Posts in English

THCon 2023 “supplychain” writeup

This is a writeup from the “supplychain” challenge of the CTF for THCon 2023, made by Dridri.

Read more ...


Critical analysis of Flashbots

This article is about the Flashbots project (see that post on ethresear.ch for background).

Read more ...


Python logging: do’s and don’ts

Logging is important. Python has a nice logging framework. I very rarely see it used properly, even by experienced programmers.

Read more ...


The bZx attacks explained

This article will examine in details what happened during the two transactions that exploited vulnerabilities to open under-collateralized positions in bZx, causing a loss of equity worth more than a million dollar in total.

Read more ...


Analyzing suspicious smart contract vacuuming

This is the counterpart of Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths, looking at suspicious patterns in the history of Ethereum, where contracts would not be killed but simply emptied by attackers.

Read more ...


How to steal Ethers: scanning for vulnerable contracts

Four years ago, I wrote an article “How to steal Bitcoins” that was about finding address corresponding to weak brainwallets, and some forensic evidence that it was exploited automatically, for profit.

Read more ...


Pakala: yet another EVM symbolic execution tool

Pakala is a tool for symbolic execution of EVM bytecode (like Manticore or Mythril).

Read more ...


Syncing a Parity Archive Node: How-To

For my experiments, I set on having an Ethereum archive node (with the full history of all the states), with Parity.

Read more ...


The perfect password manager

TL;DR: Use a Yubikey 4 with touch-to-sign to store your GPG keys, and use these keys for SSH authentication and storing your secrets with password-store.

Read more ...


Neo4j tips : starting & optimizing

This article is a collection of tips and informations that I found useful to know about neo4j, when learning about it. It also presents some performance tips (from the developer point of view).

Read more ...


A REALLY simple, but powerful Python web crawler

I am fascinated by web crawlers since a long time. With a powerful and fast web crawler, you can take advantage of the amazing amount of knowledge that is available on the web.

Read more ...


How to steal Bitcoins

Every Bitcoin address is based on a secret key, from which the public key (associated to a Bitcoin address) is calculated. Once you have the private key for an address, you have the control of that address and can use it to transfer funds.

Read more ...