CertiK Blog and News

Join Our Community Today!

CVE-2020-5902 Analysis, F5 BIG-IP RCE Vulnerability

CertiK | Jul 7

the cybersecurity sphere was in a buzz about the new entry in the Common Vulnerabilities and Exposures database: CVE-2020-5902, a remote code execution vulnerability in F5 BIG-IP devices. Read on to learn what our security researcher discovered.

Copycat Attack on Balancer: Why DeFi Needs to Change

CertiK | Jul 2

Unlike the prior Balancer attack, attackers cleverly used the Compound financial model and spontaneously generated COMP tokens. Because these three attacks on Balancer occurred within a span of just two days, it certainly raises concerns about the future of DeFi.

Vulnerability in Electron-based Application: Unintentionally Giving Malicious Code Room to Run

CertiK | Jul 1

One of our security engineers discovered a remote code execution vulnerability in the Symbol desktop wallet and reported the vulnerability through their bug bounty program. Though the HackerOne report is not yet public, we give many thanks to the Symbol team for allowing us to disclose and share our findings.

Little Pains, Great Gains: How the Balancer DeFi Contract Was Drained

CertiK | Jul 1

On June 28th at 6:03PM UTC (2:03PM EDT), the CertiK Skynet found that block 10355807 on the Balancer DeFi contract was abnormal. Our team of security researchers acted quickly to investigate; however, the attack had already happened.

Bancor Got Hacked Again | A Thousand Ways to Die

CertiK | Jun 29

The CertiK team investigated further and found that the Bancor team used the following wallet addresses to withdraw money through the bug and clear the contract to prevent hackers from stealing it