[fix] update missing

.editorconfig

@@ -0,0 +1,14 @@
+; https://editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.md]
+trim_trailing_whitespace = false

.eslintrc.json

@@ -0,0 +1,3 @@
+{
+  "extends": "next/core-web-vitals"
+}

.github/workflows/auto-commit.yml

@@ -8,11 +8,8 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    name: 'Netlify Rebuild'
     steps:
-      - uses: jogeleit/http-request-action@v1
-        with:
-          url: 'https://api.netlify.com/build_hooks/${{ secrets.NETLIFY_TOKEN }}'
-          method: 'POST'
-          customHeaders: '{"Content-Type": "application/json"}'
-          data: '{}'
+      - uses: actions/checkout@v2
+      - name: 'Netlify Rebuild'
+        run: curl -X POST -d {} https://api.netlify.com/build_hooks/${{ secrets.NETLIFY_TOKEN }}
+        shell: bash

.json/posts.json

@@ -0,0 +1 @@
+[{"frontmatter":{"title":"CSS Injection in Swagger UI","date":"2022-12-02T00:00:00.000Z","categories":["Github"],"draft":false,"url":"https://github.com/lowk3v/CSS-injection-in-Swagger-UI","description":"CSS injection vulnerability in Swagger UI (CVE-2019-17495)"},"content":"","slug":"post-CSS-Injection-In-Swagger-UI-CVE-2019-17495"},{"frontmatter":{"title":"DApp Scaffold","date":"2020-12-02T00:00:00.000Z","categories":["Github"],"draft":false,"url":"https://github.com/lowk3v/dapp-scaffold","description":"🏗 forkable Ethereum dev stack focused on fast product iterations"},"content":"","slug":"post-dapp-scaffold"},{"frontmatter":{"title":"Dumpsc","date":"2023-10-25T00:00:00.000Z","image":"/images/posts/post-4.jpg","categories":["Github"],"draft":false,"url":"https://github.com/lowk3v/dumpsc","description":"A tool is used to download a verified source code of smart contracts from an explorer"},"content":"","slug":"post-dumpsc"},{"frontmatter":{"title":"Foundry Audit Template","date":"2023-10-25T00:00:00.000Z","categories":["Github"],"draft":false,"url":"https://github.com/lowk3v/foundry-audit-template","description":"A template for quickly getting started with forge"},"content":"","slug":"post-foundry-audit-template"},{"frontmatter":{"title":"Mirco Tool Template","date":"2023-10-25T00:00:00.000Z","categories":["Github"],"draft":false,"url":"https://github.com/lowk3v/mirco-tool-template","description":"A template for faster making a Golang micro tool"},"content":"","slug":"post-micro-tool-template"},{"frontmatter":{"title":"Telegram Bot Template","date":"2022-12-02T00:00:00.000Z","categories":["Github"],"draft":false,"url":"https://github.com/lowk3v/telegram-bot-template","description":"A github template for developing a Telegram Bot Application by Golang"},"content":"","slug":"post-telegram-bot-template"},{"frontmatter":{"title":"WooFi - Cross-chain swap function can cause users to lose money","date":"2023-06-10T00:00:00.000Z","categories":["Hunting"],"draft":false,"description":"Users can lose their money if there is any reverts when use crossSwap in Woo Finance."},"content":"\n<Notice type=\"note\" title=\"Updates\">\n- 2021-10-11: Reported to the WooFi team.  <br/>\n- 2021-10-12: The WooFi team notices receiving the report.  <br/>\n- The WooFi team never replies to me after that.  <br/>\n</Notice>\n\nI discovered some high-impact vulnerabilities in WooFi smart contracts.\nUsers can lose their money if they use the function \"crossSwap\" in WooCrossChainRouter, WooCrossChainRouterV2, and WooCrossChainRouterV3 contracts.\nFollowing the details below:\n\nIn the contract \"WooCrossChainRouter\" at\n\n- https://github.com/woonetwork/WooPoolV2/blob/6b7d13fea34a78ca59e4b1aae73d3caa00c2efba/contracts/WooCrossChainRouter.sol#L250-L368\n- https://arbiscan.io/address/0x44df096d2600c6a6db77899db3de3aecff746cb8\n- and in other chains.\n\n```\nfunction sgReceive(\n        uint16, /*_chainId*/\n        bytes memory, /*_srcAddress*/\n        uint256, /*_nonce*/\n        address _token,\n        uint256 amountLD,\n        bytes memory payload\n    ) external override {\n        require(msg.sender == address(stargateRouter), \"WooCrossChainRouter: INVALID_CALLER\");\n\n        (address toToken, uint256 refId, uint256 minToAmount, address to) = abi.decode(\n            payload,\n            (address, uint256, uint256, address)\n        );\n\n        if (wooRouter.wooPool().quoteToken() != _token) {\n            // NOTE: The bridged token is not WooPP's quote token.\n            // So Cannot do the swap; just return it to users.\n            // ..\n        }\n\n        uint256 quoteAmount = amountLD;\n\n        if (toToken == ETH_PLACEHOLDER_ADDR) {\n            // quoteToken -> WETH -> ETH\n            TransferHelper.safeApprove(_token, address(wooRouter), quoteAmount);\n            try wooRouter.swap(_token, WETH, quoteAmount, minToAmount, payable(address(this)), to) returns (\n                uint256 realToAmount\n            ) {\n                IWETH(WETH).withdraw(realToAmount);\n                TransferHelper.safeTransferETH(to, realToAmount);\n                emit WooCrossSwapOnDstChain(...);\n            } catch {\n                // transfer _token/amountLD to msg.sender because the swap failed for some reason.\n                // this is not the ideal scenario, but the contract needs to deliver them eth or USDC.\n                TransferHelper.safeTransfer(_token, to, amountLD);\n                emit WooCrossSwapOnDstChain(...);\n            }\n        } else {\n            // ...\n        }\n    }\n```\n\nThe \"crossSwap\" function allows users to send and swap cross-chains.\n\nWhen users call the \"crossSwap\" function to swap in a source chain, a \"StarGateRouter\" contract will callback to the \"sgReceive\" function in a destination chain.\n\nThe contract \"WooCrossChainRouter\" uses a try-catch block to handle reverting. If any revert is raised, the user in the destination chain will not receive their fund.\n\nAn example scenario:\n\n1. A user cross-swaps in the source chain with the `toToken` parameter equal to the ETH_PLACEHOLDER_ADDR constant, and `toToken` is a quote token.\n\n2. In the destination chain, the contract will swap `_token` to WETH. After that, transferring these ETH to an address the user owned\n\n3. The swap is OK and is wrapped by a try-catch block. However, the transfer of ETH is not protected. If the receiving address does not define fallback() or receive() functions, it will revert.\n\nIf any reverts occur, the user will lose their money, and the money will be held in this contract.\n","slug":"post-woofi"}]

config/config.json

@@ -0,0 +1,34 @@
+{
+  "site": {
+    "title": "LowK - Indie Smart Contract Security Auditor",
+    "base_url": "/",
+    "favicon": "/images/avatar.png"
+  },
+  "settings": {
+    "pagination": 5,
+    "summary_length": 200,
+    "blog_folder": "posts"
+  },
+  "profile": {
+    "name": "LowK",
+    "image": "/images/avatar.png",
+    "designation": "Smart Contract Security Auditor",
+    "bio": "Ex. Penetration Tester."
+  },
+  "params": {
+    "contact_form_action": "#",
+    "tag_manager_id": "",
+    "copyright": "Copyright © 2023"
+  },
+  "metadata": {
+    "meta_author": "LowK",
+    "meta_image": "",
+    "meta_description": "A Smart Contract Security Author based in Viet Nam. Ex Penetration Tester."
+  },
+
+  "disqus": {
+    "enable": true,
+    "shortname": "lowk3v",
+    "settings": { }
+  }
+}

config/menu.json

@@ -0,0 +1,8 @@
+{
+  "main": [
+    {
+      "name": "All Posts",
+      "url": "/"
+    }
+  ]
+}

config/social.json

@@ -0,0 +1,33 @@
+{
+  "facebook": "",
+  "twitter": "https://twitter.com/lowk3v_",
+  "instagram": "",
+  "youtube": "",
+  "linkedin": "https://linkedin.com/lowk3v",
+  "github": "https://github.com/lowk3v",
+  "gitlab": "",
+  "discord": "https://discordapp.com/users/LowK#0238",
+  "substack": "https://lowk.substack.com",
+  "slack": "",
+  "medium": "",
+  "codepen": "",
+  "bitbucket": "",
+  "dribbble": "",
+  "behance": "",
+  "pinterest": "",
+  "soundcloud": "",
+  "tumblr": "",
+  "reddit": "",
+  "vk": "",
+  "whatsapp": "",
+  "snapchat": "",
+  "vimeo": "",
+  "tiktok": "",
+  "foursquare": "",
+  "rss": "",
+  "email": "[email protected]",
+  "phone": "",
+  "address": "",
+  "skype": "",
+  "website": ""
+}

config/theme.json

@@ -0,0 +1,25 @@
+{
+  "colors": {
+    "default": {
+      "theme_color": {
+        "primary": "#66e197",
+        "body": "#17212b",
+        "border": "#2f4050"
+      },
+      "text_color": {
+        "default": "#ceced0",
+        "dark": "#ffffff"
+      }
+    }
+  },
+  "fonts": {
+    "font_family": {
+      "primary": "Questrial:wght@400;500;600;700",
+      "primary_type": "sans-serif"
+    },
+    "font_size": {
+      "base": "16",
+      "scale": "1.250"
+    }
+  }
+}

content/404.md

@@ -0,0 +1,6 @@
+---
+title: "Error 404"
+layout: "404"
+---
+
+## Page Not Found

content/contact.md

@@ -0,0 +1,20 @@
+---
+title: "Contact Me"
+layout: "contact"
+draft: false
+
+
+---
+
+## Get in touch
+
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo
+
+### Location
+
+4140 Parker Rd. Allentown,
+New Mexico 31134
+
+### Phone
+
++88544767456