WATCHPUG is a security team that offers in-depth auditing for Solidity smart contracts.
Joined May 2021
- Tweets 53
- Following 205
- Followers 2,213
- Likes 26
12 Photos and videos
29 Jun 2022
Dear @paraswap, could you please display the full address in the warning box? So that 0xWho can reverse resolve the address to a readable name, which I rely on it to confirm the address.
2
1
8
23 Jun 2022
a frontend hijacking attack on Convex
this is exactly why the wallet should display a human-readable ENS name for the smart contract address they are interacting with;
and the reason I added this feature to @TallyCash 3 months ago: github.com/tallycash/extensi…
23 Jun 2022
Please review approvals while we evaluate a potential front end issue.
2
10
32
17 Jun 2022
0xWho is an open-sourced Chrome extension: github.com/jack-the-pug/0xwh…
16 Jun 2022
i know it can be hard to wrap your head around the txs, I use 0xWho to label the addresses:
1
1
8
WATCHPUG retweeted
16 Jun 2022
This happened in etherscan.io/tx/0x9582362669…: the problem was them rolling a vulnerable LP token price oracle (sers, we have the correct one also!).
Conclusion: if ever in the future you feel like rolling your price oracle for our pools - ask us to check please
16 Jun 2022
Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.
2
20
85
16 Jun 2022
.@InverseFinance now believes the crv3c is worth much more than it's actual value, so the attacker can borrow out 10m DOLA with only $4.7m worth of collateral.
that's ~$5m of bad debt to the protocol.
1
3
16 Jun 2022
the attacker then sold the DOLA tokens for usdt and then sold usdt for wbtc and repaid the flashloan, netted ~$1.3m of profit.
btw, Curve also earned ~$3m fees out of these large vol trades.
1
2
4 May 2022
currently building a chrome ext which will show you a tooltip with a human readable name (from your address book) whenever you select an address.
it supports ENS reverse resolution; tells if it's a contract or EOA, the ether balance.
this chrome ext is gonna be called: 0xWho?
3
9
WATCHPUG retweeted
13 Feb 2022
We are honored to introduce the new ReportingDAO member, .@WatchPug_, a team of web3 security professionals!
In combination with WATHPUG, InsureDAO will be able to elevate security, privacy, and usability even more!!
link.medium.com/VpyPPrsUBnb
#InsureDAO #DeFi
1
6
25
5 Nov 2021
Here is my submission to the @gelatonetwork Vernissage:
forum.gelato.network/t/gelat…
3
16
20 Oct 2021
⚠️ Oct 20, 9 AM UTC, an attacker exploited PancakeHunny and stole 2.3M
The root cause: inappropriate usage of a low liquidity pool makes it vulnerable to price manipulation to create artificial profits
Read more: watchpug.medium.com/pancakeh…
1
2
7
15 Sep 2021
WATCHPUG is proud to have received a quarter million ($250K) bug bounty award from @PancakeBunnyFin for a critical bug in the Zap function.
Thank you! @PancakeBunnyFin @immunefi
15 Sep 2021
Hi Bunny Fam! 🐰🚀
We would like to announce that we have just awarded a critical Immunefi bounty.
The award was in relation to a bug in polyBUNNY zap function. The related contracts are now upgraded and the issues are resolved.
3
5
21
4 Aug 2021
At 2 AM UTC on Aug 4, @Wault_Finance‘s WUSD on BSC was exploited and drained $800k (370 ETH) out of the WUSD/BUSD LP.
WUSD is a stable coin backed by USDT and WEX.
We believe it's an economic attack rooted in the design of WUSD.
Read our analysis: watchpug.medium.com/wault-wu…
2
4
Today, we want to share with you couple repos that will help you master blockchain pentesting and smart contract dev.
github.com/bkrem/awesome-sol… - Contains a huge amount of information, updated regularly
github.com/openblocksec/bloc… - All known blockchain incidents, updated regularly
1
54
164