solidity-underhanded-contest
monorepo
| solidity-underhanded-contest | monorepo | |
|---|---|---|
| 4 | 3 | |
| 153 | 113 | |
| 4.6% | 0.9% | |
| 0.0 | 0.0 | |
| almost 2 years ago | 9 months ago | |
| Solidity | Solidity | |
| GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
solidity-underhanded-contest
-
Nomad drained of $150m due to a coding mistake
if you enjoy obfuscated c, we have this https://underhanded.soliditylang.org/
-
"For the past two weeks, I've been targeted in an extremely thorough social engineering scam that nearly cost me all of my ETH. I'm super lucky to have made it through unscathed. Here's the story"
Even then, I wouldn't trust an automated system. Even expert humans can be stumped if you really work at it.
-
The Underhanded C Contest
There have been a couple of underhanded solidity contests (smart contracts on ETH), inspired by this.
https://underhanded.soliditylang.org/
Nice to people constantly putting the code examples to good use in real projects.
-
27th International Obfuscated C Code Contest winners published
It's great that this contest has been running for so long and still produces interesting new approaches, but I wish there were more work being done in the field of underhanded code contests, e.g. [0].
One area of technology that seems to have continued the work of discovering underhanded techniques is the realm of cryptocurrency, specifically the "Solidity Underhanded Contest". The results for 2020 are here[1], which links to (spoiler alert) a great trick on line 65 here[2] (select the line character by character with a mouse to reveal it).
[0] https://en.wikipedia.org/wiki/Underhanded_C_Contest
[1] https://blog.soliditylang.org/2020/12/03/solidity-underhande...
[2] https://github.com/ethereum/solidity-underhanded-contest/blo...
monorepo
-
Nomad drained of $150m due to a coding mistake
> tl;dr a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all
From this explainer:
> It’s [Nomad is] built to address security first The Nomad team has been building secure bridges as a team for 4+ years and has studied the pitfalls of multi-sig and validator-based bridges.
https://medium.com/imperator-guide/nomad-a-cross-chain-inter...
Assuming this is true, and assuming the team is not incompetent or composed of the typical grifters, perhaps it's time to draw the inevitable conclusion. No amount of experience is sufficient to safeguard an Ethereum protocol of any interesting complexity.
It's a reasonable question to ask, WTF is Nomad for? After all, isn't Ethereum supposed to be the World Computer, Turing complete and ready for any task? Nope. Never was.
I think a good chunk of the answer can be found on the home page:
> Nomad reduces gas fees by a factor of 10x relative to traditional header relay systems, while remaining decentralized.
https://www.nomad.xyz
That world computer is bogged down. The proliferation of chains is the response. Each one is less secure than the parent. Stuff like Nomad is the "connective tissue" to get the various organs of this science project talking to each other.
Dive deeply enough down and you find the root of it all: everybody wants to make the next Bitcoin, Ethereum, and so on. With each turn of the crank a new crop of Barnums springs up to take the money of an unending supply of digital rubes.
What are some alternatives?
ioccc-obfuscated-c-contest - IOCCC International Obfuscated C code contest entries
consensus-specs - Ethereum Proof-of-Stake Consensus Specifications
blog - Jeff Schnitzer's Blog
team - the Rust Community Team 🦀⚙️✨