Smart Contract Security Newsletter #33

Distilled News

Flash Loans are here to stay.

Much confusion and disinformation has continued to flow since the BzX “hacks” last month, so maurelian’s tweet from Feb 19 is worth repeating here:

TLDR re: security implications of flash loans:

There are no NEW vulnerability classes known to the world this week.

But security assumptions based on an attacker not having access to large quantities of a token are much weaker with flash loans in the mix.

If you’d like to learn more about the use cases and security considerations of flash loans, our favorite recent sources are:

“After the bZx hacks, being hit by a flash attack will be as embarrassing as getting hit by re-entrancy after the DAO hack: you will get no sympathy. You should have known better.”
– Haseeb Qureshi

Questions DeFi users should be asking DeFi Developers — ConsenSys Diligence

We wanted to step back a bit from the focus on flash loans and oracles, and look more holistically at security challenges in DeFi. Of course we’re more than happy to help developers, but in order for them to place a true priority on security, users need to start asking tough questions, and putting their money into the protocols that can answer them thoughtfully.

We put this list of questions together to help users ask better questions, and make better decisions about their risk tolerance. The question are broken down into these categories

  • Admin permissions
  • External Dependencies
  • Responsible disclosure and bounty programs
  • Incident response planning
  • Audits and Secure development

DeFi and chain split tweet storm — @cyounessi1

ProgPoW discussions are heating up again, and with that the possibility of another ETC-style fork. Cyrus and many others are discussing the effects of such a fork on DeFi.

Did Binance just help Justin Sun take over the Steem network? — Decrypt

We are seeing a rise in creative attacks on Proof of Stake systems. Justin Sun, CEO of TRON, recently bought the decentralized exchange, and Steem users voted to block him from accessing some money held on the network. It seems that with the help of Binance, Tron is trying to take over Steem. Although Justin Sun describes this as defeating the hackers.

Research Papers


Other Links

Sign up for the Smart Contract Security Newsletter to be the first to receive the top security news every two weeks.

Smart Contract Security Newsletter #33 was originally published in ConsenSys Diligence on Medium, where people are continuing the conversation by highlighting and responding to this story.

—Source link—

What do you think?

Friday Open Thread: What’s your best advice for someone new?

Executive Vote: Set the Dai Savings Rate Spread