Cointime

Cointime

Download App
iOS & Android

OpenZeppelin Releases Top 10 Blockchain Hacking Techniques of 2022

Cointime Official

OpenZeppelin, a cryptocurrency cybersecurity firm offering an open-source framework for secure smart contract development, released a report of the top 10 blockchain hacking techniques in 2022.

According to the report, the year 2022 witnessed significant growth in blockchain development and the introduction of novel technologies. However, it also resulted in a rise in new hacking methods and exploits, which caused losses exceeding $3.7 billion.

Here is the list of Top 10 blockchain hacking techniques 2022:

10 - Compound-TUSD Integration Issue Retrospective

The double-entry point issue described in Compound-TUSD Integration Issue Retrospective is a perfect example of a bug that subtly breaks one thing and can lead to significant consequences.

9 - The “6.2 L2 DAI Allows Stealing” issue from the StarkNet-DAI-Bridge Smart Contracts Code Assessment

During the code assessment of the StarkNet-DAI-Bridge Smart Contracts audit, a security issue was discovered in a Cairo smart contract. As a relatively low-level language, Cairo has several potential pitfalls, and this issue is a prime example of one such problem.

8 - Avalanche’s $350M Risk Report

The Statemind team’s Avalanche Vulnerability Report: How We Discovered A $350M Risk and Avalanche Vulnerability Report: Technical overview revealed a clever exploit of seemingly innocuous behavior in the precompile which allowed for the sending of native assets and an optional call to the receiver. 

7 - Read-only Reentrancy – a Novel Vulnerability class responsible for 100m+ funds at risk

In a recent talk, blog post, and post-mortem, ChainSecurity demonstrated that reentrancy to view functions can result in devastating consequences. This work uncovered a new vulnerability type; unfortunately, it is not the last time we will see it.

6 - How to Steal $100M from Flawless Smart Contracts

One of the three research pieces by PwningEth in this year’s top ten highlights the difficulty of introducing a precompile that doesn’t break the security assumptions of applications.

5 - Phantom Functions and the Billion-Dollar No-op

This bug is deceptively simple and could have resulted in a loss of billions if not identified.

It serves as a reminder to exercise caution when calling functions that don’t return a value - especially the permit function - as they may not revert when expected.

4 - How did I Save 70000 ETH and Win 6 Million Bug Bounty

This entry in the Top 10 Hacking Techniques of 2022 underscores the importance of considering delegatecalls in smart contract development.

3 - Could Wrapped Tokens Like WETH Be (forced) Insolvent?

This vulnerability allowed an attacker to empty all wrapped token contracts, and not only take over the balance of the wrapped token, but also buy other tokens from the DEX by using the wrapped token as a rubber check.

2 - A vulnerability disclosed in Profanity, an Ethereum vanity address tool

Despite being publicly disclosed, this bug remained relatively unnoticed until it was exploited approximately six months later.

1 - Attacking an Ethereum L2 with Unbridled Optimism

Saurik found a peculiar bug even deeper than precompiles. Discovering an exploit at the node level earns top place for this finding.

Cryptocurrency
Comments

All Comments

Recommended for you

  • Bank of Japan to Maintain Interest Rates in April

    On April 21, according to Nikkei News: The Bank of Japan will maintain interest rates unchanged in April.

  • Iranian Military: Ready to Respond Decisively to 'Enemy's Breach of Promises'

    On April 21, local time, Abdollahi, commander of the Khatam al-Anbiya Central Command of the Iranian Armed Forces, stated that Iran is prepared to respond decisively to the 'enemy's breach of promises.' Abdollahi emphasized that the current Iranian military possesses 'authority, readiness, and comprehensive strategic capabilities.' He noted that the Islamic Revolutionary Guard Corps and other defense forces have demonstrated combat capabilities in relevant operations, putting 'Israel and the United States in a difficult and fatigued position,' forcing them to 'seek a ceasefire.' Abdollahi also stressed that the Iranian armed forces maintain a high level of unity with the government and the people under the supreme leader's unified command, and will respond 'decisively, resolutely, and promptly' to any threats and actions. (CCTV News)

  • Another Iranian Oil Tanker Returns to Iran After Breaking US Blockade

    On April 21, according to CCTV News, maritime intelligence company 'TankerTrackers' reported that a tanker belonging to the National Iranian Tanker Company returned to Iran after unloading approximately 2 million barrels of crude oil in Indonesia, crossing the relevant maritime blockade line. The tanker is currently en route to Iran's main oil export hub, Khark Island, and is expected to arrive on April 22 local time. It is reported that the tanker set sail from Iran in late March, heading towards the Riau Islands of Indonesia.

  • White House: US and Iran on the Verge of Reaching an Agreement

    On April 21, White House Press Secretary Kayleigh McEnany stated in an interview with Fox News on the evening of the 20th that the United States and Iran are on the "verge of reaching an agreement." McEnany remarked, "The US has never been closer to achieving a truly good deal." However, she did not disclose any information regarding the current status of the negotiations. McEnany noted that even if an agreement is not reached, President Trump has multiple options and is not afraid to utilize these measures. Previous actions have demonstrated that Trump is not just "bluffing."

  • Kelp DAO Attacker Transfers 30,800 ETH to Special Address

    On April 21, news emerged that, according to monitoring by PeckShield, the Kelp DAO attacker transferred 30,800 ETH to a special address starting with 0x00000, possibly indicating a destruction action.

  • Trump: 'Midnight Hammer' Completely Dismantled Iran's Nuclear Dust Base

    On April 21, U.S. President Trump stated that the 'Midnight Hammer' operation has completely destroyed the 'nuclear dust' base within Iran. As a result, the cleanup will be a long and arduous process. The fake news media, including CNN and other corrupt media networks and platforms, have failed to give our great pilots the credit they deserve, instead always attempting to belittle and undermine them. They are losers!!! (Dongxin News Agency)

  • BTC Drops Below $76,000

    Market data shows that BTC has dropped below $76,000, currently priced at $75,999.63, with a 24-hour increase of 1.68%. The market is experiencing significant volatility, so please ensure proper risk management.

  • Japan Officially Allows Export of Lethal Weapons Through Cabinet Resolution

    On April 21, according to Kyodo News, the Japanese government officially revised the 'Three Principles on Transfer of Defense Equipment' and its operational guidelines during a cabinet meeting, which will, in principle, allow the export of lethal weapons. (Xinhua News Agency)

  • Trump Claims Iran Will Negotiate

    On April 21, during a phone interview with CNN, U.S. President Trump stated that Iran "will negotiate" and expressed confidence in potential talks set to take place in Pakistan. Trump remarked, "They will negotiate; if they don't, they will face unprecedented problems." He also expressed hope that both sides could reach a "fair agreement" and emphasized that Iran "will not have nuclear weapons." Additionally, he defended military actions against Iran by stating there was "no choice" and claimed that they would ultimately "wrap things up."

  • Amazon to Invest Additional $5 Billion in Anthropic

    On April 21, Amazon announced on Monday that it will invest an additional $5 billion in the artificial intelligence company Anthropic, bringing the total investment to as much as $20 billion. Anthropic develops the Claude chatbot and programming tools, and plans to invest over $100 billion in Amazon's cloud technology and chips over the next decade.

Daily Must-Read

Popular Activities

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

RaveDAO at Terra Solis by Tomorrowland: A Female-Led Techno Night Where Web3 Culture Converges

April 30 - April 30
Dubai

Popular Tags

Cointime
News
Contents
RSS
Company