This is part 7 and a continuation of the Smart Contract Security Series. Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack Storage Collision Attack Randomness Attack Replay Attack In this tutorial, the randomness attack or also called replicated logic attack is analyzed. The problem in Solidity contracts is finding … Read more
What is a Transposition Algorithm? A substitution algorithm, such as previously mentioned Caesar’s algorithm, works by substituting each symbol of the plaintext message with another symbol, according to a predetermined offset defined by a key. In contrast, a transposition algorithm shifts, or changes the positions of its symbols by following a specific, predetermined key. Since … Read more
What is Fuzzing? Fuzz testing (or fuzzing) is an automated software testing method with the goal to find vulnerabilities, security issues, and defects of the application. The idea is to inject invalid, malformed, or unexpected inputs into the application using a fuzzing tool and observing how the system reacts to those inputs (e.g., exceptions, leakage … Read more
Before we learn about the money, let’s get this question out of the way: What Does a Security Engineer Do? A security engineer is a “white-hat hacker”, i.e., an IT professional who analyzes computer systems and computer networks to ensure they are running securely. This involves proactive analysis and understanding of possible security threats and … Read more
Caesar Cipher is a simple encryption and obfuscation method. It’s a straightforward substitution cipher that replaces each plain text character with the obfuscated character obtained by shifting the plain text character a fixed number of positions in the alphabet. What is Cryptography? Before we introduce our first cryptographic algorithm, Caesar’s cipher, let’s first introduce cryptography … Read more
This post is part 5 of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack Storage Collision Attack Randomness Attack Replay Attack The post discusses the Denial of Service or alias the DoS attack. The Denial of Service (hence referred to as DoS) restricts legitimate … Read more
This post is part 4 of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack Storage Collision Attack Randomness Attack Replay Attack In this post, we discuss phishing attacks due to tx.origin. In the regular phishing of a website, phishing begins with a phony email … Read more
You can check out the code for this article on our GitHub. Preamble This post is part 3 in continuation of our Smart Contract Security Series. This post is part of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack Storage Collision Attack Randomness Attack … Read more
Introduction This post is part 2 of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack Storage Collision Attack Randomness Attack Replay Attack In this part 2 of the series, we’ll examine how to exploit the “private” vulnerability in Solidity. As the name suggests, private … Read more
In the smart contract security series, we will see multiple vulnerabilities, attacks, and exploitations in the smart contracts, along with the prevention measures. This post is part 1 of our Smart Contract Security Series: Ownership Exploit Private Variable Exploit Reentrancy Attack tx.origin Phishing Attack Denial of Service Attack Storage Collision Attack Randomness Attack Replay Attack … Read more
ROT13 is a simple encryption method. It shifts each character of the clear text string 13 positions forward in the alphabet. This Python one-liner does ROT13 encryption for you: Donβt worry if this seems confusing. Weβll explain it all in detail below! Note: the variable cleartxt refers to the string you want to encode. It … Read more
Python’s exec() function executes the Python code you pass as a string or executable object argument. This is called dynamic execution because, in contrast to normal static Python code, you can generate code and execute it at runtime. This way, you can run programmatically-created Python code. Have you ever wondered about the limits of a … Read more