Additions:

goncaloMagalhaes · goncaloMagalhaes · commit cc86167f3978 · 2023-02-01T11:11:44.000Z
* add hack analyses folder
  * update bugfix reviews layout
  * add mev bot hack analysis
  * add tx viewers to Tools
  * add codeslaw
Fixes:
  * replace 'this' for 'these' where it made sense
diff --git a/Blockchain Concepts/README.md b/Blockchain Concepts/README.md
@@ -46,7 +46,7 @@ Blockchain Concepts
 Who holds the private key? In the custodial wallets a third party manages the private key, in the non-custodial ones is the user who holds the keys. Usually the centraliced exchanges are the ones who provide custodial wallets and you can get the non-custodial ones using Metamask or Trust Wallet for example.
 
 - Hot/Cold wallet:
-The biggest difference between this wallets is if they are connected to the internet (hot wallet) or not (cold wallet)
+The biggest difference between these wallets is if they are connected to the internet (hot wallet) or not (cold wallet)
 
 
 # Resources:
diff --git a/BugFixReviews/README.md b/BugFixReviews/README.md
@@ -1,12 +1,10 @@
 Bugfix Reviews
 --------------------
-This are the real world cases, if you are interested in learning the theory about this vulnerabilities check: [Vulnerabilities](../Vulnerabilities/README.md)
+These are real world cases of bug fixes reported through Immunefi. To learn more about smart contract vulnerabilities theory check: [Vulnerabilities](../Vulnerabilities/README.md)
 
 - [2023](#2023)
   - [January 2023](#january-2023)
-  
-    - [Hack Analysis: Nomad Bridge, August 2022](#hack-analysis-nomad-bridge-august-2022)
-    - [Hack Analysis: Beanstalk Governance Attack, April 2022](#hack-analysis-beanstalk-governance-attack-april-2022)
+
     - [Moonbeam, Astar, And Acala Library Truncation Bugfix Review - $1M Payout](#moonbeam-astar-and-acala-library-truncation-bugfix-review-$1m-payout)
 
 - [2022](#2022)
@@ -17,8 +15,6 @@ This are the real world cases, if you are interested in learning the theory abou
   - [November 2022](#november-2022)
 
     - [Mt Pelerin Double Transaction Bugfix Review](#mt-pelerin-double-transaction-bugfix-review)
-    - [Hack Analysis: Saddle Finance, April 2022](#hack-analysis-saddle-finance-april-2022)
-    - [Hack Analysis: Cream Finance Oct 2021](#hack-analysis-cream-finance-oct-2021)
 
   - [September 2022](#september-2022)
 
@@ -124,18 +120,6 @@ This are the real world cases, if you are interested in learning the theory abou
 
 ## January 2023
 
-### [Hack Analysis: Nomad Bridge, August 2022](https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a)
-
-A routine upgrade on the implementation of one of Nomad’s proxy contracts marked a zero hash value as a trusted root, which allowed messages to get automatically proved. The hacker leveraged this vulnerability to spoof the bridge contract and trick it to unlock funds.
-
-- Vulnerability type: CommittedRoot set to ZERO.
-
-### [Hack Analysis: Beanstalk Governance Attack, April 2022](https://medium.com/immunefi/hack-analysis-beanstalk-governance-attack-april-2022-f42788fc821e)
-
-Beanstalk was the victim of a whopping $181M hack, which leveraged the lack of execution delay to push through a malicious governance proposal.
-
-- Vulnerability type: Lack of execution delay.
-
 ### [Moonbeam, Astar, And Acala Library Truncation Bugfix Review — $1m Payout](https://medium.com/immunefi/moonbeam-astar-and-acala-library-truncation-bugfix-review-1m-payout-41a862877a5b)
 
 The bug, which was found within Frontier — the Substrate pallet that provides core Ethereum compatibility features within the Polkadot ecosystem–impacted Moonbeam, Astar Network, and Acala. The estimated potential damage from the vulnerability amounted to approximately $200m across the three projects, which was swiftly prevented
@@ -146,12 +130,6 @@ The bug, which was found within Frontier — the Substrate pallet that provides
 
 ## December 2022
 
-### [Hack Analysis: Omni Protocol, July 2022](https://medium.com/immunefi/hack-analysis-omni-protocol-july-2022-2d35091a0109)
-
-The underlying vulnerability, reentrancy, was exploited across two different functions of the same smart contract. Notably, these functions were lacking reentrancy locks and did not follow the checks-effects-interactions pattern. By leveraging the re-entrancy vulnerability on two different functions and using two attacker contracts, the hacker was able to borrow against the collateral and make the market forget about it.
-
-- Vulnerability type: Re-entrancy.
-
 ### [88MPH Theft Of Unclaimed MPH Rewards Bugfix Review](https://medium.com/immunefi/88mph-theft-of-unclaimed-mph-rewards-bugfix-review-1dec98b9956b)
 
 Allowed users to steal most of the 88MPH tokens generated from yield contract by depositing an asset and withdrawing the vested 88mph tokens immediately.
@@ -166,18 +144,6 @@ The bug could have allowed users to drain contract funds.
 
 - Vulnerability type: Theft of funds.
 
-### [Hack Analysis: Saddle Finance, April 2022](https://medium.com/immunefi/hack-analysis-saddle-finance-april-2022-f2bcb119f38)
-
-Price miscalculation when swapping a token for an LP token.
-
-- Vulnerability type: Logic, price calculation.
-
-### [Hack Analysis: Cream Finance Oct 2021](https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5)
-
-Analysis of Cream Finance exploit on Oct 2021, resulting in loss of $130m in available liquidity.
-
-- Vulnerability type: Oracle manipulation, Uncapped supply of token.
-
 ## September 2022
 
 ### [Aurora Improper Input Sanitization Bugfix Review](https://medium.com/immunefi/aurora-improper-input-sanitization-bugfix-review-a9376dac046f)
diff --git a/Check This Out/README.md b/Check This Out/README.md
@@ -97,6 +97,6 @@ Check This Out
 - [How to PoC your Bug Leads](https://medium.com/immunefi/how-to-poc-your-bug-leads-5ec76abdc1d8)
 - [Elements of a good bug report by Joran Honig](https://typeshare.co/joranhonig/posts/elements-of-a-good-bug-report)
 - [Sample vulnerability Report by DanielVF](https://gist.github.com/DanielVF/66f459da88804d1fd917c47576c68523)
-- [Check this Foundry Tutorials](../Tools/README.md#foundry-solidity-evm)
+- [Check these Foundry Tutorials](../Tools/README.md#foundry-solidity-evm)
 - [DeFiHackLabs - Example POC's made with Foundry](https://github.com/SunWeb3Sec/DeFiHackLabs)
 - [Coinspect Security - EVM Attacks PoCs ](https://github.com/coinspect/learn-evm-attacks/tree/master/test)
diff --git a/HackAnalyses/README.md b/HackAnalyses/README.md
@@ -0,0 +1,54 @@
+Hack Analyses
+--------------------
+These are real world cases of bug fixes reported through Immunefi. To learn more about smart contract vulnerabilities theory check: [Vulnerabilities](../Vulnerabilities/README.md)
+
+- [2023](#2023)
+  - [Hack Analysis: 0xbaDc0dE MEV Bot, September 2022](#hack-analysis-0xbadc0de-mev-bot-september-2022)
+  - [Hack Analysis: Nomad Bridge, August 2022](#hack-analysis-nomad-bridge-august-2022)
+  - [Hack Analysis: Beanstalk Governance Attack, April 2022](#hack-analysis-beanstalk-governance-attack-april-2022)
+
+- [2022](#2022)
+  - [Hack Analysis: Omni Protocol, July 2022](#hack-analysis-omni-protocol-july-2022)
+  - [Hack Analysis: Saddle Finance, April 2022](#hack-analysis-saddle-finance-april-2022)
+  - [Hack Analysis: Cream Finance Oct 2021](#hack-analysis-cream-finance-oct-2021)
+
+
+# 2023
+
+## [Hack Analysis: 0xbaDc0dE MEV Bot, September 2022](https://medium.com/immunefi/0xbadc0de-mev-bot-hack-analysis-30b9031ff0ba)
+
+A smart contract MEV bot was hacked on the Ethereum blockchain, losing around 1,101 WETH. The hack took place just 30 minutes after the MEV bot pulled off a notoriously profitable arbitration that earned it 804 WETH. Since the smart contract code is unverified, this article shows how one can go about finding a vulnerability in a smart contract by just looking at its bytecode, past transactions and a bit of PoC trial and error action.
+
+- Vulnerability type: Lack of sufficient validation of flashloan caller leading to arbitrary function execution
+
+## [Hack Analysis: Nomad Bridge, August 2022](https://medium.com/immunefi/hack-analysis-nomad-bridge-august-2022-5aa63d53814a)
+
+A routine upgrade on the implementation of one of Nomad’s proxy contracts marked a zero hash value as a trusted root, which allowed messages to get automatically proved. The hacker leveraged this vulnerability to spoof the bridge contract and trick it to unlock funds.
+
+- Vulnerability type: CommittedRoot set to ZERO.
+
+## [Hack Analysis: Beanstalk Governance Attack, April 2022](https://medium.com/immunefi/hack-analysis-beanstalk-governance-attack-april-2022-f42788fc821e)
+
+Beanstalk was the victim of a whopping $181M hack, which leveraged the lack of execution delay to push through a malicious governance proposal.
+
+- Vulnerability type: Lack of execution delay.
+
+# 2022
+
+## [Hack Analysis: Omni Protocol, July 2022](https://medium.com/immunefi/hack-analysis-omni-protocol-july-2022-2d35091a0109)
+
+The underlying vulnerability, reentrancy, was exploited across two different functions of the same smart contract. Notably, these functions were lacking reentrancy locks and did not follow the checks-effects-interactions pattern. By leveraging the re-entrancy vulnerability on two different functions and using two attacker contracts, the hacker was able to borrow against the collateral and make the market forget about it.
+
+- Vulnerability type: Re-entrancy.
+
+## [Hack Analysis: Saddle Finance, April 2022](https://medium.com/immunefi/hack-analysis-saddle-finance-april-2022-f2bcb119f38)
+
+Price miscalculation when swapping a token for an LP token.
+
+- Vulnerability type: Logic, price calculation.
+
+## [Hack Analysis: Cream Finance Oct 2021](https://medium.com/immunefi/hack-analysis-cream-finance-oct-2021-fc222d913fc5)
+
+Analysis of Cream Finance exploit on Oct 2021, resulting in loss of $130m in available liquidity.
+
+- Vulnerability type: Oracle manipulation, Uncapped supply of token.
diff --git a/README.md b/README.md
@@ -8,14 +8,16 @@ This is a collaborative repository that aims to contain all the information you
 | Starting Guides            | [Inspect](#starting-guides)
 | Blockchain Concepts        | [Inspect](#blockchain-concepts)         
 | Bug Fix Reviews            | [Inspect](#bugfix-reviews) 
+| Hack Analyses              | [Inspect](#hack-analyses)
 | Smart Contracts            | [Inspect](#smart-contracts)
 | Tools                      | [Inspect](#tools)
 | Vulnerabilities            | [Inspect](#vulnerabilities)
 | Check This Out             | [Inspect](#check-this-out)
 | How to Add Resources       | [Inspect](#how-to-add-resources)
 
 ## Starting Guides:
- - [Hacking the Blockchain: Ethereum](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b)
+- [Hacking the Blockchain: Ethereum](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b)
+- [Your First Day as a Bug Bounty Hunter on Immunefi](https://medium.com/immunefi/your-first-day-as-a-bug-bounty-hunter-on-immunefi-9b101768a40c)
 
 
 ## Blockchain Concepts
@@ -26,41 +28,25 @@ This is a collaborative repository that aims to contain all the information you
   - [Wallets](Blockchain%20Concepts/README.md#wallets)
   - [Resources:](Blockchain%20Concepts/README.md#resources)
 
-## Bugfix Reviews
 
+## Bugfix Reviews
+- [2023](BugFixReviews/README.md#2023)
 - [2022](BugFixReviews/README.md#2022)
-    - [November 2022](BugFixReviews/README.md#november-2022)
-    - [September 2022](BugFixReviews/README.md#september-2022)
-    - [August 2022](BugFixReviews/README.md#august-2022)
-    - [July 2022](BugFixReviews/README.md#july-2022)
-    - [June 2022](BugFixReviews/README.md#june-2022)
-    - [May 2022](BugFixReviews/README.md#may-2022)
-    - [April 2022](BugFixReviews/README.md#april-2022)
-    - [March 2022](BugFixReviews/README.md#march-2022)
-    - [February 2022](BugFixReviews/README.md#february-2022)
-    - [January 2022](BugFixReviews/README.md#january-2022)
-
 - [2021](BugFixReviews/README.md#2021)
 
-    - [December 2021](BugFixReviews/README.md#december-2021)
-    - [November 2021](BugFixReviews/README.md#november-2021)
-    - [October 2021](BugFixReviews/README.md#october-2021)
-    - [September 2021](BugFixReviews/README.md#september-2021)
-    - [August 2021](BugFixReviews/README.md#august-2021)
-    - [July 2021](BugFixReviews/README.md#july-2021)
-    - [June 2021](BugFixReviews/README.md#june-2021)
-    - [May 2021](BugFixReviews/README.md#may-2021)
-    - [April 2021](BugFixReviews/README.md#april-2021)
-    - [March 2021](BugFixReviews/README.md#march-2021)
-    - [February 2021](BugFixReviews/README.md#february-2021)
-  
-## Smart Contracts
 
+## Hack Analyses
+- [2023](HackAnalyses/README.md#2023)
+- [2022](HackAnalyses/README.md#2022)
+
+
+## Smart Contracts
   - [Ethereum Virtual Machine](Smart%20Contracts/README.md#ethereum-virtual-machine)
     - [Solidity](Smart%20Contracts/README.md#solidity)
     - [Vyper](Smart%20Contracts/README.md#vyper)
     - [Huff](Smart%20Contracts/README.md#huff)
 
+
 ## Tools
 - [Frameworks/ Programming Tools](Tools/README.md#frameworks-programming-tools)
   - [Hardhat (JS) EVM](Tools/README.md#hardhat-js-evm)
@@ -78,7 +64,6 @@ This is a collaborative repository that aims to contain all the information you
 
 ## Vulnerabilities
   - [Logic](Vulnerabilities/README.md#logic)
-
     - [Bad Arithmetics](Vulnerabilities/README.md#--bad-arithmetics)
     - [Integer underflow/overflow](Vulnerabilities/README.md#--integer-underflowoverflow)
     - [Checks](Vulnerabilities/README.md#--checks)
@@ -99,19 +84,19 @@ This is a collaborative repository that aims to contain all the information you
   - [Transaction reorganization (MEV)](Vulnerabilities/README.md#transaction-reorganization-mev)
   - [Bad Randomness](Vulnerabilities/README.md#bad-randomness)
   - [Use of components with known vulnerabilities](Vulnerabilities/README.md#use-of-components-with-known-vulnerabilities)
- 
- ## Check This Out:
- - [CTFs to Enhance your Solidity Skills](Check%20This%20Out/README.md#ctfs-to-enhance-your-solidity-skills)
-- [How to...](Check%20This%20Out/README.md#how-to)
-- [Interviews](Check%20This%20Out/README.md#interviews)
-- [Research Papers](Check%20This%20Out/README.md#research-papers)
-- [People to Follow](Check%20This%20Out/README.md#people-to-follow)
-- [Resources from YouTube](Check%20This%20Out/README.md#resources-from-youtube)
-- [PoC like a pro](Check%20This%20Out/README.md#poc-like-a-pro)
 
 
+## Check This Out:
+  - [CTFs to Enhance your Solidity Skills](Check%20This%20Out/README.md#ctfs-to-enhance-your-solidity-skills)
+  - [How to...](Check%20This%20Out/README.md#how-to)
+  - [Interviews](Check%20This%20Out/README.md#interviews)
+  - [Research Papers](Check%20This%20Out/README.md#research-papers)
+  - [People to Follow](Check%20This%20Out/README.md#people-to-follow)
+  - [Resources from YouTube](Check%20This%20Out/README.md#resources-from-youtube)
+  - [PoC like a pro](Check%20This%20Out/README.md#poc-like-a-pro)
+
 
- ## How to add Resources?
-  Please follow the structure of the file you are editing. Whenever possible add a description of the resource you want to share. Send a pull request adding in the comment your Twitter and Discord users to thank you for the contribution and receive XP in the Discord leveling system.
+## How to add Resources?
+Please follow the structure of the file you are editing. Whenever possible add a description of the resource you want to share. Send a pull request adding in the comment your Twitter and Discord users to thank you for the contribution and receive XP in the Discord leveling system.
   
-  Plagiarism: Word-for-word copying of portions of another's writing won't be allowed.
+Plagiarism: Word-for-word copying of portions of another's writing won't be allowed.
diff --git a/Tools/README.md b/Tools/README.md
@@ -50,13 +50,17 @@ Tools
   It offers a variety of graphic outputs and details on the smart contracts' structure.
 
 # Blockchain Analysis
-Blockchain network explorers.
+Blockchain network explorers:
 - [Ethereum](https://etherscan.io)
 - [BNB Chain](https://bscscan.com)
 - [Polygon](https://polygonscan.com)
 - [Solana](https://solscan.io)
 - [Fantom](https://fantomscan.com)
 - [BitQuery](https://explorer.bitquery.io/)
+Transaction viewers:
+- [samczsun's Tx viewer](https://tx.eth.samczsun.com/)
+- [Tenderly Dashboard](https://dashboard.tenderly.co/explorer)
+- [Phalcon explorer](https://phalcon.blocksec.com/)
 
 # Activity Monitoring
 - [Forta Protocol](https://forta.org)
@@ -96,6 +100,10 @@ Open data library for cryptocurrency assets.
 
 A blockchain analytics and compliance platform.
 
+- [Codeslaw](https://www.codeslaw.app/)
+
+Smart search for verified smart contracts on the blockchain
+
 # Vulnerability Scanners & Others:
 - [Slither](https://github.com/crytic/slither)
 
diff --git a/Vulnerabilities/README.md b/Vulnerabilities/README.md
@@ -69,7 +69,7 @@ First of all, you need to understand what is `delegatecall` this function is a v
 # Access Control
 ## - Unprotected functions
 - Default Visibility
-  One of this common examples 
+  One of these common examples 
 ## - Signature Verification
 
 ## - Authentication with tx.origin
