Cyber Security Blog

Introducing SEO & Redirect 3.1: Empower Your Site with Custom SEO Descriptions for Every Post and Page

Author wefightforsecurityPosted on May 28, 2023June 2, 2023Categories web security

In a constant effort to improve user experience and eliminate frustrating 404 errors, we initially developed SEO Redirect Editor. This innovative program aimed to tackle the issue of broken links, ensuring a seamless browsing experience. Building upon its success, we released version 2, which not only addressed flaws found in other SEO programs but also provided automatic error removal.

Now, we are thrilled to unveil SEO & Redirect 3.1, a major milestone in our journey. With this latest version, we introduce the ability to create SEO descriptions directly within our application.

But you may be wondering, where is the “Save SEO Description” button? Rest assured, we designed SEO & Redirect 3.1 to align with the expectations of modern users. Say goodbye to clunky user interfaces and welcome a streamlined approach. Simply write your SEO description, hit “Save Draft” or “Publish,” and voila! Your meticulously crafted description is instantly published alongside your content, visible to web crawlers. It’s fast, simple, and hassle-free.

So, what lies ahead for SEO & Redirect? Our commitment to enhancing this powerful tool remains steadfast. We’ve already heightened security and improved loading speeds, ensuring a safer and faster experience for our users. But we’re not stopping there. We have exciting plans in the pipeline, including further version releases and feature additions, all aimed at enhancing your SEO capabilities and boosting your online presence.

How We Could’ve avoided The Bored Ape Apocalypse

Author wefightforsecurityPosted on May 1, 2022May 2, 2022Categories web security
Bored Ape Apocalypse pic of ape #6068
Royalty free usage of bored ape 6068 https://opensea.io/assets/0xbc4ca0eda7647a8ab7c2061c2e118a18a936f13d/6068

If you are interested in colossal tech debuts and those who have epic failures, Yuga labs is easily on the top ten list after the bored ape apocalypse they created with the debut of otherside, on April 30th, 2022.

What is Yuga labs, how are bored apes involved?

If you aren’t in the NFT scene, Yuga labs the owners of Bored Ape Yacht club had a new mint for what they call the otherside, which included land for those who aren’t bored apes, allowing more people into their profitable eco-system.

How did things go wrong with The Otherside mint?

Like any gigantic project bringing tons of people in, you need to plan how to do this without driving up the fee for transactions on the ethereum network drastically and how to ensure you don’t crash the network.

Gas hit an all time high of 6000 gwei, if you don’t know what that means it was over 45 thousand dollars for some people to just pay the fee to have the privilege to pay more money to mint. This is basically a tax of using the ethereum network, or at least it is the easiest way to explain it, as our articles are aimed for everyone.

Why did it cost so much Ethereum?

The code for people to buy land was poorly written for lowering cost, this code is commonly known as a smart contract. 3 or 4 tweaks plus using a raffle or wave system to create rounds of people to mint, to avoid spiking the price of gas could’ve saved over 80 million dollars in fees to all the end users, which at the time this tweet thread was written would’ve cut the costs of minting down to 20 million from the then current amount of 100 million. In this scenario safemint wasn’t needed, and erc721enumerable, which is used to track ownership of nfts on chain, wasn’t needed. We never use erc721enumerable, ever.

There are many efficient ways without using the commands above to make a mint safe, and how to track ownership, yet yuga labs instead burned at the point in time when this was written 80 million dollars. Some estimates say by the end of the mint it was 160 million dollars, which could’ve been cut down to only 40 million dollars lost, but if the wave system had been introduced, I hazardly guess 10 million or less would’ve been lost. Of course, if they had also used 721a, far less money would’ve been lost as well despite it being somewhat bloated, it is the best free contract out there.

Why didn’t Yuga labs fix this? They have tons of employees, how could they lack the skills?

That is where things start to get worrisome from a legal standpoint, Yuga labs made an announcement, that basically can be boiled down to “we broke ethereum, we need to create a competitor” when literally less than 2 dozen characters changed would’ve saved up to 140 million dollars. It wasn’t a fault with the network, it was a fault with their code, which created a lot of people asking if this was intentional, did they plan this as a promotion for their own network? If so, this could potentially fall under the UK and US laws against abusing systems, which has jail time and fines.

https://twitter.com/darran0x/status/1520618405774077952?s=20&t=fc8ciCaYndJnCfOUDb0DdQ

We don’t write these words lightly, in fact, we wish it wasn’t necessary but after the display and their statement on what happened, it looked like they intentionally destroyed up to 160 million dollars while crashing the Ethereum network, which could lead to legal action if anyone involved decides to take it.

What is happening now?

The rich and careless with their money are blaming others for complaining about the insane mint price, since the land is now worth more than what they minted at. These people don’t even mention that it cut out the people who didn’t have the money for mint, and refuse to keep yuga labs accountable for the loss of their money that wasn’t needed for what occurred to happen.

What are influential people saying about the bored ape metaverse land mint?

Gary Vee is praising them for innovation without directly mentioning them, yet he knows that gas optimization isn’t hard or innovative, it is the rich and careless with their money glossing over the fact that a ton of money was destroyed.

While Gary Vee is on point with much of his commentary, he completely missed the point here.

This will be updated if need-be, but we believe this sums up the chaos of the bored ape mint and the money lost that shouldn’t have been.

Update: Forgot to mention some of the tweaks were raffles and waves

WILL ANYONE SHOW UP AT NFT LA?

Author Margaret ClearyPosted on March 28, 2022March 28, 2022Categories web securityTags

IRL NFT BURNOUT:

NFT NYC 2021, was a wild ride. The parties, the galleries, the breakfasts, lunches and dinners; it seems there was not a moment where one could escape the ever-present presence of others, usually unmasked. However, for the fresh faced individual and teams who had freshly entered the NFT space, and/or this event was a game changer, and life changer. HYPE. This is the time of 2021 where I remember HYPE became a “buzz-word.” Not one day, not even one hour would go by without a mention of NFT NYC and all the events and “Hype” around the parties, the places, the people.

And then…COVID hit the majority of attendees. Personally I thought this would derail the fast approaching NFT’s entering Art Basel on a larger scale then ever before. However, I was wrong, very wrong. The attendees were Hyped to attend, almost as much as New York. And yet, now one day away from NFT LA, I have barely seen any marketing, excited discussions, or “hype” over the event. I keep asking myself, why?

The Threat Of Stolen Intellectual Property?

In the home of Media, In the United States, Hollywood, the land of milk and honey, where did the hype train stop and why? Could it be because the teams have already been formed by the prior two major events? No, that does not make logical sense, since NFT NYC in June is already being spoken of, immensely. Could it be that Covid actually has people afraid this time? Again, I do not think this to be an accurate assumption, due to the prior correlating sentence/sentiment.

Through my subjective Point of View, I think people may not be excited by the timing of NFT LA, it has allowed for nearly no month to go by without traveling to a new destination to network, to meet others to become exhausted at the portrayal of Hype that so many individuals wear at these IRL events. Perhaps, it may boil down to the Web 3 communities standoff culture towards over Prive, “Hollywood Magic.” As if by attending they are succumbing to ‘the powers that be’ in which they worked so hard to get away from. NFT’s and the Web 3 Movement has and have been about, enabling creative control, Intellectual Property ownership, Distribution and Licensing control. The way the sponsorship packets are set up at NFT LA and the price of tickets alone, the “payola” game is in full effect. Perhaps it may be the biggest turn off to the true NFT creators and collectors.

The definition of NFT LA: Elitism?

When tickets are in the thousands to attend a NFT conference, it turns off those larger projects who are economically sound, and the smaller projects that can’t afford the cost of attendance. This leaves a very small demographic for attendance and insults the local creators who have contributed and built up their area , which in turn defined what that area means to the NFT community. Furthermore, it insults the integrity and soul of the international NFT community and is giving everyone globally a shot of hierarchy alcohol at it’s finest.

Although there are slated events that are affordable, like the patio and the live performances that they are putting on, for the most part, the speakers, the topics, and even the schedule is so elite it isn’t public. This creates more division in an area and community that needs unity and cohesion more than ever in history.

Those who attend the blockchain summit, which is the largest blockchain event in the world, know comparatively that the prices are absorbingly higher for quality that we do not yet know the value of.

Ethereum Smart Contract SelfDestruct, Destroys Your Contract

Author wefightforsecurityPosted on August 28, 2021August 28, 2021Categories web securityTags , , ,

Ethereum logo used to discuss Self Destruct.
Ethereum Logo from Wikipedia

Ethereum Solidity code is used for writing smart contracts in Ethereum and a feature is called SelfDestruct. This is basically a function, that has existed in the Ethereum protocol since 2013. We are diving into Self Destruct and the problems with it.

What does Self Destruct do?

Self Destruct is written as SelfDestruct in the Solidity code. SelfDestruct can be used to dynamically update code, or delete code. A problem with SelfDestruct is no permission is needed for someone else to use it to update your code or delete code from an external contract. You also don’t have to use SelfDestruct within your code, as there are at least two other functions that can be used in an external contract for you to run it. Those functions are DelegateCall and CallCode, which are used a lot. No authentication or form of consent is needed for external contracts to modify your contract.

Someone can write a separate Ethereum Smart Contract written in Solidity that can interact with your Smart Contract. The other Smart contact can steal eth, delete the contract, updating the contract, or alter it. We wrote about stopping Ethereum contracts from being able to interact with your contract in our OnlyOwner article.

Some contracts need to interact with other contracts, which introduces a re-entrancy attack, unless it is secured. Securing against re-entrancy attack can be simple or complex, depending on how your code is written. These are just a few things that you want your smart contract secured against.

SelfDestruct is not the only function that can be used to modify another smart contract, but it is the one we are focusing on today. The creator of Ethereum looking back, wouldn’t have added SelfDestruct and they’re looking at a way to remove it, or make it not as much of a threat as it is now.

Smart Contracts can be written as secure as humanly possible, though based on what we discussed above, it is clear that the Ethereum blockchain is not in any form an immutable blockchain.

If you are writing a smart contract and need help, you can hire us, or contact us. You can also tweet us.

Ethereum Smart Contract Preventing Other Solidity Contracts From Hacking You

Author wefightforsecurityPosted on August 25, 2021August 25, 2021Categories web securityTags ,

An Ethereum Smart Contract is written in Solidity, and has many built in-security features. In this article we are discussing a security feature, which is a specific Ethereum modifier that stops people from writing another smart contract that can interact with yours.

What is an Ethereum modifier?

It is in layman terms, built-in functions you can use in your own contract. While some smart contracts need to allow other Smart contracts to communicate with them, others it poses a great security risk to them. The Ethereum Modifier in Ethereum Smart Contracts called OnlyOwner is a great security feature. The name is very straightforward, There is Only the Owner of the Contract should be able to make changes.

modifier onlyOwner { require(msg.sender == owner); _; }

Great, now you have the modifier available to use, if you put this in your contract, but now you need to actually use it, not just have it there. If you’re writing a solidity file called Owned, then you should have the line that says 

function transferOwnership(address newOwner) public onlyOwner {

        owner = newOwner;
}

and in Congress.sol, you should put 

contract Congress is owned, tokenRecipient {
/// your stuff here }

This works great, if you are following the Solidity Style guide, which is where the code snippets are from. Always follow the Solidity Styles whenever possible.


Hopefully this quick review of the Ethereum Smart contract modifier OnlyOwner has been helpful for you when writing your contract in Solidity. We understand this isn’t always an option, which is why we have a lot more articles coming soon for you.