Skip to content

Instantly share code, notes, and snippets.

View ccashwell's full-sized avatar
🤔
¯\_(ツ)_/¯

ccashwell

🤔
¯\_(ツ)_/¯
67 followers · 22 following
View GitHub Profile
@ccashwell
ccashwell / ProjectWyvernAudit.md
Created January 2, 2018 20:14
Audit of the Project Wyvern Platform's Solidity Smart Contracts

Audit: Project Wyvern

Completed on January 2, 2018 @ 7358a6c065

Abstract

Project Wyvern is a decentralized item exchange platform (the “Platform”) comprised of three primary components: (1) The WYV Token; (2) The Wyvern Exchange; and (3) The Wyvern Decentralized Autonomous Organization (DAO). This goal of this audit has been to ascertain the overall security of the Platform. In pursuit of that goal, this author has reviewed the Solidity source code of all relevant Smart Contracts, deployed and tested a live version of the Platform on the Ethereum Main Network.

This audit is presented as a Code Review which reflects a deep analysis of the Smart Contracts that comprise the Platform. It is broken into sub-sections, each of which relate to a single Smart Contract. Each sub-section includes a link to the Smart Contract’s Solidity source code as it stood at the ti

@ccashwell
ccashwell / ABI.json
Last active February 16, 2018 18:40
Transferring Mythereum Cards with MyEtherWallet
[{"constant":true,"inputs":[],"name":"name","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_to","type":"address"},{"name":"_tokenId","type":"uint256"}],"name":"approve","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"totalSupply","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_from","type":"address"},{"name":"_to","type":"address"},{"name":"_tokenId","type":"uint256"}],"name":"transferFrom","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"_tokenId","type":"uint256"}],"name":"approvedFor","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"decimals","outputs":[{"name":"","type":"uint8"}],"payable":false,"stateMutabil
@ccashwell
ccashwell / cattributes.csv
Last active July 20, 2018 04:55 — forked from eugeneotto/gist:192af598a911318b5f43b3f3bd1a0e71
List of CryptoKitties cattribute values and masks
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 5 columns, instead of 1 in line 7.
mask_value,gene_value,cattribute_name,cattribute_type,recessiveness
0x000000000000000000000000000000000000000000000000000000000000001f,0x000000000000000000000000000000000000000000000000000000000000000b,himalayan,body,D
0x00000000000000000000000000000000000000000000000000000000000003e0,0x0000000000000000000000000000000000000000000000000000000000000160,himalayan,body,R1
0x0000000000000000000000000000000000000000000000000000000000007c00,0x0000000000000000000000000000000000000000000000000000000000002c00,himalayan,body,R2
0x00000000000000000000000000000000000000000000000000000000000f8000,0x0000000000000000000000000000000000000000000000000000000000058000,himalayan,body,R3
0x000000000000000000000000000000000000000000000001f000000000000000,0x0000000000000000000000000000000000000000000000008000000000000000,caffeine,eyes,D
0x00000000000000000000000000000000000000000000003e0000000000000000,0x0000000000000000000000000000000000000000000000100000000000000000,caffeine,eyes,R1
0x0000000000000000000000000000000000000000000007
@ccashwell
ccashwell / helpers.ts
Created November 29, 2021 17:18
HardHat Test Helpers
import * as hre from "hardhat";
import { RequestArguments } from "hardhat/types";
import { BigNumber } from "@ethersproject/abi/node_modules/@ethersproject/bignumber";
import { Block } from "@ethersproject/abstract-provider";
import { SignerWithAddress } from "@nomiclabs/hardhat-ethers/signers";
// Mine the next block
export async function mineBlock(): Promise<void> {
await rpc({ method: "evm_mine" });
@ccashwell
ccashwell / deploy_immutable_create2_factory.md
Last active October 15, 2025 21:44
Immutable Create2 Factory Deployment
@ccashwell
ccashwell / ANALYSIS.md
Last active November 6, 2025 22:51
Balancer V2 Rate Manipulation Attack Reproduction (Nov 2025)

Balancer V2 Rate Manipulation Exploit (November 2025)

Overview

Balancer V2 experienced a rate manipulation exploit on November 3, 2025, resulting in approximately $128 million in losses in the initial attack, followed by many millions more in subsequent attacks against other vulnerable pools, protocols and networks.

Attack Summary

The Vulnerability, TLDR: Down-rounding in Balancer V2's stable math (_calcOutGivenIn) allows systematic manipulation of pool invariants through accumulated rounding errors. Carefully crafted swap sequences cause rounding errors to compound.