Daily Security

https://kebabsec.xyz/posts/critical_vulnerability_in_uniswapx/ @EthSecurity1

Take a look, guys🙏

🧐

2nd part is out 👀 Link: officercia.mirror.xyz/AoRdvL3Lp5K5JHjlgpWaOHo_CehH-amZSAm9pxuFdwQ More at @officercia 🫡️️ #security #audit

Some people are still unaware of this masterpiece. Hopefully, you ain't one of them. If the answer is positive, it's not too late to start using it 🙏 https://medium.com/cyfrin/the-best-security-education-tool-in-web3-dd23717fbe58 @ethers_security

Web3 DevSecOps is very important! https://twitter.com/1nf0s3cpt/status/1684573117765898242

Greetings, everyone! I sincerely hope each of you is doing well 🙏. I regret my recent inactivity, was busy doing my work. Meanwhile, I created a separate Twitter account specifically for this community. You can expect more exciting updates to be shared there too. Don't miss out and take care😊 My twitter: https://twitter.com/ethers_security

What is Caracal? Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. What about its Features? 👉Detectors to detect vulnerable Cairo code 👉Printers to report information 👉Taint analysis 👉Data flow analysis framework 👉Easy to run in Scarb projects Any overview of its detectors? 1) controlled-library-call Library calls with a user controlled class hash 2) unchecked-l1-handler-from Detect L1 handlers without from address check 3) reentrancy Detect when a storage variable is read before an external call and written after 4) unused-events Events defined but not emitted 5) unused-return Unused return values 6) unenforced-view Function has view decorator but modifies state 7) unused-arguments Unused arguments 😍 reentrancy-benign Detect when a storage variable is written after an external call but not read before 9) reentrancy-events Detect when an event is emitted after an external call leading to out-of-order events 10) dead-code Private functions never used More on how to install it and its limitations can be found in the repo below 👇 https://github.com/crytic/caracal @ethers_security

What is Caracal? Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. What about its Features? 👉Detectors to detect vulnerable Cairo code 👉Printers to report information 👉Taint analysis 👉Data flow analysis framework 👉Easy to run in Scarb projects Any overview of its detectors? 1) controlled-library-call Library calls with a user controlled class hash 2) unchecked-l1-handler-from Detect L1 handlers without from address check 3) reentrancy Detect when a storage variable is read before an external call and written after 4) unused-events Events defined but not emitted 5) unused-return Unused return values 6) unenforced-view Function has view decorator but modifies state 7) unused-arguments Unused arguments 😍 reentrancy-benign Detect when a storage variable is written after an external call but not read before 9) reentrancy-events Detect when an event is emitted after an external call leading to out-of-order events 10) dead-code Private functions never used More info and settings in the repo https://github.com/crytic/caracal

"circom-mutator" is a mutation testing tool designed for the circom programming language. - This tool primarily revolves around the source-based rewrite of circom code lines to generate mutations. Currently, it operates by utilizing regular expressions to treat the code as text. - May evolve in the future, potentially incorporating the transpiling of circom circuits into an intermediate representation to enable deeper analyses. @ethers_security https://github.com/aviggiano/circom-mutator#readme