BlockChain

Looking for the best online courses? Click here and gain or improve digital skills on our eLearning platform. Enroll in the best online courses today!

Hey everyone! We're Neodyme, a team of security researchers who have spent the past ~12 months inspecting the internals of the Solana blockchain. Over the course of our research, we discovered and reported several vulnerabilities in the Solana core code, ultimately helping to secure the chain against attackers. A few months ago, we were sponsored by the Solana Foundation to also set up a peer review system for smart contracts that are important for the Solana ecosystem. Since then, we've been working with developers from a range of projects building on Solana to assist them in securing their contracts. We've audited dozens of contracts, using our unique experience with Solana to uncover many exploitable bugs. During these audits, we've discovered intricate vulnerabilities in some of the major projects on the chain, and our reviews helped prevent the potential theft of roughly USD 1 billion worth of assets. However, as Solana is such a rapidly growing ecosystem, we have nowhere near enough capacity to manually audit every new contract to our standards. Instead, we'll be sharing some of the knowledge we've built over the course of our many audits in this blog, in hopes that developers and other auditors will be able to make use of it. In this post, we want to raise awareness about the five most common vulnerabilities in Solana contracts that we keep finding during our audits. We'll keep the vulnerability descriptions short and concise and provide a simplified example as well as a TL;DR for each vulnerability so that you can easily reference them while coding.

Blockchain, Cybersecurity and Complex Systems

This post aims to be a relatively in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity...

In late 2019, I published a post titled “Taking undercollateralized loans for fun and for profit”. In it, I described an economic attack on Ethereum dApps that rely on accurate

Price manipulation, now with 100% more blockchain

In this article we look at type of economic attack on DeFi projects in the form of manipulation of price oracles. On Ethereum, where everything is a smart contract, so too are price oracles. As such…

Computing and Accumulating Interest On-chain Austin Williams

A Multi-Scale DAO Ecosystem Mapping Tool Towards Computer-Aided Governance

Aave protocol launched a bit less than a month ago and is already gaining traction with a bit more than 11M$ in protocol Market Size.

This article explores the pricing of liquidity pool (LP) tokens and discusses the recent Warp Finance hack that is closely related to it…

Learn and understand Bitcoin, Ethereum, and other cryptocurrency with our in-depth crypto articles. (Pg2)

A collection of practical security-focused guides and checklists for smart contract development - nascentxyz/simple-security-toolkit: A collection of practical security-focused guides and checklist...

My dyslexia made me make this.

Read writing from QuillAudits Team on Medium. Smart Contract Auditing Experts , Making DeFi secure . audits@quillhash.com. Every day, QuillAudits Team and thousands of other voices read, write, and share important stories on Medium.

Events Under the Spotlight 🔎

Hiding actions and generating random numbers

Even the most popular tokens can be deceiving, so understanding risks and common pitfalls when integrating them is fundamental in Ethereum’s composable world...

This guide, written by whitehat Lucash-dev for Immunefi, will help you set up a local environment and reproduce the Fei Protocol exploit…

Student Dashboard Student Dashboard Latest Announcements Previous Next Create your study plan Get started! Continue where you left off View all courses PROFESSIONAL REQUIRED Your Personal Study Plan   Get your personally tailored study plan by filling out a short quiz about your goals and interests. Then you can consult with your Counselor that will … Dashboard Read More »

A series of notes that were taken during the ConsenSys Academy program. - 0xCourtney/ConsenSys-Academy-Notes: A series of notes that were taken during the ConsenSys Academy program.

Guidelines and training material to write secure smart contracts - 0xalpharush/building-secure-contracts: Guidelines and training material to write secure smart contracts

Get up to speed on Maximum Extractable Value. Contribute to 0xalpharush/awesome-MEV-resources development by creating an account on GitHub.

A searchable curated repository of Web3 security 101s brought to you buy https://twitter.com/web3sec

Research at Protocol Labs. Contribute to protocol/research development by creating an account on GitHub.

A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected - sec-bit/awesome-buggy-erc20-tokens: A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected