security

MetaMask Security Monthly: October 2022

by

Luker Jen Oct 27 · 2 min read Whoo, we’ve been busy this month! We have some Devcon talks, new articles, and community outreach coming your way! Security Laboratory Harvard Psychological Laboratory, 1892 Endo “Quadruple backflip” has landed and was released. We’re looking into introducing the new version of SES into LavaMoat.https://github.com/endojs/endo/pull/1293https://github.com/endojs/endo/releases/tag/ses%400.17.0 Meanwhile, we’re also … Read more

MetaMask Security Monthly: September 2022

by

Luker Jen Sep 29 · 2 min read This month, a little news from the Lab and some scams to be aware of… Security Laboratory Manchester Mark 1 Computer, 1948. Endo Big news in Endo is the latest attempt to refactor SES shim’s evaluator into a multilayered scope stack, also referred to as “quadruple backflip”. … Read more

MetaMask Security Monthly: July 2022

by

Luker Jen Jul 28 · 4 min read GM, GA, GE, or GN, wherever you are! Here’s the latest from our Security Laboratory, some new bounty program stats, and a few things to help you keep security top of mind! Security Laboratory The FBI Laboratory in the early 1930s in Washington, D.C. Endo CommonJS support … Read more

MetaMask Security Monthly: June 2022

by

Luker Jen Jun 29 · 6 min read Get ready for this month’s jam-packed issue, where you’ll find details about our continued progress from the Lab, a not-too-shabby MTTR, our HackerOne bounty program, and more! Make sure you see our deprecation announcement. Security Laboratory Endo Support for “where are my source files” use cases complete! … Read more

MetaMask Awards Bug Bounty for Clickjacking Vulnerability

by

JS_MetaMask Jun 2 · 3 min read MetaMask has granted a bounty of $120,000 to the United Global Whitehat Security Team (UGWST), including René Kroka and José Almeida, for their responsible disclosure of a critical security vulnerability. There were no known instances of this vulnerability being exploited, and the MetaMask team has already patched the … Read more

Ethereum’s client diversity: with 66% running Prysm, is The Merge safe to pursue?

by

Around the middle of this year, Ethereum, the second-largest blockchain in terms of monetary value, and with hundreds of billions of dollars worth of assets depending on its operation, will transition from the Proof-of-Work consensus algorithm securing the system today, to the Proof-of-Stake system of tomorrow – a procedure described by many as changing the … Read more

Is Polygon safu? Critics: Multisig isn’t secure enough, $5B in jeopardy

by

Polygon is perhaps the most popular alternative to transacting directly on the Ethereum baselayer (L1), giving users the opportunity to do fast transactions with low fees. Polygon (MATIC) is best known as a so-called side-chain to Ethereum, i.e. an Ethereum Virtual Machine (EVM) compatible blockchain running its own set of validator nodes. However, the Polygon … Read more

Critical bug in Ethereum L2 Optimism, $2M bounty paid

by

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted by Jay Freeman of a critical bug in Optimism’s fork of the Ethereum Geth client software. As per the Optimism announcement “Funds Are Safu.” The bug made it possible … Read more

If Ethereum Foundation is accurately timing the market, here’s what it means

by

‘Buy the dips and sell the rally,’ would be any seasoned trader’s piece of advice for timing the market. But, this timing can seldom be accurate in real-time. But, interestingly, a recent observation by trader Edward Morra seems to suggest that Ethereum’s all-time highs are matching with the sell-offs by Ethereum Foundation. $ETHFriendly reminder that … Read more