WEB3! Damn Vulnerable DeFi 3.0 Write Up
Resources Challenge site: https://www.damnvulnerabledefi.xyz/ Foundry version of challenge: https://github.com/StErMi/forge-damn-vulnerable-defi Original, hardhat version of challenge: https://github.com/tinchoabbate/damn-vulnerable-defi Prerequisite Originally I wanted to put all the source and explain each line of code. Then I realized it would take really long to complete the notes/write-up. So I decided I would just talk about the key points in each…
CVE-2021-38001: A Brief Introduction to V8 Inline Cache and Exploitating Type Confusion
Some Background Info CVE-2021-38001 is reported on TianFu Cup 2021. This bug exploits a type confusion issue happened in V8’s inline cache and can result in remote code execution. In my last V8 pwn blog, I analyzed and reproduced CVE-2020-6507. Its root cause is an OOB read/write issue happened in V8’s JIT phase. But to…
Follow My Blog
Get new content delivered directly to your inbox.