Recap of this thread:
- Oracle attacks // centralization-manipulation point
- Flash loan // borrow and return a large number of tokens in the same tx
- Governance // flash loan hack or other ways to get majority of gov tokens
- Front running // front run, intercept a transaction
- Admin keys // single point of failure, admin keys leak
- Insecure endpoint (app/web) // front end weak security
- Social engineering // attacks on humans, social environment
- Layer 1 // blockchain 51% attack, etc.
Beyond:
- Price/market manipulation // Soros-Style Attack, thread
- Insecure tech, devops // tech bugs, bad devsecops
- Mess of web2/web3 // custodial services, CEXes, gateways, etc.
Conclusions:
Web3 is in its earliest stages, it’s a rather sandbox for experiments not a production ready space. Use it extremely carefully, be ready to lose everything.
