Image for post
Image for post

This is the start of a new series called “Replaying Ethereum Hacks” where we take a closer look at past Ethereum exploits and end up re-implementing the attacks. One might ask themselves what the benefits of doing this might be — especially as the hacks are already documented through post mortems. This is a valid objection, but I still think it’s very valuable for these reasons:

  • To learn about smart contract security.
  • Looking at real-world exploits is the best way to learn about attack vectors that are actually used and therefore it’s also a great way to learn how to…

Paradigm CTF 2021 was a 48-hour Ethereum focused security competition held over the last weekend. It consists of 17 challenges, most of them were quite hard, definitely harder than Ethernaut or Capture The Ether Solutions. Nevertheless, this made them even more fun. 😃 Thanks to Paradigm for organizing it and I hope to see similar ones in the future.

I participated as team [object Object] and ranked #7 overall, was the top single-member team and drew two first bloods. I'll do a walk-through for the challenges I was able to solve. If you solved any of the others (or solved…


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

What did I do

Productive Hours in January
Productive Hours in January

Hours worked on side-projects in January

I worked 103 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

What was worked on

  • Did the Capture the Ether CTF challenges

Image for post
Image for post

Capture the Ether is a game to learn about Ethereum smart contract security. It already launched over 2 years ago but most things you’ll learn still apply today. There even is a leaderboard. You still have the chance to be immortalized as one of the first 100 players to solve all challenges. (I’m at rank 56.) Go ahead and try it!

I solved all challenges using the modern hardhat local environment which makes forking from the ropsten test network and testing your exploits locally very easy. My solutions can be found here.

I’ll discuss all challenges in this post.

Warmup

Deploy

The…


Image for post
Image for post

Ethernaut is OpenZeppelin’s wargame to learn about Ethereum smart contract security. It launched a couple of years ago and consists of 21 challenges that need to be solved. I personally found the Ethernaut challenges to be easier than the challenges of Capture the Ether, another CTF. If you have no prior Ethereum and security background this might be a good place to start. The challenges are on the Rinkeby testnet which makes the setup and receiving testnet ether a bit inconvenient as there are currently no easy to use faucets.

What I did was to solve all challenges using hardhat


DeFi protocols come with novel innovations that haven’t been possible in traditional finance like flash loans. This opens new attack vectors that need to be considered when designing these protocols. Recently, OpenZeppelin released their Damn Vulnerable DeFi CTF challenges.

They are a lot of fun and it’s a great way to get started with DeFi or ETH development in general. Unlike other CTFs everything runs on your local node, so no need to do waste time on getting set up like managing private keys, getting testnet ether, copying code to your local machine, etc. Give it a try! …


Following the tradition of 2018, 2019 and 2020, I’ll revisit my previous year’s goals and see what I achieved, and set new goals for 2021.

Reviewing 2020’s goals

Get back to a bi-weekly blog-post consistency.

❌ Failed, I only wrote 15 out of the desired 26 posts (not counting monthly progress reports). I had a lot of client work during some of the summer months when I didn’t write any posts.

Set up tinyletter for my blog and fully automate the sending of email notifications every month with my latest blog posts. (I already know I am not going to do it if…


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

What did I do

Productive Hours in December
Productive Hours in December

Hours worked on side-projects in December

I worked 90 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

What was worked on

Besides the usual work, I did a lot of programming challenges…


This article explores the pricing of liquidity pool (LP) tokens and discusses the recent Warp Finance hack that is closely related to it.

Warp Finance Hack

Warp Finance is a lending platform on Ethereum allowing LP token collateral deposits and borrowing other assets against them. Like any other lending platform, all loans must be over-collateralized, meaning, the value of the LP tokens as collateral must be higher than the loan. Therefore, they need a way to price LP tokens.

A detailed write-up of the hack can be found here, in short, this happened:

  1. Take out flash loans
  2. Use ~5.8M $ to provide liquidity…


I post a progress report showing what I did and how my products performed each month. Last month’s report can be seen here.

What did I do

Productive Hours in November
Productive Hours in November

Hours worked on side-projects in November

I worked 101 productive on side projects hours last month.

To make these progress reports a bit more interesting, from now on I’ll post my favourite song, TV show, and article I read last month.

What was worked on

November felt a bit more relaxing than previous months. On the downside, my sleep schedule became very…

Christoph Michel

Full Stack Software Engineer #javascript #EOS. Into Recreational Math / CS 🤯 Just message me about anything, my mind is open.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store