Image for post
Image for post

Ethernaut is OpenZeppelin’s wargame to learn about Ethereum smart contract security. It launched a couple of years ago and consists of 21 challenges that need to be solved. I personally found the Ethernaut challenges to be easier than the challenges of Capture the Ether, another CTF. If you have no prior Ethereum and security background this might be a good place to start. The challenges are on the Rinkeby testnet which makes the setup and receiving testnet ether a bit inconvenient as there are currently no easy to use faucets.

What I did was to solve all challenges using hardhat in my local environment which made testing my exploits locally very easy. I wrote custom code that forks rinkeby, creates a custom smart contract challenge instance for me, runs my exploit code, and then checks for correctness using my local environment. My solutions can be found here. If you prefer solving the challenges this way as well, instead of using a testnet, you can clone my repo, have a look at the first warmup challenge test/0-hello.ts and implement the rest of the challenges in a similar way. …


DeFi protocols come with novel innovations that haven’t been possible in traditional finance like flash loans. This opens new attack vectors that need to be considered when designing these protocols. Recently, OpenZeppelin released their Damn Vulnerable DeFi CTF challenges.

They are a lot of fun and it’s a great way to get started with DeFi or ETH development in general. Unlike other CTFs everything runs on your local node, so no need to do waste time on getting set up like managing private keys, getting testnet ether, copying code to your local machine, etc. Give it a try! …


Following the tradition of 2018, 2019 and 2020, I’ll revisit my previous year’s goals and see what I achieved, and set new goals for 2021.

Reviewing 2020’s goals

Get back to a bi-weekly blog-post consistency.

❌ Failed, I only wrote 15 out of the desired 26 posts (not counting monthly progress reports). I had a lot of client work during some of the summer months when I didn’t write any posts.

Set up tinyletter for my blog and fully automate the sending of email notifications every month with my latest blog posts. (I already know I am not going to do it if I have to > write a personalized email for every post. …


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

What did I do

Productive Hours in December
Productive Hours in December

Hours worked on side-projects in December

I worked 90 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

What was worked on

Besides the usual work, I did a lot of programming challenges and CTFs to wind down. …


This article explores the pricing of liquidity pool (LP) tokens and discusses the recent Warp Finance hack that is closely related to it.

Warp Finance Hack

Warp Finance is a lending platform on Ethereum allowing LP token collateral deposits and borrowing other assets against them. Like any other lending platform, all loans must be over-collateralized, meaning, the value of the LP tokens as collateral must be higher than the loan. Therefore, they need a way to price LP tokens.

A detailed write-up of the hack can be found here, in short, this happened:

  1. Take out flash loans
  2. Use ~5.8M $ to provide liquidity to the DAI <> WETH pool. …


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

What did I do

Productive Hours in November
Productive Hours in November

Hours worked on side-projects in November

I worked 101 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

What was worked on

November felt a bit more relaxing than previous months. On the downside, my sleep schedule became very bad. …


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

What did I do

Productive Hours in October
Productive Hours in October

Hours worked on side-projects in October

I worked 89 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

What was worked on

  • improving my arbitrage bot
  • other private projects

Platform Growth

Website

Sessions stayed at 5,900 on my website. …


Recently, a lot of EOS “Defi yield farming projects” popped up. I put projects in quotes because the common trait among the ones I’m talking about is that there’s no working product — just a project token. Some examples:

They all work the same way:

  1. There’s a project token of limited supply (call it PROJECT) that is paid out as a reward
  2. There might or might not be a promise that future products (like Vaults) will be developed using this…

I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

What did I do

Productive Hours in September
Productive Hours in September

Hours worked on side-projects in September

I worked 117 productive hours on side projects last month. That’s awesome and almost twice as much as the months before — I had some more free time.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

What was worked on

  • VIGOR launch…

Sometimes you need to roll back to a previous version of a brew package. If the brew package maintainers do versioning this is as easy as typing brew install <packageName>@1.2.3. Often times, there's no versioning system though and the only available version is the latest one.

In previous brew versions you could install a package by directly linking to the GitHub repo that hosts the Formula/<packageName>.rb file. The repository is usually called homebrew-<packageName> and you can browse through the git commits to find an old Formula/<packageName>.rb file. For example, you could install an old version of EOSIO.CDT by doing:

brew remove eosio.cdt
brew install…

About

Christoph Michel

Full Stack Software Engineer #javascript #EOS. Into Recreational Math / CS 🤯 Just message me about anything, my mind is open.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store