gives a very special demo-driven walkthrough using formal verification tooling on the solidity stack.
Lots of tips here -- put on your security researcher hats and enjoy!
Shout out to @yAcademyDAO which was basically the start of my practical web3 security journey together with code4rena. Learned a ton, did my first audits and reports, met smart and cool people - 10/10 experience
(linked below)
Proxies are hard to do right as they are very error-prone. Let’s not forget, badly used proxy patterns paid $10M as a bounty to a researcher earlier this year.
demos his recently released txn explorer ~ for which there are no docs, this vid is the docs lol.
Plus a demo and a call for beta-testers for his new vscode extension, that's you anon
We're going to approach rolling out previous videos on YT slowly, as we get used to it. We take privacy seriously and want to ensure everyone remains comfortable participating in the block.
@samczsun was kind enough to demo this to our Block IV participants! We've uploaded it onto our Youtube channel here: https://youtube.com/watch?v=HXgu239mPBc…
In the beginning, he also demos his eth txn viewer and contrasts it vs existing options. The vscode ext is ~18 mins in. Enjoy!
Proxies are full of benefits — but their security issues are equally legendary. Even the largest bug bounty ($10 mil) was a proxy issue.
Want $10 mil anon? We compiled all proxy issues in one place:
Even the origin story of the delegatecall opcode started with a bug.
The original callcode opcode didn't use msg.sender or msg.value from the caller contract context. EIP-7 added delegatecall to fix that.
https://github.com/ethereum/EIPs/blob/master/EIPS/eip-7.md…
Proxies are useful, but are full of footguns.
Do you know all the proxy types? Or all the proxy security issues? We have a site for you: https://proxies.yacademy.dev
The warm-up week of our 4th fellowship program is underway, starting with some quizzes to get fellows hot n' ready for the first audit next week
Should we open-source everything at the end of the block? quizzes, talks, audit reports, write ups of high severity bugs?
#YABlock4
I'm amazed at the overall talent which applied to this block. It was already hard for us to select candidates for last block — this one was next level.
For whoever didn't make it: It's been agonizing to send the last of the rejection emails. You can rejoice in that.
If you didn't make this block -- keep building, and keep being awesome! We recognize you, appreciate your effort, and encourage you to try again for next block!
If you didn't make this block -- keep building, and keep being awesome! We recognize you, appreciate your effort, and encourage you to try again for next block!
If you didn't make it to this block, please don't be discouraged.
💪 Strive on - keep coding, building, reviewing, and we highly encourage you to apply again in the next fellowship (aiming for Q1 2023).
Fellowship Block applications are now closed! Thank you to all that applied 🙏
You can still apply, but will be placed for next block.
*We are still working through our fellowship pipeline. All applicants will receive an acceptance decision email by Nov 16th at the latest.
Thank you to everyone who applied. The decision will be emailed to everyone in ~1 week. The fellowship block starts shortly after on the 14th.
Please be patient 🙂
Announcing yAcademy's Fellowship Block IV
Mark your calendars: Nov. 14 - Dec. 16
Applications open! https://yacademy.dev/fellowship-program/…
Interested in learning web3 security? More details:
Announcing yAcademy's Fellowship Block IV
Mark your calendars: Nov. 14 - Dec. 16
Applications open! https://yacademy.dev/fellowship-program/…
Interested in learning web3 security? More details:
For Guest Auditors:
If you're an experienced Security Researcher looking to:
- interact with a set of intellectually-curious fellows & other auditors
- help secure our ecosystem via education
- have fun, participate in the block, hang out :)
Please don't hesitate to contact us!
For Projects:
There is an additional incentive for getting your contracts reviewed during the block: more eyes on the code 👀
Our regular Resident Auditors review your code, alongside an excellent set of Fellows - actively learning by scrutinizing, discussing, and debugging.
For Fellows:
Each block runs for 4 weeks (+1 warmup week) where Fellows will have a chance to review real-world contracts with support and mentorship from experienced Security Researchers.
...You will need to pass the interview though - no exceptions 😈
🛡️ Announcing yAcademy's Fellowship Block IV 🛡️
Mark your calendars: Nov. 14 - Dec. 16
Applications open! https://yacademy.dev/fellowship-program/…
Interested in learning web3 security? More details:👇
1) Finally meeting @yAcademyDAO teammates - in the flesh.
Meeting security-ace @bl4ckb1rd71 for the first time - suddenly, a of emotions, as I could put a face to someone I had been virtually task-slogging with for close to a year.
cc: @usmannk twitter.com/thraull/status…
Introducing Bunni, a protocol that makes Uniswap v3 liquidity composable.
Bunni uses fungible ERC-20 tokens to represent LP positions instead of NFTs, which makes it far easier to integrate Uniswap liquidity in other apps.
https://bunni.pro
https://reports.yacademy.dev is live with our audit reports! It'll be quicker to navigate between reports and search for keywords (via header 🔍 search bar)
If you prefer to skip etherscan, use `cast code` to download the bytecode for any contract and use one of the many bytecode-to-opcode disassemblers to view the opcodes.