Skip to content

Instantly share code, notes, and snippets.

View princeleonal's full-sized avatar
🎯
Focusing

leo princeleonal

🎯
Focusing
45 followers · 30 following
View GitHub Profile
@princeleonal
princeleonal / setup-duti.sh
Created June 7, 2025 02:08 — forked from PaulRBerg/setup-duti.sh
Script to set Cursor as the default editor for all development file extensions on macOS using duti: https://github.com/moretension/duti/
#!/usr/bin/env zsh
# Set up the default application for file types.
# Strict mode: https://gist.github.com/vncsna/64825d5609c146e80de8b1fd623011ca
set -euo pipefail
# grab Cursor's bundle-ID
BUNDLE_ID=$(osascript -e 'id of app "Cursor"')
# Extensions in alphabetical order
EXTENSIONS=(
@pcaversaccio
pcaversaccio / block_hash_oracle.vy
Last active May 8, 2025 15:53
Historical block hashes oracle Vyper contract.
# pragma version ~=0.4.1
"""
@title Historical Block Hashes Oracle
@custom:contract-name block_hash_oracle
@license GNU Affero General Public License v3.0 only
@author pcaversaccio
@notice The contract function `block_hash` can be used to access the
historical block hashes beyond the default 256-block limit.
We use the EIP-2935 (https://eips.ethereum.org/EIPS/eip-2935)
history contract, which maintains a ring buffer of the last
@fatherGoose1
fatherGoose1 / cronos-reentrancy.md
Created March 22, 2024 16:43
Bug report of Tectonic (Cronos) reentrancy to mint tokens at 100x actual rate.

Bug Description

There is a reentrancy vulnerability in TectonicStakingPoolV3.sol (https://cronoscan.com/address/0xE165132FdA537FA89Ca1B52A647240c2B84c8F89).

The issue arises due to the function performConversionForTokens() which is currently open for anyone to call because tcmPublicAccess is currently true. During a call to performConversionForTokens(), reentrancy can be achieved with the end result being the free minting of xTonic tokens. A brief description of the token conversion process:

  • The staking pool contract holds predominantly TONIC.
  • Other approved tokens held by the staking pool can be swapped for TONIC. For example, if the pool holds some WCRO, it can be swapped for TONIC using performConversionForTokens() which increases the contract's TONIC balance, thus increasing rewards for its stakers.
  • Upon successful conversion, any extra TONIC that was received during the swap (more than the oracle quote) is sent to the function caller as a reward.

The issue with the above is that a caller can

@princeleonal
princeleonal / 1_top+hacker_methodologies.md
Created January 6, 2024 09:54 — forked from ruevaughn/1_top+hacker_methodologies.md
Hacker Methodologies & Tools (NEW)

The Top Hacker Methodologies & Tools Notes

By Chase. ** *

Nuclei Templates

Concrete5 CMS : Identification, Mass Hunting, Nuclei Template Writing & Reporting

@princeleonal
princeleonal / oscp_links.md
Created November 28, 2023 23:53 — forked from natesubra/oscp_links.md
Useful OSCP Links
@akella
akella / setup.md
Last active March 1, 2026 21:51
My Setup
@eddmann
eddmann / bitcoin-merkle-proofs.js
Created November 10, 2017 10:20
Bitcoin Internals: Verifying Merkle Roots using Merkle Proofs in JavaScript
const fetchLatestBlock = () =>
fetch(`https://blockchain.info/q/latesthash?cors=true`)
.then(r => r.text());
const fetchMerkleRootAndTransactions = block =>
fetch(`https://blockchain.info/rawblock/${block}?cors=true`)
.then(r => r.json())
.then(d => [d.mrkl_root, d.tx.map(t => t.hash)]);
const random = arr =>
@unfo
unfo / how-to-oscp-final.md
Last active March 11, 2026 16:03

How to pass the OSCP

  1. Recon
  2. Find vuln
  3. Exploit
  4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.