commonly used — Randomness. Background Randomness is often seen used in the development of smart contracts. For example, we…Smart Contracts6 min read
Jul 12Can a project have access to a user’s NFT after mint ?Background The Saudis, a popular NFT project, started a freemint campaign on July 10, 2022 where whitelisted users can mint their NFTs for free. A user identified as RIGHTBLOCK dumped a substantial quantity of NFT into the market shortly after the mint event concluded. Swift action was taken by the…Nft4 min read
Jul 4Intro to Smart Contract Security Audits | Delegatecall (2)Background In our previous post, “Insert previous article,” we learnt about the common vulnerability known as the DelegateCall function. To further our understanding of the delegate call function, we will be expanding on what we learned in the previous article. Introduction to DelegateCall Check out our precious article. Vulnerability example …Smart Contracts4 min read
Jul 2MistTrack Updates (June)Hi, there! We made some upgrades and added some new features in June. June 16th updates 1/ We launched the OpenAPI module, making it more convenient for developers to analyze addresses. Users can create three Keys, and each Key can be called 10,000 times per day.Blockchain2 min read
Jun 28XCarnival NFT lending protocol vulnerability analysisAccording to SlowMist, on June 27, 2022, hackers exploited a critical flaw in the XCarnival project and made off with 3,087 ETH (about $3.8 million). XCarnival is a decentralized NFT lending platform that was built on the Ethereum network. The team working on the project has been made aware of…Nft4 min read
Jun 23An in-depth look into the infrastructure supporting the “fake wallet” phishing industryStorytime User A received a text message from their exchange asking them to download the latest wallet. This prompted him to search for “xx wallet official”, and clicking the first link displayed. They then proceeded to download the application, create a wallet, and transfer some funds over to the newly…Crypto6 min read
Jun 22MetaMask Demonic Vulnerability AnalysisOn June 15, 2022, MetaMask announced the white hat hackers from Halborn have discovered a security vulnerability codename “Demonic”. The vulnerability is known to affect only versions before 10.11.3. Given MetaMask’s popularity and the prevalence of derivatives that utilize it as a wallet’s foundation, MetaMask rewarded the team a prize…Metamask4 min read