Let’s make web3 industry more secure!
Community
DeFiHackLabs
Community Whitehat (145)
Sun
- Founder @DeFiHackLabs
- CISO @XREX
- Co-Founder & CTO @Unitas Foundation
- Advisor @ScamSniffer
- Top 3 contributors @Chainabuse
- DeFiHackLabs & Ethereum Web3 Security Bootcamp Organizer and Mentor
- Cybersecurity Podcaster
- 2025 RemedyCTF 7th place
- 2024 SCAN Finals 1st place
- 2024 BlazCTF 4th place
- 2024 Ethernaut CTF 9th place
- 2023 CodeQuest Hackathon 1st place
- 2023 BlazCTF 4th place
- 2023 Paradigm CTF 11th place
- 2023 Numen CTF 4th place
- 2023 ETHTaipei War Room 3rd place
- 2023 QuillCTF Dubai CTF 5th place
- 2023 QuillCTF Metatoken 2nd place
- 2023 MetaTrust CTF 6th place
- ONLYPWNER CTF Leaderboard
DeFi Hacks Analysis - Root Cause
English version (500+ Incidents)
中文版 (Traditional Chinese)
中文版 (Simplified Chinese)
한국어 (Korean)
日本語 (Japanese)
Vietnamese version
Spanish version
DeFiVulnLabs Solidity Security Testing Guide
English version
Web3 Cybersecurity Academy
Substack
OnChain transaction debugging
Solidity smart contract security and auditing techniques
Move programming language secure development
Enhancing user asset security
Informative Tweet
[Tools] Identify a DeFi scam token
[Tools] Mev watcher & Real time threat alert
[Tools] Intro transaction debugging tools
[Course] Web3 security awareness course for users
1.Nine Common Web3 Hacks and Scams
2.Blind signing
3.[Quiz] User security awareness testing
4.Event spoofing - fake records on etherscan!
- Top5 crypto drainers you should know
[Course] Web3 security course for devs
1.Read-only reentrancy
2.Divide before multiply
3.Unchecked return value
4.Data location - storage vs memory
5.Unchecked external call - call injection [REF]
6.Deflationary/fee-on-transfer tokens
7.Phantom function - Permit Function
8.Empty loop
9.First deposit bug
10.Price manipulation - balanceOf
- ecrecover returns address(0)
12.Oracle data feed is insufficiently validated
13.Precision Loss - Rounded down to zero
14.Slippage - Incorrect deadline & slippage amount
15.abi.encodePacked() Hash Collisions
16.Struct Deletion Oversight
17.Array Deletion Oversight
18.txGasPrice manipulation
19.Return vs break
20.Incorrect use of payable.transfer() or send()
21.Unauthorized NFT Transfer in custom ERC721 implementation
22.Missing check for Self-Transfer allows funds to be lost
23.Incorrect implementation of the recoverERC20()
24.Missing flash loan initiator check
25.Unsafe downcasting
26.Incorrect sanity checks
27.Web3 DevSecOps is very important!
[中文] 大家來找碴