Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Open Zeppelin has created a large amount of contracts that are used by every EVM contract. This twitter threat is talking about several of the 'footguns' or easy ways to mess up.

ERC-7201 is a standard for what slots variables should go in. The idea is to stop vulnerabilities from storage layout changes when upgrading a contract. The NameSpaced storage is only done on the OpenZeppelin contracts and NOT the users contracts.

This means that the same classic bug classes apply. The author made a PR to make this generally available as a base class.

Ownable2StepUpgradeable() is a function meant to perform an other swap with an extra step in between. By doing this in 2 steps, if the new owner address is wrong or there is a mistake, then the owner will not be changed.

The contract inherits from OwnableUpgradable(). However, the child initializer does NOT automatically call the parent initializer. In a user doesn't call __Ownable2Step_init, then it will be left without an owner. There is a Github thread about doing this better though.

The researcher Dacian adds a good note as well. Many NFTs should NOT be transferable. This was done by overriding the _transfer() function. However, in V5 of the contracts, _update() is called instead. So, the previous override does not work.