1 views collected around this technical thread.
The article reviews the rapid rise of Web3, outlines the severe security challenges and economic losses caused by attacks on cross‑chain bridges, DeFi platforms, and smart contracts, and details Ant Group's Sky Dome Lab research on platform, contract, and client‑side defenses along with future AI‑driven initiatives.
This study investigates the capability of ChatGPT, a large language model, to detect common smart‑contract vulnerabilities, evaluates its performance against traditional tools across multiple datasets, and discusses its strengths, limitations, and future potential in blockchain security auditing.
The paper presents ODDFuzz, a structure‑aware directed greybox fuzzing framework that combines lightweight static taint analysis with targeted fuzzing to efficiently discover previously unknown Java deserialization (ODD) vulnerabilities, achieving higher recall and precision than existing tools and uncovering six new CVE‑rated bugs in popular Java frameworks.
This paper presents a reinforcement‑learning‑based fuzzer (RLF) that generates transaction sequences likely to trigger smart‑contract vulnerabilities, combining vulnerability‑driven and coverage‑driven rewards to improve detection efficiency and outperform existing state‑of‑the‑art tools.
The 2022 Vivo Qianjing Cup Cybersecurity Challenge, launched on September 15 under the “Assemble! Geek Youth” theme, invites nationwide security enthusiasts to uncover vulnerabilities in Vivo products through online puzzles and an offline final, offering a 200,000‑yuan prize pool plus uncapped bounty rewards and judging by experts from AWS, Ant Group and leading universities.
This article explains what OS command injection is, how it can be detected and exploited on both Linux and Windows systems, demonstrates common payloads and techniques—including blind and out‑of‑band methods—and provides best‑practice defenses to prevent such vulnerabilities.
The article explains why and when to scan product code for vulnerabilities, describes static source‑code and binary scanning methods, introduces deep code‑search techniques, outlines the system architecture and incremental indexing pipeline, and shows how these practices can substantially raise overall product quality.