| timezone |
|---|
Asia/Shanghai |
- 自我介绍
Security Engineer Intern @zksecurity. I do ZK + Solidity for work, red teaming + game hacking for hobby.
- 你认为你会完成本次残酷学习吗?
Can't say no.
I have done Ethernaut and DamnVulnerableDeFi before (writeup).
Plan:
- Solve the last 2 challs from onlyPwner
- Solve paradigm ctf 2023 locally
- Solve curta locally: https://github.com/fiveoutofnine/tardis
Today:
- Half way into Diversion: https://onlypwner.xyz/challenges/4.
- Tried to compile https://github.com/rebryk/profanity-brute-force on both Linux and Windows but failed.
- Wrote a PoC for Solidity assembly related bug during work
- Wrapped up eWPT exam (web hacking)
- Investigated a ECDSA signature related issue during work
- Worked on Taichi private audit
- Wrapped up Taichi private audit
- Solved onlyPwner Diversion
- Solved onlyPwner SEAL911
- Investigated an issue with calling external function within the same contract with
thiskeyword, such asthis.functionCall(). I found that the msg.sender during this call with beaddress(this), not the EOA address who initiated the tx. - Investigated an issue with using
offsetto access a portion of calldata in solidity assembly block.
- Investigated a super-duper complex reentrancy issue during work
- Wrapped up onlyPwner. Now I solved all challs.
- Built a Claude 3.5 prompt bot for web3 ctf.
- Half way into DamnVulnerableDefi Curvy Puppet.
- Solved a Milotruck chall: Gnosis Unsafe.
- Solved a Milotruck chall: Meta Staking.
- Solved Tornado crash from blaz ctf 2023.
- Investigated a solidity language bug <0.8.15 https://soliditylang.org/blog/2022/08/08/calldata-tuple-reencoding-head-overflow-bug/
- Tried decompile sui move bytecode into C/Python with claude 3.5.
- Review taichi audit group client PR.
- Tested claude 3.5 diagram drawing capabilities. Tomorrow I will let it try to manipulate raw calldata.
- Solved Greyhats Dollar from Milotruck challs.
- Solved Escrow from Milotruck challs.
- Building knowledge base for the bot
- Building knowledge base for the bot
- Learning cairo
- Building cursor rules for blaz ctf
- Researching prompt engineering
- Researching prompt engineering
- Wrote a minecraft-like browser game with three.js
- play blaz
- play blaz