-
Damn Vulnerable DeFi – Naive Receiver
We have two contracts, one is a pool with 1000 ETH, the other is a borrowing contract set up by a supposedly naive user. This contract currently has custody of 10 ETH and our task is to identify a vulnerability that will allow us to drain the contract when exploited. Reviewing the two contracts, we…
-
PHP Spot the Bug Challenge
Recently I came across one of Securify‘s “spot the bug” challenges. The goal is to find one (or possibly more) critical vulnerabilities in the following code: <?php if (empty($_POST[‘hmac’] || empty($_POST[‘host’])) { header(‘HTTP/1.0 400 Bad Request’); exit; } $secret = getenv(“SECRET”); if (isset($_POST[‘nonce’])) $secret = hash_hmac(‘sha256’, $_POST[‘nonce’], $secret); $hmac = hash_hmac(‘sha256’, $_POST[‘host’], $secret); if ($hmac…