Blog

Psstt: also check out my Web3 workshop if you want to learn more about blockchain, dApps and web3 Metaverse: What and Why The Metaverse. Neal Stephenson coined the term in his science fiction book Snow Crash in 1992 and he did a terrific job of describing what a Metaverse could look like twenty years later. I enjoyed the book and I think we're getting closer to start living with or in a Metaverse (completely or more likely partly) within the next decade. Think about it. Ten years from now, we might not be using our clunky smartphones anymore. Instead we'll be wearing smart …

psssst: also check out my AR/VR/3D workshop if you want to learn more about ThreeJS Web3 is a term most techies have heard by now, often in combination with other hotness like the metaverse, blockchain, defi, gamefi, NFTs and the list goes on. Not everyone agrees that web3 is going great but more importantly, not everyone understands what is meant by the term web3 or any of the terms mentioned above. My workshop fixes that for you. I just don't get it A few years ago I tried to understand how blockchain development worked and what it would even be useful to program …

Bpost is the national postal delivery service in Belgium. One would expect that they have their online affairs in order, given the tremendous amount of phishing scams targetting bpost, DHL, PostNL and all the other couriers around. Today I got phished in a really professional way or at least I thought I was, until it turned out I wasn't. It was worse than that. What initially happened Here's some context: I ordered a nice art print coming from the UK, not thinking about the extra import taxes I'd have to pay related to Brexit. So one week after placing my order I got a letter …

PHP 8.1 introduces enums or enumerations which can be described as a data type that contains a predefined set of values you can use. When you are developing an app often come accross situations where you have a preset of options you want to choose from, for example: a blog post can be published, draft or unpublished a player can be of type medic, soldier or engineer a ticket can be either VIP, standing or seated and so on ... You may have used arrays or classes with constants in them to create this kind of functionality like so: …

In this level, we are given two contracts. The Recovery contract will deploy a new instance of the SimpleToken contract to an address we don't know or have forgotten. This token contract will contain some Ether which we need to recover from it. Now in the description they mention that the contract will contain 0.5ETH, which seems to be incorrect or outdated. When I was looking around the generated contracts, I noticed that I could find a transfer of 0.001ETH, which is what you'll need to send when creating a new instance of this level. The goal of this level is twofold. First, …

Just like in all the previous walkthroughs I wrote up for Ethernaut, I try to come up with my own solution to the posed security problems and you should try to do the same, it's the only way to learn. However, sometimes it's handy or even necessary to take a look at other solutions to know what to look for. For this level, I ended up reading this solution first but after that I returned to Remix in order to cook up my own solution. That way, you'll have several options to go by and come up with your own unique attack. Let's dive in. Level 16 again uses the somewhat dangerous …

Sometimes you may feel like opening up some ports on your Digital Ocean or Linode VPS in order to access a service like a web dashboard remotely. It's bad security practice to do so because you would open up these ports to anyone out there trying to reach them. A better and easy way to access your remote services is to use local port forwarding via SSH. A practical example where I needed this was while I was setting up an IPFS node . IPFS is a great way to host data in a distributed and decentralized way. The IPFS package comes bundled with a web-based dashboard that allows you to …

To learn more about IPFS — aka the InterPlanetary File System — I set up a virtual host on Linode (love these guys, I use them in all my Linux classes). Nothing fancy here, just create your now VPS on your favourite platform and login as root. From there, we'll install IPFS and get to work. I used snaps to quickly get up and running. Follow the instructions here to install the go-ipfs implementation of ipfs in just a couple of commands. What is IPFS? IPFS stands for InterPlanetary File System and it can be described as a decentralized system for storing, hosting and …

This level requires us to transfer funds out of the contract to another address and we know that our own address has the full INITIAL_SUPPLY.  When looking at the code I initially has two different thoughts of how to approach this. First of all, I took a look at the modifier named lockTokens .  function transfer(address _to, uint256 _value) override public lockTokens returns(bool) { super.transfer(_to, _value); } // Prevent the initial owner from transferring tokens until the timelock has passed modifier lockTokens() { if (msg.sender == player) { …

Level 12 is a bit similar to level 8 where we learned about how state variables are stored on a contract (and also how we can read them, even when they are private). In order to get a good understanding of how storage works in more detail, I decided to create a little drawing based on the documentation and the given contract code. To pass this level, we need to unlock the contract by sending the correct _key . We see that the key is checked like so: require(_key == bytes16(data[2])); The storage variables are kept pretty basic (no dynamic arrays and the likes) and are …