ConsoleCowboy's Basic Blockchain Exploitation
With eth-brownie for build / test / deploy pipeline support
This is just me following along with the ConsoleCowboy's Node and Remix smart contract exploitation series. I added eth-brownie so I could practice deployment and test automation using the Brownie framework too.
(Javascript kind of disgusts me. It's not as bad as PHP, but it's still quite bad. Python is much more consistent, even if most versions are slower than JS and NodeJS -- the LibUV core was written in C though! I simply use JS and NodeJS because I have to. Not because I like it.)
Ficti0n's short courses that feed into this code:
Do the basics over and over so your fundamental skills are so good that the more difficult skills come easily.
https://www.4byte.directory/ <------ USE THIS IN FORENSICS WORK
Solidity Visual Developer Extension - Surya is rad and will help with future contract analysis.
- NOTE: The FakeFrontRunningBot code (found on https://www.youtube.com/watch?v=ixhjfn0K8Nw after searching YouTube for 'front running bots') came from https://github.com/NickNitroCodes/MEVBot/blob/main/Bot.sol and IS CLEARLY MALICIOUS --- DO NOT RUN / USE. I only included it in this repository for research purposes. (Also, I'm not doing any kind of take-down request because it's easy enough to make more fake accounts and I'd rather see the sociopath get lazy / make mistakes.)
However, I would not have seen that within 3 minutes if it wasn't for ConsoleCowboys / Ficti0n's demonstration of the Solidity Visual Developer's graph functionality.
Also, the fake MEV bot scammer's code has gotten more advanced and they are now obfuscating their transfer receipt address with Solidity boolean operations. It's not encrypted or even using any kind of encoding that would something like require brute-force operations to reverse (a basic CyberChef recipe could do the trick), but it's still interesting that the sociopathic threat actor is getting more advanced since the video came out.