tincho 🪷 (@tinchoabbate) / X

tincho 🪷

794 posts

tincho 🪷

@tinchoabbate

ethereum security @theredguild - creator of damnvulnerabledefi.xyz

Joined November 2018

Pinned
tincho 🪷
@tinchoabbate
Apr 27
You owe @theredguild. It's payback time🫵 Our public-good security reviews, videos, courses, talks, workshops, articles, tools, research, challenges and CTFs helped you advance your security career and secure your code. For free. Pay back here: qf.giveth.io/project/the-re…
5.5K
tincho 🪷
@tinchoabbate
Jun 2, 2021
So you want to have your smart contracts audited ? These are some tips & tricks that'll make auditors love you from day one 🧵
tincho 🪷
@tinchoabbate
Jan 13, 2023
Dear breakers of DeFi, today is a good day. A new version of Damn Vulnerable DeFi is out ! damnvulnerabledefi.xyz/v3-release What's included ?
V3 release of Damn Vulnerable DeFi
From damnvulnerabledefi.xyz
154K
tincho 🪷
@tinchoabbate
Jul 19, 2022
Do you know what happens when you send 1 DAI ? I don’t think you really do. I spent weeks seeking for the truth in Ethereum’s depths. Leaving all previous assumptions behind. And I'm sharing this incredible learning journey with you👇 notonlyowner.com/learn/what-hap…
tincho 🪷
@tinchoabbate
Jul 16, 2024
Dear players of Damn Vulnerable DeFi, rumours are true. The most vulnerable smart contracts in all web3 have been upgraded. V4 is out! 🔥 This is a major update to the game, packed with new challenges and improvements all around.
Releasing Damn Vulnerable DeFi V4
From damnvulnerabledefi.xyz
47K
tincho 🪷
@tinchoabbate
Nov 2, 2021
The MOST vulnerable contracts in all DeFi just got upgraded! ⚙️ New testing env: Solidity 0.8 + Hardhat + Ethers 🌟 4 new levels 💥 New (broken) integrations with Uniswap v2, Gnosis Safe wallets, upgrades, timelocks, NFTs, and more! damnvulnerabledefi.xyz/v2-release.html
tincho 🪷
@tinchoabbate
Feb 10, 2025
after a weeks-long rabbit-hole into Ethereum 7702 accounts, here's a +1 hour deep dive breaking it down. I go over the EIP with diagrams, explaining security risks, footguns and lots of testing of broken code of smart accounts. youtube.com/watch?v=ZFN2bY…
47K
tincho 🪷
@tinchoabbate
Mar 15, 2024
After 5 years of using Solidity, I thought I knew how calls worked. I didn't.
A call, a precompile and a compiler walk into a bar
From blog.theredguild.org
20K
tincho 🪷
@tinchoabbate
Mar 28, 2023
We disclosed a critical bug on ENS. It would've allowed anyone to take over DNSSEC names on ENS. Luckily spotted before landing on mainnet. Want details ?
nick.eth
@nicksdjohnson
Mar 27, 2023
I'm recommending the @ENS_DAO ecosystem stewards pay out a bounty of $100k - our largest ever - for a vulnerability found in an undeployed version of our DNSSEC code. Because it was reported now, this bug will not affect anyone, but would have been catastrophic if deployed.
How to almost take over any DNSSEC name on ENS
From blog.theredguild.org
47K
tincho 🪷
@tinchoabbate
Dec 31, 2021
I spent more than a thousand days learning from a bunch of ultra-smart human-looking aliens. And today is the day I get off the ship. Thanks for the ride @openzeppelin 💟
tincho 🪷
@tinchoabbate
Oct 13, 2022
How to test a smart contract function a million times. And still not find a bug.
notonlyowner.com
How to test a smart contract function a million times
From zero to fuzzing a smart contract library using the OP skills of Foundry.
tincho 🪷
@tinchoabbate
Dec 22, 2021
looks like people are just forking damnvulnerabledefi.xyz challenges to mainnet
tincho 🪷
@tinchoabbate
Dec 8, 2022
If you think the @arbitrum bridge is secure, the message traps will make you think twice. No need to worry though. It's all intended!
Message traps in the Arbitrum bridge
From notonlyowner.com
tincho 🪷
@tinchoabbate
Feb 9, 2023
some views on the new waves and ways in smart contract security
On the new waves and ways in smart contract security
From notonlyowner.com
28K