backgroundbackground

Blog Posts TaggedSmart Contract Auditing

MetaTrust and Hash AI Establish Strategic Cooperation to Further Best Security Practices in Web3 and Beyond

MetaTrust, a leading AI-driven security solutions provider, has formed a strategic partnership with Hash AI, a globally recognized intelligent mining platform. Together, they aim to construct a comprehensive security framework utilizing MetaTrust's advanced tools, GPTScan and TrustLLM. This partnership covers various aspects of security including exchange platforms, mobile devices, wallet security, and smart contract auditing, with the goal of enhancing blockchain security standards and promoting the healthy development of the Web3 ecosystem. The collaboration is expected to evolve, with MetaTrust already completing security audits of Hash AI protocols and Hash AI planning to provide computing power to MetaTrust.

MetaTrust Labs
3 months ago
Report

Lesson Learned from ChatGPT Incident: Managing Open Source Vulnerabilities with MetaScan

OpenAI announced on March 24th that a weakness in the Redis client open-source library, redis-py, was responsible for the data breach. In addition to performing a thorough security assessment of smart contract code, MetaScan's Open Source Analyzer is specifically designed to pinpoint vulnerabilities in the open source software components utilized in the project.

Xue Bing
over 1 year ago
Educational

Deep Security Analysis of the ASKACR attack

On March 21, 2023, at 01:39:47 PM +UTC, the attacker(0xb189943) created and manipulated many new contracts, which gained ASKACR tokens from the ASKACR contract itself. Finally, the attacker gained 28,633 BSC-USD from the attack.

Daniel Tan
over 1 year ago
Analysis

A Powerful Formal Verification Engine for Solidity Smart Contracts

Smart Contracts are computer programs that enable decentralized applications on the blockchain. They are usually written in Turing-complete programming languages like Solidity, which is similar to JavaScript. In Solidity, a contract is a first-class object that can extend its capabilities by inheriting other contracts or delegating tasks to them. However, the complexity of this composability also makes smart contracts vulnerable to many security threats.

MetaTrust Labs
over 1 year ago
Educational

Warning: MetaTrust’s On-chain Monitoring Engine Discovers Contract Vulnerabilities: Zombier Smart Contract Exposes Critical Security Flaws

On February 28, 2023, MetaTrust’s on-chain monitoring engine discovered a serious security vulnerability in the recently open-sourced Zombier smart contract on the Ethereum blockchain. The contract has a reentrancy attack vulnerability and several parameter verification vulnerabilities, among other issues. If the client continues to use this contract, it may face significant security risks. For details, please see the vulnerability cause analysis report.

Daniel Tan
over 1 year ago
Analysis

The BNB chain suffered from a deflation token attack, and Metatrust discovered several dozens of tokens on the EVM chain that were unaffected

On February 10, 2023, some reflection mechanism tokens on BNB Chain were attacked and spread to multiple tokens. MetaTrust conducted a thorough analysis and found several dozens of tokens that were not yet attacked through its exclusive IP Analyzer engine.

BradMoon
over 1 year ago
Report

Defrost Finance Event Analysis

An analysis of the Defrost Finance project hack that occurred on December 23, 2022. The hack involved a re-entrancy attack and a rug pull, resulting in the loss of over $12 million. This post provides transaction information, attack processes, and an analysis of the vulnerabilities that led to the hack. MetaScan has the ability to scan for these types of risks.

BradMoon
over 1 year ago
Analysis

From the Source: Analysis of DFX Finance Attack

An analysis of the DFX Finance attack, focusing on the smart contract code. The attacker exploited a vulnerability in the Curve contract that allowed them to re-enter the deposit function and deposit borrowed tokens, which were then treated as repayment. The attack demonstrates the importance of carefully evaluating the impact of each callback and checking dependent state variables to avoid similar problems.

BradMoon
almost 2 years ago
Analysis