We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our journey through the CS:GO binary and conducts a technical deep dive into various identified bugs. We conclude by presenting a proof of concept (POC) exploit that leverages four different logic bugs into remote code execution in the game’s client, triggered when a client connects to the server.
Make Security Your Strength
For most, security is a blind spot. It doesn't have to be that way.
That's why we offer audits, trainings, and consulting services backed by deep-dive security research.
Distinguish your business through best-in-class security and peace of mind for you and your customers.
Highest level of services in the industry.
- Dedicated to staying ahead of the rapidly evolving threat landscape, we conduct cutting-edge IT security research.
- Learn the skills you need to protect your business from cyber threats with our comprehensive IT security training.
- Keep your systems secure with our experienced pentesting team; we'll help you find the vulnerabilities you never knew existed.
Smart Contract Audits
- Our team is known for finding many critical vulnerabilities in smart contracts. Get your contracts audited by our experts with a proven track record.
Find more content
in our Blog
Our blog features posts from the world of cybersecurity, reverse engineering, research projects, solana and other blockchains, cryptography, and much more. If you're a developer, a security professional, or just an interested person, we are sure you will find something exciting to read! Here are some of our favorite posts to get you started!
Recently, there’s been a lot of buzz around a DAO vote of Solend – one of Solana’s largest lending projects. It seeks to enact restrictions on large positions, and to temporarily take control of an existing user’s position in order to liquidate it in a controlled fashion. This can be done by upgrading the smart contract’s code.
But wait! Aren’t smart-contracts supposed to be immutable?
Only in a perfect world. No code is perfect and smart contracts aren’t either, so it can be necessary to change or fix them. This is called a program upgrade.
In this post, we’ll give an overview of one of the most fundamental and yet somehow often-overlooked aspects of the security of a smart contract, namely: Who has the power to initiate program upgrades? How can users be sure that the developers don’t make undesired changes? Or even worse, just run off with their money?
Over the past year and a half, we have spent a lot of time looking at the Solana core code, reporting over 80 bugs of varying severity. This blog post is the first in a series detailing the most interesting vulnerabilities we found and reported in Solana core, hopefully inspiring more whitehats to keep the ecosystem safe. All bugs presented here were responsibly disclosed under the Solana bug bounty program and are now fixed.
In this post, we want to raise awareness about the five most common vulnerabilities in Solana contracts that we keep finding during our audits. We’ll keep the vulnerability descriptions short and concise and provide a simplified example as well as a TL;DR for each vulnerability so that you can easily reference them while coding.