Audit-365 is a challenge for me where I will be posting educational content related to Smart contract auditing and web3 security throughout the 365 days of the year starting from 1st January, 2023 to 31st December, 2023. It will be full of actual content without any fillers.
So, Basically ‘Audit-365’ challenge is divided into 2 parts,
I will be sharing daily tweets, twitter threads or post related to Smart contract auditing and web3 security. I will explain audit reports in easy to understand way. Also some tips and tricks on how to approach auditing and finding cool bugs.
Daily posts which will include:
- Smart contract audit findings from different Auditing Firms like:
- And many more.
- Tips/ Tricks on how to find these bugs.
Every week I will post eductional content related to web3 security and smart contract auditing. Also, I will share some amazing videos, articles and tweets that you might have missed out!
Why Subscribe?
There are tons of resources out there, most of them are just junk information. I will filter them all and share only good quality resources without any fillers. Weekly newsletter that will include:
- Weekly Compiled list of explained audit findings. (from Daily Swig)
- Resources related to web3 security like videos, articles, etc.
- Interesting Tweets/ posts.
- Some hacking tips, tools, research papers or career advice.
-
Audit-365 Daily Swig:
- 🔗LinkedIn: https://www.linkedin.com/in/sm4rty/
- 🐤Twitter: https://twitter.com/Sm4rty_
-
Audit-365 Weekly Roundup
Ⓜ️ Medium: https://medium.com/@sm4rty- 📚Substack: https://sm4rty.substack.com/
Day | Findings | Severity | Category | Thread Links |
---|---|---|---|---|
01 | User's Orders can be canceled by anyone and their ETH can be stolen | High | Audit Findings | Link |
02 | Double transfer in the transferAndCall function. |
High | Audit Findings | Link |
03 | Unchecked Return Value from "ecrecover" | Critical | BugFix Reports | Link |
04 | EIP-712 signatures can be re-used | Medium | Audit Findings | Link |
05 | Use safeCast for changing types | Medium | Audit Findings | Link |
06 | BLOCK_PERIOD IS INCORRECT | Medium | Audit Findings | Link |
07 | Insufficient validation of Chainlink Oracle data feed | Medium | Audit Findings | Link |
08 | 88mph Function Initialization Bug (Reward $42,069) | Critical | BugFix Report | Link |
09 | 700+ Smart contract Bugs, $1 Million Bug Payout, Trust’s Interview, and more | - | Weekly Newsletter | Link |
10 | Sandwich attack due to hardcoded slippage | High | Audit Findings | Link |
11 | Initialize function can be invoked multiple times. | Medium | Audit Findings | Link |
12 | A Typo leading to locking of Funds | High | Audit Findings | Link |
13 | Centralisation RIsk: Owner Of RoyaltyVault Can Take All Funds | High | Audit Findings | Link |
14 | Call Return is executed before 'require' check. | High | Audit Findings | Link |
15 | Reentrancy Vulnerability due to violation of the CEI Pattern. | Critical | Real-life Exploits | Link |
16 | Zero-Knowledge: A-Z, Web3 Security Tools Lists, Bug Bounty, Defcon CTF, etc | - | Weekly Newsletter | Link |
17 | Lack of access control in the parameterize function of proposal contracts | Medium | Audit Findings | Link |
18 | Reentrancy Guard Lacking in mint function. | Medium | Audit Findings | Link |
19 | Lender can change NFT valuation oracle without borrower permission | High | Audit Findings | Link |
20 | Incorrect airdrop calculation | Critical | Real-life Exploits | Link |
21 | Tokens with more than 18 decimal points will cause issues | Medium | Audit Findings | Link |
22 | Cannot unpause exchange | Medium | Audit Findings | Link |
23 | Zcash Hash Collision, Reversing The EVM, Ice Phishing Attacks and many more. | - | Weekly Newsletter | Link |
24 | Usage of deprecated ChainLink API | Medium | Audit Findings | Link |
25 | Lack of Access control over burn function | Critical | Real-life Exploits | Link |
26 | Bad Source of Randomness | Critical | Real-life Exploits | Link |
27 | Arbitrary Token Burn | High | Audit Findings | Link |
28 | Users can get unlimited Votes | High | Audit Findings | Link |
29 | Incorrect number of seconds in ONE_YEAR variable | Medium | Audit Findings | Link |
30 | Unnecessary precision loss in _recipientBalance() | Medium | Audit Findings | Link |
31 | Reward Manager of the Convex Base Reward Pool Can DoS processYield() | Medium | Audit Findings | Link |
32 | Low-level transfer via call() can fail silently | Medium | Audit Findings | Link |