0x0035
July 26th, 2022

An introduction to evm-trace, a fast and correct Python library to work with Ethereum Virtual Machine traces.

There are two common trace formats, which we’ll refer to as Geth-style and Parity-style traces. Geth traces provide opcode-level resolution, while the most commonly used Parity trace format provides a call tree.

Our goal today would be to make opcode-resolution traces 100x faster, making them from a little-known Parity trace format. We’ll also make them compatible with Geth traces so they can be used as a drop-in replacement.

0x0035
July 5th, 2022

The last time I wrote about Ethereum logs was in 2018. This time we go deeper and try to recover a ghost event that devs have forgotten to add to the Yearn Vaults contract.

log Fees(management_fee, performance_fee, strategist_fee)

There are several methods to recover values from an internal view method or even add custom views to batch read private storage. One of the more interesting ones is a “state override” option of eth_call, which allows you to replace the code and storage for the context of the call.

To my deep disappointment, you can’t just set a breakpoint on a line you want, start a debugger to capture the local variables, and call it a day. This may change soon with a Vyper interpreter being in the works.

0x0035
June 8th, 2022

Wintermute had their mainnet safe deployed from a Proxy Factory 1.1.1, which is older than the earliest official Optimism deployment of 1.3.0.

Luckily for our hacker, Safe deliberately utilizes non-EIP-155-compliant deployment transactions, which can be replayed on any network which doesn’t enforce EIP-155.

They did exactly that, replaying the deployment of Proxy Factory 1.1.1 on Optimism.

Similar to externally owned accounts, contracts on Ethereum maintain a nonce, which is increased when they spawn new contracts with either CREATE or CREATE2. Both addresses can be predicted from either (address, nonce) or (address, salt, initcode).