Relay Bridge is an instant, low-cost bridging and swapping solution. Users should submit their intents to a solver and pass the request ID generated off-chain through msg.data to the solver address while transferring the tokens.

Hyperlane is a cross-chain messaging infrastructure that allows on-chain communication between a source and destination chain. It introduced the sovereign security model, where applications can choose their security models based on their preferences. This model is now widely adopted into multiple other cross-chain messaging protocols. ISMs (Interchain Security Modules) make this sovereign security model possible. I won’t dive deep into its specifics. One such ISM is the rate-limited ISM, which is being used by Hyperlane’s warp routes. This ISM works differently from the other ISM, where it maintains its very own state. Other ISMs like aggregation / multi-sig ISMs won’t allow any state modifications during the verify() call. This very functionality intrigued me to explore further and earthed a HIGH vulnerability issue, where the Hyperplane’s warp routes that use this very ISM can be DoSed temporarily and force re-deployment of new ISM without much capital at risk.

The Shezmu protocol was hacked on September 20, 2024, in two isolated incidents involving shezUSD and shezETH at 07:21:59 PM UTC and 10:55:47 UTC. Two different exploiter addresses collectively stole 509.34 ETH and 9447 DAI worth nearly $1.25 million during the time of the exploit. Shezmu is an Ethereum lending platform where users can borrow against their NFTs and yield-bearing assets (vaults). First, users deposit the collateral asset into a qualifying vault contract and receive shares. Later, the vault shares are used to borrow shezUSD (or shezETH). The vulnerability lies in the collateral contract (0x6412…924), where anyone can mint the collateral out of thin air. As collateral could be minted in large quantities (infinite mint bug), it could be deposited in the ERC20 vault (0x5924…e9c) and used to borrow shezETH / shezUSD against it. Thus draining the protocol’s shezETH and shezUSD liquidity pool.

Write PoC for cross-chain bugs natively on foundry using Pigeon.

Recently, I stumbled upon a challenge that felt more like a treasure hunt. Within a mere two hours, I managed to snatch $7k from the SocketSurge LootBox-II. Intrigued? Let's delve into the intricacies of how this endeavor played out.

In the continuous endeavor to ensure the security and robustness of blockchain systems, uncovering vulnerabilities remains a crucial aspect. A recent examination of the Socket DL revealed a potential exploit where colluded transmitters could bypass important validations. This post-mortem aims to dissect the identified vulnerability and suggest remediation strategies.

Immutability is a strong value proponent for cross-chain applications. Today, various off-chain solutions exist, including Layerzero’s PreCrime and Hyperlane’s WatchTower.

Blockchains are distributed, decentralized databases providing robust data validations and transparency at the cost of scalability.

How to construct a dynamic array in a function with visibility identifiers like pure, view ?