Doug Feigelson
Doug Feigelson
> To decrypt them you should use the Beacon Store key and AES GCM. @Sn0wfreezeDev how do you get the BeaconStore key? When I run `security find-generic-password -l 'BeaconStore' -g`...
Odd, I have multiple airtags showing up in Find My, but the password field is blank for the BeaconStore item in KeychainAccess. Perhaps they relocated the key?
I did also try accessing it from Swift and saw no data stored under that keychain item. When arbitrary data is stored as the value, the KeyChain app does not...
Yay I was finally able to decrypt these .record files. For anybody else trying to do this: 1. Open the .record files as plists. 2. First value is the nonce....
> Both options would require us to access the secured storage (e.g., keychain) of the Find My processes. To do this on macOS, you need to disable system integrity protection...
I am planning on ordering from [amazon.de](https://www.amazon.de/M%C3%A4hroboter-Classic-500-Kantenschneide-Funktion-Wochentags-Bedienfeld/dp/B08H1Y3KXZ?keywords=yard%2Bforce%2Bclassic%2B500&qid=1649430969&sprefix=yard%2Bforce%2Bclassic%2Caps%2C81&sr=8-3&linkCode=sl1&tag=selfomat-21&linkId=a2a7174df2bf2fb665403a4c9df5cbda&language=de_DE&ref_=nav_signin&th=1) and using [mygermany.com](https://account.mygermany.com/web/content/new-register?canvassID=cdbe1208-010e-47b1-9c4d-8b1bb678f9e4) to forward the package to the US. The question I have: do all of the models on that Amazon.de page...
Any reason why this hasn't been merged?
Interesting vulnerability. `borrowFresh` is only called by `borrowInternal`, which has the `nonReentrant` modifier. So how was this possible? Was DeFiPie using a version of CToken.sol without that modifier?
@coburncoburn I read the post mortem thoroughly. And I can't easily see if `nonReentrant` was present or not in the contracts that DefiPie was using, because they were never uploaded...
Ahh of course, thanks @coburncoburn, that explains it. As you said, Compound has the protection of not allowing arbitrary coin listings. Additional assurance will be gained by moving `doTransferOut` after...