y1cunhui.eth @yicunhui2 Twitter profile

Pinned Tweet

y1cunhui.eth

@yicunhui2

2 years

最近翻译了一套关于 uniswapV3 的开源教程，欢迎对 uniswap/DeFi 有兴趣的朋友们一起交流学习~

简介

y1cunhui.github.io

18

73

217

Last Seen Profiles

@itts_israel

@MaryamI40700922

@sikerajr

@XcellentDiva

@sagepub_japan

@YuniPo9

@MateiDan13

@Lilacsolc_

@NevileEliza

@philmut

@Burberry

@Biriana395679

@SymphonyBSC

@JoelMontague10

@bokeplokalmalam

@edmundguru

@Septmeniac

@yemen775050

@ddengart

@FOREVER_J0ESTAR

@bokeplokalmalam

@stw_pdg

@MyriadWings

@stwmaniax

@bokeplokalmalam

@cj_quest

@beesbiann

@spidermnfavs

@AaronCurryDish

@nknk__1817

@SarahBWhitfield

@HunterxIem

@nishuang

@RotaryKO

@BinorRaja

@abutomato

y1cunhui.eth

@yicunhui2

2 years

新学年我将担任北大区块链协会 @PKUBlockchain 的技术部负责人。欢迎各位web3开发者同学加入，一起来搞开源教程，技术分享以及黑客松等等，共同学习进步。LFG🎉

0xAA (🇼 🇹 🇫,📜)

@0xAA_Science

2 years

新的学年，我将担任北大区块链协会会长。我的想法： 1. 协会是公共品，不是牟利工具，重点在放在技术和ReFi 2. 这一年将产出很多中文web3教程和研究报告，开源免费 3. 帮助新人进入web3 老人建立个人品牌， 4. 2023春季黑客松 5. 帮助更多高校建立区块链协会建议和合作填表：

91

141

615

12

6

61

y1cunhui.eth

@yicunhui2

1 year

Analysis and reproduction of $JIMBO @jimbosprotocol hack Thanks for the help from @gbaleeeee

Jimbo exp by y1cunhui · Pull Request #314 · SunWeb3Sec/DeFiHackLabs

github.com

4

9

23

y1cunhui.eth

@yicunhui2

10 months

Build Together！👏👏

PKU Blockchain

@PKUBlockchain

10 months

【换届公告】感谢所有PKU Blockchain DAO成员上一学年的支持与付出~ 经过内部讨论，本学年新一届的会长团成员为：会长： @yicunhui2 副会长&技术部： @Jacob_Mr_Yang 副会长&品牌活动部： @0x_claudia 副会长&研究部： @KiwiCryptoBig 开启 @PKUBlockchain 的新篇章🚀🚀LFG

5

3

35

2

0

17

y1cunhui.eth

@yicunhui2

1 year

The best way to learn EVM is implementing it yourself Thanks for the great practice created by @w1nt3r_eth Although still cannot say I understand EVM totally, but at least have more confidence in reading bytecode

2

5

16

y1cunhui.eth

@yicunhui2

4 months

ETH Beijing现场参赛者友好互动

2

16

y1cunhui.eth

@yicunhui2

6 months

当然fud的最大原因是：我没上车

0

8

y1cunhui.eth

@yicunhui2

7 months

其实最近有一段时间没做开源贡献了，所以这次也没觉得能轮到自己。抱着点开试试的心态看一下。感谢猪脚饭，又有动力继续build了 @Starknet

1

11

y1cunhui.eth

@yicunhui2

2 years

今天晚上我讲，讲点区块链相关的密码学。面向协会新人的纯科普性质内容，基本不讲数学也不讲理论，有兴趣欢迎来听听

PKU Blockchain

@PKUBlockchain

2 years

🔥Web3新人公开课🔥 由PKUBlockchain DAO主办，邀请了web3技术博主，区块链安全公司，还有北大的同学和教授一起带新人入门Web3🌈 内容涵盖密码学，以太坊，智能合约，DeFi，和区块链安全⭐ 10月31日晚开课，对公众开放🙌 合作社区和赞助方招募中❤️

42

153

457

2

1

10

y1cunhui.eth

@yicunhui2

1 year

@trust__90 No intention to blame you, but if it's the former case, white-hacking a vuln to save funds is a really difficult task and I thought you may have read this well-known article from @samczsun :

Escaping the Dark Forest

On September 15, 2020, a small group of people worked through the night to rescue over 9.6MM USD from a vulnerable smart contract. This is our story.

samczsun.com

2

1

6

y1cunhui.eth

@yicunhui2

6 months

算错的大概是因为忘了在调用buy的时候msg.value已经计入balance了，但是sell的时候是算完才调用的_transfer

0

5

y1cunhui.eth

@yicunhui2

2 years

推荐一下EPF(Ethereum Protocol Fellowship) cohort3 引导你进行以太坊底层相关的开发，有众多的mentor和core contributor支援你尽管现在申请已经结束了，但是申请没过也只是没有stipend拿，除此以外是几乎一模一样的，有兴趣可以跟着做

GitHub - eth-protocol-fellows/cohort-three: Repository for the third EPF cohort

Repository for the third EPF cohort. Contribute to eth-protocol-fellows/cohort-three development by creating an account on GitHub.

github.com

2

0

5

y1cunhui.eth

@yicunhui2

6 months

@Slerfsol 正在学习如何发掘下一个Slerf 🤣

1

0

6

y1cunhui.eth

@yicunhui2

6 months

还好前段时间彻底把合约戒掉了不然昨晚估计都睡不着觉 🤪

1

0

4

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz Really the most interesting attack I analysed/reproduced recently. I think it's a protocol-specific price manipulation vulnerability and it deserves my time. Finally, on-chain analysis without @Phalcon_xyz is really difficult...wish tx analysis in arbi to be available aSAP🤣

1

0

5

y1cunhui.eth

@yicunhui2

1 year

@gjaldon @compoundfinance I work into this field by the Uniswap 1/2/3 series articles from @jeiwan7 , I think this is also a good start

2

0

4

y1cunhui.eth

@yicunhui2

1 year

@Phalcon_xyz Really helpful especially when doing research on MEV and on-chain attacks🥰

0

4

y1cunhui.eth

@yicunhui2

1 year

@i2huer @cszlin @KaiyuanZh @USENIXSecurity @PurdueCS Seems interesting! How do you identify an attack? For me I would analyze the fund flow and trace to analyze if an account has extrodinary profit in this tx, not sure if it's the way you did this. BTW, @BlockSecTeam also has the similar mechanism, is there any comparison to it?

1

0

3

y1cunhui.eth

@yicunhui2

2 years

Flow生态现状😇 (开玩笑的，有活跃开发者群的话欢迎拉我)

2

0

4

y1cunhui.eth

@yicunhui2

1 year

@Sabnock66 Don't know what to write..

1

0

3

y1cunhui.eth

@yicunhui2

2 years

摸鱼选手 thanks @paradigm_ctf

1

0

3

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee 1/n First we need to know how $JIMBO works. $JIMBO is a SMMLBT(Self Market-Making Liquidity Bin Token) bind with @traderjoe_xyz . In TraderJoe, `bin` can be understood as `tick` in Uniswap V3.

1

0

3

y1cunhui.eth

@yicunhui2

1 year

@Phalcon_xyz Need support for arbi🥺

0

2

y1cunhui.eth

@yicunhui2

1 year

Another day for independent auditors?🤣

0

3

y1cunhui.eth

@yicunhui2

1 year

@gogotheauditor @sockdrawermoney @PaladinCharles @code4rena Agree

0

3

y1cunhui.eth

@yicunhui2

1 year

@StErMi usually I just modify the existing hardhat tests when auditing...enough for me to just verify some cases. forge is not irreplaceable

0

2

y1cunhui.eth

@yicunhui2

1 year

After in-depth discussion with some other security researchers, I found there were still many wrong/vague points in my explanation. So this thread is left as a basis for further research.

y1cunhui.eth

@yicunhui2

1 year

Analysis and reproduction of $JIMBO @jimbosprotocol hack Thanks for the help from @gbaleeeee

4

9

23

0

1

y1cunhui.eth

@yicunhui2

1 year

@Sabnock66 Some old contests use ETH to pay. The Optimism contest in sherlock use OP to pay part of the pool.

2

0

3

y1cunhui.eth

@yicunhui2

1 year

Does this game really exist?🫠

The Game Awards

@thegameawards

1 year

Hollow Knight Silksong has been delayed past June 2023.

988

4K

32K

1

0

1

y1cunhui.eth

@yicunhui2

1 year

A detailed explanation and PoC to TornadoCash Governance Exploit

0

1

3

y1cunhui.eth

@yicunhui2

6 months

@hyperlazycot 死亡概率公布了，在phase 1规则里面

0

2

y1cunhui.eth

@yicunhui2

2 years

@mfers_moonbirds all minted. Good job!

0

1

y1cunhui.eth

@yicunhui2

2 years

@turingou 还记得听郭宇老师的播客谈到了自己对待性，恋爱，婚姻这些的态度以及日本的情况，没想到还是有谈恋爱了🤣

0

2

y1cunhui.eth

@yicunhui2

1 year

@arzdev zero in function signature; function order in bytecode function selector

0

2

y1cunhui.eth

@yicunhui2

1 year

@trust__90 Does this means that, without your white-hack operation, these funds were still there; or it's because you have noticed someone is indeed hacking this vuln and try to white-hack it instead?

1

0

2

y1cunhui.eth

@yicunhui2

2 years

@Sm4rty_ You may also tag @sherlockdefi for their reports😆

1

0

2

y1cunhui.eth

@yicunhui2

1 year

@ret2basic @opensensepw I found this when I use chisel but did not dive deep into it. Thanks for the detailed explaination🥰

1

0

2

y1cunhui.eth

@yicunhui2

2 years

@Sm4rty_ BTW, as a comment of this finding says, normally value set error should be identified as low-risk, but this is confirmed as medium-risk because it gives a detailed effect this value error can lead to.

1

0

2

y1cunhui.eth

@yicunhui2

1 year

@_hrkrshnn The `return` issue is definitely something I have never heard of. Thanks for this excellent RACE design!

0

2

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 8/n Now by calling shift again(obviously activeBin > triggerBin), anchorBins and floorBin are built based on this really high price

1

0

2

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz @Phalcon_xyz Reference: Unfortunately many previous analysis articles just arribute it to a normal flashloan price-oracle-manipulation attack...so no reference to them.

fish 🐟

@cryptofishx

1 year

1/ $JIMBO V2 was exploited for $8M Effectively, the exploit works by: • Buying JIMBO low • Selling JIMBO high Below I explain how and possible mitigations // THREAD //

9

11

58

0

2

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 7/n After that, it bounght all $Jimbo in the 'normal' liquidity range(red regions in above protocol images, 51 bins in total), and now the activeBin is the rightmost bin, where the attacker add liquidity before

1

0

2

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 🥳Now it's finished! Although having successfully reproduced this attack, there are still many detailed points that I did not understand in the process which maximize the profit of this hack. The attacker is really familiar with all corners of Jimbo protocol to finish this hack.

1

0

2

y1cunhui.eth

@yicunhui2

2 years

@bytes032 @code4rena What even shocks me more is that, the second author seems to be a....high school student????🫣🫣

1

0

2

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 9/n Next step is depleting the anchorBins to achieve the floorBin. I don't know how hacker calculate the exact token needed for this swap (cannot use swapTokenForExactNATIVE since getSwapIn will return the wrong number) but you can check my PoC for a method easier to understand

1

0

1

y1cunhui.eth

@yicunhui2

1 year

@IAm0x52 @SpearbitDAO Congrats!

0

2

y1cunhui.eth

@yicunhui2

1 year

@DevDacian Although it does have division-before-multiply, there is no precision loss inside the first parenthese, so this is not a valid issue..

1

0

2

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 5/n Now, we can get into the hack tx to see what happened: First, the attacker flashloaned 10000 ether and addLiquidity to the rightmost bin, which cannot be touched forever in normal cases

1

0

2

y1cunhui.eth

@yicunhui2

1 year

@1nf0s3cpt detailed analysis here

y1cunhui.eth

@yicunhui2

1 year

Analysis and reproduction of $JIMBO @jimbosprotocol hack Thanks for the help from @gbaleeeee

4

9

23

0

2

y1cunhui.eth

@yicunhui2

2 years

@Sm4rty_ This told us that the ability to write convincing report is almost as important as to find bugs. So I recommend who read this thread also read the related @code4rena summary report to learn more

1

0

2

y1cunhui.eth

@yicunhui2

5 months

Do not overlook long-term value even in a bull market😃 great proposal

ValeriS ✈️

@ValeriShieh

6 months

Just cooked a #PublicGoods housing protocol proposal with my teammate #SummerOfProtocols : Is ERC-404 not aligned? Possibility of Unlocking Liquidity for RWAs and Housing the Commons. Turning vacant homes into tradable rental rooms NFT assets

3

0

12

0

1

y1cunhui.eth

@yicunhui2

1 year

@ret2basic @1nf0s3cpt Yes many reentrancy bug is not vulnerable actually because of this (underflow)

1

0

2

y1cunhui.eth

@yicunhui2

2 years

@HongKong_Doll 姐你好久不出现了🥺

0

1

y1cunhui.eth

@yicunhui2

2 years

thanks a lot for the excellent book by the original author @jeiwan7 😆

0

2

y1cunhui.eth

@yicunhui2

2 years

Am I the last one finding this new @github code view beta feature? Now you may go through the repo more convenient, rather than clone it and open at VS Code. Although the network latency is also a issue when switching among files...

0

2

y1cunhui.eth

@yicunhui2

1 year

@bytes032 how to work without internet...

2

0

2

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 2/n What $JIMBO does is automatically changing liquidity distribution when price changed. The detailed explanation of its mechanism can be found in the doc:

1

0

2

y1cunhui.eth

@yicunhui2

6 months

@yuyue_chris 下次先上车再研究

0

1

y1cunhui.eth

@yicunhui2

2 years

@qiaowang1999 What's the priciple of lowering latency of new blocks? It seems to be a network issue but not node issue...

1

0

1

y1cunhui.eth

@yicunhui2

1 year

@alcueca Push seems indeed a better choice than pull. BTW, what scenarios do you think flashloan will be used apart from arbitrage/liquidation/attack? Just want to know why we need new flashloan standard

1

0

1

y1cunhui.eth

@yicunhui2

9 months

@hyperlazycot 一起继续努力

0

1

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 10/n When achieving the floorBin, I can call `reset` to 'flatten' the liquidity above(mentioned in 4), and buy all available cheaper $Jimbo

1

0

1

y1cunhui.eth

@yicunhui2

6 months

@hyperlazycot @gob_btc 感觉有意思，买了一个。不过不知道这个机制怎么在链上实现的，还是通过indexer

0

1

y1cunhui.eth

@yicunhui2

1 year

@bytes032 wow, how many solo audits have you done?

0

1

y1cunhui.eth

@yicunhui2

2 years

@0xAA_Science @binance @guston2001 @Brian_Sixten

1

0

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 11/n Finally, calling `shift` to rise the price and sell all $JIMBO to get profit.

1

0

1

y1cunhui.eth

@yicunhui2

1 year

@gogotheauditor @StErMi @Support maybe he means 'between devices'

0

1

y1cunhui.eth

@yicunhui2

10 months

@PatrickAlphaC why🧐

1

0

1

y1cunhui.eth

@yicunhui2

2 years

@LillianXu77 美女太好看了吧

0

1

y1cunhui.eth

@yicunhui2

2 years

@yuyue_chris 感谢愉宝🙇🙇🙇🙇🙇🙇🙇🙇🙇🙇🙇🙇🙇

0

1

y1cunhui.eth

@yicunhui2

1 year

@gogotheauditor The question from RACE-16🤣

0

1

y1cunhui.eth

@yicunhui2

2 years

@x1edao y1cunhui.eth

0

y1cunhui.eth

@yicunhui2

2 years

Really a wonderful repo for who want to learn computer science systematically.

OpenRouting

@openrouting

2 years

Congrats to PKUFlyingPig/cs-self-learning, which has grown by 224 stars in the last 7 days and has reached 25.9K stars. Thanks to the contributors: @Angrz3_K @lz__233 @yicunhui2 @toncoin_cn @Francis_YAO_ #HTML

0

2

0

1

y1cunhui.eth

@yicunhui2

1 year

@Sabnock66 lmao

0

1

y1cunhui.eth

@yicunhui2

2 years

@i2huer @ICSEconf Noticed that you mentioned some static analysis tools in the paper. Will they be open-sourced later, or that's part of the future academic work you're working on?

1

0

1

y1cunhui.eth

@yicunhui2

6 months

@hyperlazycot 是吧，他说烧掉了的后续可能3阶段还有赋能

0

1

y1cunhui.eth

@yicunhui2

7 months

@0xXQ1 xs，改成web3新人可能不会被拿下

1

0

y1cunhui.eth

@yicunhui2

6 months

@sull "3Fy" seems like a prefix of bitcoin address. In block 424242, there are totally 5 addresses start with "3Fy" appeared in all txs. These addresses has 72 txs totally and their last txs all happened on block 424242, and that's all tx to "35em". was this magical...?

0

y1cunhui.eth

@yicunhui2

6 months

@0xAA_Science 蛮可爱的

0

1

y1cunhui.eth

@yicunhui2

2 years

@bytes032 Is it open source? I would like to fork one

0

1

y1cunhui.eth

@yicunhui2

1 year

@EudemoniaCC @PKUBlockchain @cryptohaiyu @KiwiCryptoBig @tipcoineth 欢迎隔壁的卧底！

1

0

1

y1cunhui.eth

@yicunhui2

2 years

@LinkkeyOfficial @ensdomains @ens_support @0xPolygon @VitalikButerin @opensea @apenftorg @TheBinanceNFT y1cunhui.eth

0

1

y1cunhui.eth

@yicunhui2

1 year

@milotruck @trailofbits @TheSecureum Have been looking forward to this for a long time! Your tests really give me more insiration in writing invariants.

1

0

1

y1cunhui.eth

@yicunhui2

5 months

@xuwinniexu interesting blog

0

1

y1cunhui.eth

@yicunhui2

1 year

@JimbosDaddy @jimbosprotocol @gbaleeeee @traderjoe_xyz the 896 is calculated by `type(uint24).max - activeId`, which means the attacker add liquidity to the rightmost bin

0

1

y1cunhui.eth

@yicunhui2

2 years

@qiaowang1999 I'm not sure if I understand it correctly, the contribution of your work is a strategy of filtering miners/validators from enormous peers on the network, by analyzing the performance of your peer nodes and do some adjustment

2

0

1

y1cunhui.eth

@yicunhui2

2 years

@TabinekoKIKI 0xCeD6b596d9C96E2C221b50fcE0d0685F9d1C09B0

0

y1cunhui.eth

@yicunhui2

1 year

@jimbosprotocol @gbaleeeee @traderjoe_xyz 3/n some keypoints: when activeBin above triggerBin, you can call `shift` to build the anchorBins and a new floorBin(to prevent price from decreasing too much);