seems certik(The blackhat team) will going to jail. some people think they are same Lazarus.

An OKX user disclosed today that hackers purchased his personal information and used AI to create fake videos. Hackers used these to change the victim's OKX passwords and even 2FA. More than $2 million US were stolen. Be wary of Deepfakes and personal data leaks. — link

unassigned pool earnings In the context of the Uniswap V3 protocol, the "unassigned pool earnings" How it works:

When a user deposits their assets into the pool, they earn a share of the pool's earnings.
The pool earns rewards in the form of interest, fees, or other incentives.
The pool's earnings are not yet assigned to any specific user, so they are considered "unassigned".
When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them.
Why unassigned pool earnings?

The unassigned pool earnings are a result of the way the Uniswap V3 protocol is designed. When a user deposits their assets into the pool, they earn a share of the pool's earnings. However, the earnings are not yet assigned to any specific user, so they are considered "unassigned".

How are unassigned pool earnings assigned?When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them. This is done by calculating the user's share of the pool's earnings based on their deposited assets and the pool's earnings.

Why is it important?

The unassigned pool earnings are important because they represent the rewards earned by the pool, which are not yet assigned to any specific user. When a user withdraws their assets from the pool, their share of the unassigned earnings is assigned to them, ensuring that they receive their fair share of the pool's earnings. in recent audit protocol ignored unassigned pool earnings https://github.com/sherlock-audit/2024-04-interest-rate-model-judging?tab=readme-ov-file#issue-h-2-unassigned-pool-earnings-can-be-stolen-when-a-maturity-borrow-is-liquidated-by-depositing-at-maturity-with-1-principal
@EthSecurity1

GitHub

GitHub - sherlock-audit/2024-04-interest-rate-model-judging

Contribute to sherlock-audit/2024-04-interest-rate-model-judging development by creating an account on GitHub.

Exploiting precision loss vai fuzz testing

https://dacian.me/exploiting-precision-loss-via-fuzz-testing

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

https://github.com/HolyBugx/HolyTips

Immunefi writeups list
https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
@EthSecurity1

in your storage

Exploiting Precision Loss via Fuzz Testing

Fuzz testing is an invaluable tool for finding & maximizing precision loss vulnerabilities..

Zelic found critical vulnerability in Gains network forks

https://x.com/zellic_io/status/1781389554764886289?s=61
@EthSecurity1

X (formerly Twitter)

Zellic (@zellic_io) on X

SECURITY ADVISORY Zellic discovered two critical issues in certain forks of Gains Network. We worked with the teams to responsibly disclose these issues. The issues allowed attackers to create trades that always made 900% profit (the max allowed). Here’s…

EIP 3074 approved to go live on next Ethereum Hard fork. EIP Details: https://eips.ethereum.org/EIPS/eip-3074
it has some pitfalls for now:
-malicious invokers could steal funds
-ether in EOAs cannot be spent
-self-sponsoring breaks a weak form of flash-loan protection -invokers can make upgrading ethereum more challenging @EthSecurity1

Ethereum Improvement Proposals

EIP-3074: AUTH and AUTHCALL opcodes

Allow externally owned accounts to delegate control to a contract.

Prisma Hack post-mortem https://hackmd.io/@PrismaRisk/PostMortem0328 @EthSecurity

SSS Hacked on Blast. a kid wrote it. @EthSecurity1

- PlayDapp Heist: Attackers minted 200M PLA tokens, valuing a massive $31M loss. A significant portion, $5.9M worth, found its way to the Gate platform. The exploit was due to a security vulnerability. @EthSecurity1