Skip to content

Instantly share code, notes, and snippets.

View s7v7nislands's full-sized avatar
:octocat:

s7v7nislands s7v7nislands

:octocat:
72 followers · 43 following
  • China
View GitHub Profile
@hackermondev
hackermondev / writeup.md
Last active March 16, 2026 15:29
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

@pcaversaccio
pcaversaccio / block_hash_oracle.vy
Last active May 8, 2025 15:53
Historical block hashes oracle Vyper contract.
# pragma version ~=0.4.1
"""
@title Historical Block Hashes Oracle
@custom:contract-name block_hash_oracle
@license GNU Affero General Public License v3.0 only
@author pcaversaccio
@notice The contract function `block_hash` can be used to access the
historical block hashes beyond the default 256-block limit.
We use the EIP-2935 (https://eips.ethereum.org/EIPS/eip-2935)
history contract, which maintains a ring buffer of the last
@cpursley
cpursley / postgresql_is_enough.md
Last active March 14, 2026 11:43
Postgres is Enough
@rain-1
rain-1 / LLM.md
Last active February 24, 2026 02:03
LLM Introduction: Learn Language Models

Purpose

Bootstrap knowledge of LLMs ASAP. With a bias/focus to GPT.

Avoid being a link dump. Try to provide only valuable well tuned information.

Prelude

Neural network links before starting with transformers.

@pcaversaccio
pcaversaccio / StringEncodingReturnData.sol
Created December 16, 2022 16:04
A simple Solidity PoC contract to showcase how revert strings are ABI encoded.
// SPDX-License-Identifier: WTFPL
pragma solidity 0.8.17;
/**
* @dev A simple contract that reverts.
*/
contract Revert {
function revertWithoutReason() external pure {
// solhint-disable-next-line reason-string
revert();
@0age
0age / c000r.sol
Last active June 10, 2024 18:32
0xMonaco car (top-ranked finisher by ELO, Paradigm CTF 2022) https://0xmonaco.ctf.paradigm.xyz/viewTeam/OpenSea
// SPDX-License-Identifier: MIT
pragma solidity 0.8.16; // (10M optimization runs)
interface MonacoInterface {
struct CarData {
uint32 balance; // Where 0 means the car has no money.
uint32 speed; // Where 0 means the car isn't moving.
uint32 y; // Where 0 means the car hasn't moved.
Car car;
}
@0xkarmacoma
0xkarmacoma / quine.etk
Last active August 22, 2025 12:45
EVM quine
# quine.etk
# ⬜ => ⬜
# A quine is a computer program which takes no input and produces a copy of its own source code as its only output.
# 0x80...f3 is the compiled code excluding the push16 instruction (from dup1 to return)
push16 0x8060801b17606f5953600152602136f3
# --- stack ---
dup1 # code code
push1 128 # 128 code code
@joepie91
joepie91 / freenode-faq.md
Last active September 20, 2025 09:16

The Freenode resignation FAQ, or: "what the fuck is going on?"

IMPORTANT NOTE:

It's come to my attention that some people have been spamming issue trackers with a link to this gist. While it's a good idea to inform people of the situation in principle, please do not do this. By all means spread the word in the communities that you are a part of, after verifying that they are not aware yet, but unsolicited spam is not helpful. It will just frustrate people.

Update 3 (May 24, 2021)

A number of things have happened since the last update.

@hayesgm
hayesgm / Solidity-Deployment-Deep-Dive.md
Last active October 19, 2025 22:02

Overview

To understand how constructors through Solidity works (that is, how do we go from the compiled contract's bin to a live deployed contract with a different deployedBytecode), I took a deep dive into how one simple contract worked.

The contract Simple.sol:

pragma solidity ^0.5.12;

contract Simple {
@shakna-israel
shakna-israel / LetsDestroyC.md
Created January 30, 2020 03:50
Let's Destroy C

Let's Destroy C

I have a pet project I work on, every now and then. CNoEvil.

The concept is simple enough.

What if, for a moment, we forgot all the rules we know. That we ignore every good idea, and accept all the terrible ones. That nothing is off limits. Can we turn C into a new language? Can we do what Lisp and Forth let the over-eager programmer do, but in C?