Research | Analysis | Insights | Opinions Incentives Supply & Demand.

What if you could manipulate Curve's oracles to exploit major DeFi protocols? Read about the technical details of read-only reentrency attacks.

Summary:On the 24th of October 2022, Market.xyz (lending market on QuickSwap DEX) was exploited with a price manipulation attack.

Contribute to stakewithus/defi-by-example development by creating an account on GitHub.

Share your videos with friends, family, and the world

The only thing worse than a bug in your code that breaks everything is a bug in your code that subtly breaks one thing

A few days ago, pool 23 of Rari’s Fuse platform was exploited. In this episode of the Replaying Ethereum Hacks series, we will look at what…

A high risk vulnerability was disclosed to Risk Labs by iosiro affecting the Across bridge relayer infrastructure and awarded with a $90,000 bounty.

How to Become a Smart Contract Auditor: https://jacksonkelley.gumroad.com/l/how-to-become-a-smart-contract-auditor/process-one-ytIn this video, I do the firs...

An introduction to maximal extractable value (MEV)

A chronological and (hopefully) complete list of reentrancy attacks to date. - pcaversaccio/reentrancy-attacks: A chronological and (hopefully) complete list of reentrancy attacks to date.

Slides: https://drive.google.com/file/d/1-wzuY4U4OKFQ2Mc4ctmwKh2g3fAl4_85/view?usp=sharingFurther to the section on Front Running, I have created a post on E...

In 2021 we privately disclosed multiple vulnerabilities in the InterPlanetary File System but never really talked about it. Let’s change that 😊!

iosiro disclosed a UUPS proxy vulnerability to several teams, affecting over $50m in assets. This post details the technical details and the disclosure to OpenZeppelin.

Browse distinguished companies providing smart contract auditing services and find contact information, previous reports, client testimonials and more.

How to efficiently maximise arbitrage profit over a set of exchanges via Convex Optimisation

Having a similar name, Agave.finance is a forked from Aave V2 on the Gnosis chain. One would think that a fork of a battle-tested protocol…

London Blockchain Security meetup #001 Dirk Brink is a Tech Lead at Graphcore and bug bounty hunter at Immunefi. He studied Electrical and Electronic Enginee...

Digging deep into the EVM mechanics during contract function calls

Abstract Generally disallowing state-changing effects after an external function call and enabling the possibility to mark functions that specifically do this. Motivation I started this discussion ...

A curated list of Smart Contract Security materials and resources For Researchers - saeidshirazi/Awesome-Smart-Contract-Security: A curated list of Smart Contract Security materials and resources F...

My blockchains adventure continues! This time I protected Moonbeam network by disclosing a critical design flaw, safeguarding more than $100M assets at risk in various DeFi projects. I was awarded the maximum reward amount of their bug bounty program on Immunefi, $1M, and $50k bonus from Moonwell (I guess that’s also one of the top 10 highest bug bounties?)

An interactive reference to Ethereum Virtual Machine Opcodes