Deep Research and Development

OpenSea , the world's largest and most used NFT exchange, suffered a major attack on 2/19/2022, which cost users over 640 ETH worth of NFTs. Additionally, Etherscan may have suffered a coordinated DDoS attack in wake of this exploit in an attempt to block users from revoking access to their NFTs. In this write-up, I'll take a look at the smart contract ( Decompiled ) used in this attack, and break down the inner workings of what it's doing at each step. I aim to figure out how this attack happened, as well as how it can be prevented in the future. Technical Breakdown The transaction I am going to break down can be found on Etherscan . In order to get a better look at what's happening behind the scenes, I'll also use ethtx.info . The transaction begins with the attacker interacting with his contract with some calldata, which appears to be a signature for a token sale. At this time, I believe that this signature was somehow phished and stored from the vic...

If you're an experienced Ethereum developer looking to explore other ecosystems, Solana is definitely worth checking out. While there are some high-level similarities - they're both Layer 1 smart contract platforms after all - when you peek under the hood, the differences become quite stark. Let's dive in and see how Solana compares to Ethereum in terms of architecture, execution, accounts, and more. A Radically Different Architecture First, a quick primer on how Ethereum works to set the stage. Ethereum relies on the tried-and-true proof-of-work (PoW) consensus mechanism, where miners compete to add blocks to the chain. Smart contracts are executed by the Ethereum Virtual Machine (EVM) in a sequential manner. Scaling is achieved through sharding and rollups. Solana takes a very different approach with its proof-of-history (PoH) consensus model combined with proof-of-stake (PoS). Miners are replaced by "validators" who stake their SOL tokens as collateral. Rath...