Merge pull request #3 from vesla0x1/contents

simplified structure: no content replication (achievement and coding)

content/_index.md

@@ -5,6 +5,6 @@ sort_by = "date"
 paginate_path = ""
 +++
 
-I am a **software engineer** transitioning to web3, as a **smart contract security researcher**. On this website I share my career [achievements](/achievements), [audit reports](/audits), [personal projects](/coding) and [writings](/articles) about **blockhain security** and other topics that interest me.
+I am a **software engineer** transitioning to web3, as a **smart contract security researcher**. On this website I share my career [achievements](/achievements), [audit reports](/audits), [personal projects](/coding) and [writings](/articles) about **blockchain security** and other topics that interest me.
 
 Feel free to learn more [about me](/about) or [get in touch](/contacts) if you're interested.

content/achievements/_index.md

@@ -2,10 +2,8 @@
 title = "Achievements and certifications"
 description = "Achievements and certifications"
 template = "section_pages_list.html"
-page_template = "article.html"
-insert_anchor_links = "right"
-transparent = true
 
 [extra]
-categorized = true
-+++
+categorized_by = "achievement"
+category_term = "achievement_category"
++++

content/articles/mim-spell-attack.md

@@ -1,5 +1,5 @@
 +++
-title = "MiM Spell Attack"
+title = "MiM Spell Attack Analysis"
 description = "Analysis of an incident that caused $6,5M loss to Abracadabra Money protocol"
 date = "2024-02-29"
 updated = "2024-03-29"
@@ -13,7 +13,7 @@ math = true
 home_feed_label = "Article"
 +++
 
-## 1. Root cause
+## Root cause
 ### TL;DR
 The root cause of the attack was a precision loss introduced by a rounding error in [`CauldronV4.sol::_repay`](https://github.com/vesla0x1/defi-hacks/blob/master/mim-spell/src/CauldronV4.sol#L396-L407), when [`toElastic`](https://github.com/boringcrypto/BoringSolidity/blob/78f4817d9c0d95fe9c45cd42e307ccd22cf5f4fc/contracts/libraries/BoringRebase.sol#L28-L41) is calculated. [`toElastic`](https://github.com/boringcrypto/BoringSolidity/blob/78f4817d9c0d95fe9c45cd42e307ccd22cf5f4fc/contracts/libraries/BoringRebase.sol#L28-L41) is evaluated as `x = (part * totalBorrow.elastic) / totalBorrow.base` and in order to handle the precision loss caused by the division, it rounds up favoring the protocol. However, when (part * totalBorrow.elastic) < totalBorrow.base, rounding up will cause `toElastic` to be always evaluated to 1, violating the invariant of the exchange rate (`totalBorrow.elastic` / `totalBorrow.base`) before repayments $e$, being approximately the exchange rate after, $e'$.
 
@@ -89,7 +89,7 @@ final      => {elastic: 1, base: 120080183810681886665215049729}
 
 Since the amount of `base` shares of MiM had increased to (almost) infinity, the entire balance of MiM tokens in Degenbox (5.000.047 when the attack happened) was negligible in comparison this amount of `totalBorrow.base`. This made possible the attacker to bypass the health check in [`CauldronV4.sol#L272`](https://github.com/vesla0x1/defi-hacks/blob/master/mim-spell/src/CauldronV4.sol#L272), since the division for [`totalBorrow.base`](https://github.com/vesla0x1/defi-hacks/blob/master/mim-spell/src/CauldronV4.sol#L272C71-L272C88) will always result in zero and the attacker was able to borrow (and withdraw) all MiM tokens in Degenbox for a very low collateral amount, using another account, causing ~$6.5M loss to the protocol.
 
-## 2. Mitigation
+## Mitigation
 As discussed, the root cause of the problem was a rounding error in [`CauldronV4.sol::_repay`](https://github.com/vesla0x1/defi-hacks/blob/master/mim-spell/src/CauldronV4.sol#L401), introduced when [`BoringRebase.sol::toElastic`](https://github.com/boringcrypto/BoringSolidity/blob/78f4817d9c0d95fe9c45cd42e307ccd22cf5f4fc/contracts/libraries/BoringRebase.sol#L36) is calculated:
 
 $$
@@ -114,4 +114,7 @@ This rounding error occurs if (`part` * `totalBorrow.elastic`) < `totalBorrow.ba
  406:         bentoBox.transfer(magicInternetMoney, skim ? address(bentoBox) : msg.sender, address(this), share);
  407:         emit LogRepay(skim ? address(bentoBox) : msg.sender, to, amount, part);
  408:     }
-```
+```
+
+## Code
+- [branch](https://github.com/vesla0x1/defi-hacks/tree/master/mim-spell)

content/audits/flatmoney-02-24.md

@@ -1,12 +1,15 @@
 +++
 title = "Flat Money"
 date = "2024-02-20"
-description = "The Flat Money protocol allows people to deposit Rocket Pool ETH (rETH) and mint UNIT, a decentralized delta-neutral flatcoin designed to outpace inflation."
+description = "Found a medium severity issue in my first audit contest, with less than one month working as smart contract security researcher, was rewarded with **$41,11** and placed **31/257** on Sherlock."
 
 [taxonomies]
-tags = ["Audit Report", "Sherlock"]
+tags = ["Audit Report", "achievement", "Sherlock"]
 
 [extra]
+subtitle = "**Ranked 31/257**"
+achievement_category = "Web3 Achievements"
+achievement_anchor = "achievement"
 platform = "Sherlock"
 audit_link = "https://audits.sherlock.xyz/contests/132"
 report = "https://audits.sherlock.xyz/contests/132/report"
@@ -19,7 +22,7 @@ findings = "1M"
 ranking_position = 31
 participants = 257
 ranking_link = "https://twitter.com/sherlockdefi/status/1764374914838954220"
-home_feed_label = "Audit Report"
+home_feed_label = "Audit Contest"
 overview = "The [Flat Money](https://flat.money/) protocol allows people to deposit Rocket Pool ETH (rETH) and mint UNIT, a decentralized delta-neutral flatcoin designed to outpace inflation. Flat Money also offers Leverage Traders the ability to deposit rETH and open rETH leveraged long positions through perpetual futures contracts."
 references = [{name = "Flat Money docs", url = "https://docs.flat.money/"}, {name = "Flat Money site", url="https://flat.money"}, { name = "Contest page on Sherlock", url = "https://audits.sherlock.xyz/contests/132"}, { name = "Official Sherlock's Report", url = "https://audits.sherlock.xyz/contests/132/report" }, { name = "Sherlock's tweet of my classification", url="https://twitter.com/sherlockdefi/status/1764374914838954220"}]
 
@@ -29,6 +32,9 @@ findings_data = [
 
 +++
 
+## Achievement
+With less than one month working as smart contract security researcher, I managed to find a medium severity issue, in my first audit contest. I was rewarded with **$41,11** and placed **31/257** in Flat Money contest on Sherlock (see [sherlock's tweet](https://twitter.com/sherlockdefi/status/1764374914838954220) with my classification at 31st).
+
 # Medium findings
 ## [M-1] Malicious actors can accumulate a huge amount of internal points (FMP) and inflate their value {#M-1}
 ### Summary
@@ -49,4 +55,4 @@ Malicious users can accumulate a huge amount of FMP, inflating their value.
 Foundry
 
 ### Recommendation
-Implement a mechanism that restricts the FMP earnings by time and/or reduces the point quantity when a user withdraws collateral.
+Implement a mechanism that restricts the FMP earnings by time and/or reduces the point quantity when a user withdraws collateral.

content/certifications/_index.md

@@ -0,0 +1,5 @@
++++
+title = "Certifications"
+template = "404.html"
+transparent = true
++++

content/achievements/bachalors-degree.md → content/certifications/bachalors-degree.md

@@ -7,8 +7,8 @@ template = "404.html"
 tags = ["certification", "achievement"]
 
 [extra]
-category = "Certificates"
+achievement_category = "Certificates"
 link = "/documents/bsc-certificate.pdf"
 lang = 'en'
 home_feed_label = "Certificate"
-+++
++++

content/achievements/gas-optimization.md → content/certifications/gas-optimization.md

@@ -8,7 +8,7 @@ template = "404.html"
 tags = ["certification", "achievement"]
 
 [extra]
-category = "Certificates"
+achievement_category = "Certificates"
 link = "https://www.udemy.com/certificate/UC-64451e08-e85c-4651-8e4d-b1ca4f39acda/"
 home_feed_label = "Certificate"
-+++  
++++

content/achievements/masters-degree.md → content/certifications/masters-degree.md

@@ -8,7 +8,7 @@ template = "404.html"
 tags = ["achievement", "certification"]
 
 [extra]
-category = "Certificates"
+achievement_category = "Certificates"
 link = "/documents/masters-certificate.pdf"
 home_feed_label = "Certificate"
-+++
++++

content/coding/_index.md

@@ -1,8 +1,10 @@
 +++
 title = "Personal projects and contributions"
 template = "section_pages_list.html"
+page_template = "article.html"
+insert_anchor_links = "right"
 transparent = true
 
 [extra]
-categorized = true
-+++
+categorized_by = "coding"
++++

content/coding/defi-hacks.md

@@ -3,21 +3,22 @@ title = "DeFi Hacks Playground"
 description = "Explore Ethereum hacks using **Solidity** and **Foundry**."
 draft = false
 date = "2024-03-01"
-template = "article.html"
 
 [taxonomies]
 tags = ["coding", "solidity", "foundry", "defi hacks"]
 
 [extra]
 category = "Personal projects"
-home_feed_label = "Project"
+home_feed_label = "Personal project"
 +++
 
-**[Github](https://github.com/vesla0x1/defi-hacks)** | **[Article](https://example.com)**
 
-## Sorry! I haven't finished writing this page yet...
+## Overview
+This project aims to recreate (in)famous Ethereum transactions, similarly to [DeFi Hack Labs](https://github.com/SunWeb3Sec/DeFiHackLabs). However, it differs by not only recreating the transaction but also by providing a way to interact with vulnerable contracts. This allows to gain a better understanding of each step in the transaction's execution by creating logs and visualizing events in a flexible manner. In addition to this, another goal of this project is to provide a mechanism to modify vulnerable contracts, with the goal to mitigate the root cause of the issue and prevent hack to happen. Comprehensive write-ups of these hacks will also be included.
 
-## References
-- **[Github](https://github.com/vesla0x1/defi-hacks)** 
-- **[Article](https://example.com)**
+## Attacks
+- [MiM Spell Attack analysis](/articles/mim-spell-attack) | [Code](https://github.com/vesla0x1/defi-hacks/tree/master/mim-spell)
 
+## References
+- **[Github](https://github.com/vesla0x1/defi-hacks)**
+- [MiM Spell attack](/articles/mim-spell-attack)

content/coding/ethernaut-ctf.md

@@ -1,16 +1,28 @@
 +++
-title = "OpenZeppelin Ethernaut CTF 2024"
-description = "Solutions of the Ethernaut CTF 2024"
-draft = true
-template = ""
-page_template = ""
-sort_by = "date"
+title = "OpenZeppelin Ethernaut CTF 2024 - Solutions"
+description = "In my first Ethereum CTF, I managed to solve challenges involving **DeFi** and reverse engineering of **EVM** bytecode"
 date = "2024-03-16"
 
+[taxonomies]
+tags = ["coding",  "achievement", "ctf", "challenge", "solidity", "foundry"]
+
 [extra]
+achievement_category = "Web3 Achievements"
 category = "Challenges"
 features_section_name = "Solutions"
-home_feed_label = "Project"
+home_feed_label = "Challenge/CTF"
+subtitle = "**Ranked 62/828**"
 +++
 
-**[Github](https://github.com/vesla0x1/ethernaut-ctf-2024)** | **[Achievement](/achievements/ethernaut-ctf)**
+**[Github](https://github.com/vesla0x1/ethernaut-ctf-2024)**
+
+## Sorry! I haven't finished writing this page yet...
+
+{{ figure(src="/images/ethernaut-challenges.png", caption="" ) }}
+
+{{ figure(src="/images/ethernaut-ctf-overview.png" , caption="Ranked 62/828") }}
+
+## References
+- [Scoreboard](https://ctf.openzeppelin.com/scoreboard)
+- [POAP Token](https://collectors.poap.xyz/token/7085116)
+- [Solutions repository](https://github.com/vesla0x1/ethernaut-ctf-2024)

content/coding/sui-marketplace.md

@@ -1,23 +1,36 @@
 +++
-title = "Sui Marketplace Quest"
-description = "Smart contract functions implemented in **Move**"
-draft = false
-template = "article.html"
+title = "Sui Marketplace Quest (Overmind.xyz)"
+description = "Implemented smart contract functions using **Move** and ranked **10/64**"
 date = "2024-01-11"
-path = "home/coding/sui-marketplace"
 
 [taxonomies]
-tags = ["challenge", "coding", "Move", "overmind"]
+tags = ["coding",  "achievement", "challenge", "overmind", "move"]
 
 [extra]
+subtitle = "**Ranked 10/64**"
 category = "Challenges"
-home_feed_label = "Coding"
+achievement_category = "Web3 Achievements"
+home_feed_label = "Coding challenge"
 +++
 
-## Sorry! I haven't finished writing this page yet...
+{{ figure(src="/images/sui-marketplace-overview.png" , caption="") }}
 
-## References
-**[Github](https://github.com/vesla0x1/sui-marketplace)** | **[Achievement](/achievements/sui-marketplace)**
+## Overview
+[Sui Marketplace](https://overmind.xyz/quests/sui-marketplace) is one of the quests available on [Overmind.xyz](https://overmind.xyz). Overmind is an online platform that incentivises web3 learning by promoting competitive challenges (quests). On these challenges, developers should comple tasks (e.g. implement smart contract functions) and they compete for a prize pool (generally in tokens). Top performers are rewarded with a share of this prize pool.
+
+The goal of this challenge was to implement common marketplaces functions (i.e. `create_shop`, `add_item`, `unlist_item` and `purchase_item`) using the **[Move](https://move-language.github.io/move/)** language.
 
 ## Solution
-[Pull request](https://github.com/vesla0x1/sui-marketplace/pull/1)
+My solution is available on this **[pull request](https://github.com/vesla0x1/sui-marketplace/pull/1/files)** - *NOTE: the original repository was private, so I have published my solution on this one*.
+
+## Achievement
+Even with no prior experience with **Move**, I managed to learn the basics and finish the quest just a few hours after it was released. I was **rewarded with $15 in SUI tokens** (see the [transfer transaction](https://suiscan.xyz/mainnet/tx/F2nsk4bJiYC5N8Gq6oWzB1R9htp6suSjTYm32B6YnwmC)) and ranked **10 out of 64** competitors.
+
+
+{{ figure(src="/images/sui-marketplace-payment.png", caption="Prize history dashboard on Overmind." ) }}
+
+## References
+- [Github repository](https://github.com/vesla0x1/sui-marketplace/)
+- [Submission code](https://github.com/vesla0x1/sui-marketplace/pull/1/files)
+- [Sui Marketplace quest](https://overmind.xyz/quests/sui-marketplace)
+- [Payment transaction on Suiscan](https://suiscan.xyz/mainnet/tx/F2nsk4bJiYC5N8Gq6oWzB1R9htp6suSjTYm32B6YnwmC)

content/publications/_index.md

@@ -0,0 +1,5 @@
++++
+title = "Academic Publications"
+template = "404.html"
+transparent = true
++++