Security

This article discusses the fundamental security aspects of the AMM (automatic market maker) protocols.

In this article, we present tips that we have acquired over the years of auditing similar integrations. We also intend to discuss the…

Read writing from Tal on Medium. researcher @ smlXL. Every day, Tal and thousands of other voices read, write, and share important stories on Medium.

https://twitter.com/DevDacianHow to cultivate a growth mindset, overcome fears, and adopt winning strategies for successful audits. Explore a range of audit ...

On the 30th of July, 2023, multiple Curve.Fi liquidity pools were exploited as a result of a latent vulnerability in the Vyper compiler, specifically in versions 0.2.15, 0.2.16, and 0.3.0. While bug was identified and patched by the v0.3.1 release, the impact to protocols using the vulnerable compilers was not realized at the time and they were not explicitly notified. The vulnerability itself was an improperly implemented re-entrancy guard that could be bypassed under certain conditions which we will delve into in this report.

“Watchdog analyses operate on the actual bytecode of contracts (via decompilation as seen here) As a result, compiler bugs can also be caught by these analyses Yesterday's @CurveFinance hack could have been prevented had a cross-reentrancy analysis on this codebase been run”

Join Gilbert G of Macro for a talk titled, "Demystifying EVM Opcodes." This workshop is part of ETHNewYork 2022, a three-day in person hackathon that will fe...

Learn & Contribute on previously exploited vulnerabilities across several EVM projects. - coinspect/learn-evm-attacks: Learn & Contribute on previously exploited vulnerabilities acr...

Practical fuzzing examples for the mastering fuzzing talk - Elpacos/mastering-fuzzing: Practical fuzzing examples for the mastering fuzzing talk

A bunch of notes for beginners learning solidity

Chainlink price feeds are reliable, but it is crucial to have circuit breakers to prevent any issues from a single source. Using a single entity is not ideal from a decentralization perspective as well, and it is better to have backup plans in case of system failure. Many developers were

I was never a good student at math. Math made me uncomfortable. But investing in Defi gets me to re-study it. And this time, I found its…

Fuzz testing is an invaluable tool for finding & maximizing precision loss vulnerabilities..

This article is an overview of Kurt Barry's seminar at Spearbit on performing numerical analysis on DeFi projects to identify vulnerabilities. Spearbit is a decentralized and industry-leading blockchain security services firm pairing protocols with top security researchers with deep subject matter e

We review how DeFi protocols facilitate borrowing and lending.

MEV / Sandwich / Front-run & Back-run:

Awesome list of all things oracle manipulation. Creating to help spread a better understanding of oracles and oracle manipulation. - 0xcacti/awesome-oracle-manipulation: Awesome list of all things ...

A new tool for teams & individuals that blends everyday work apps into one.

This article is the result of reviewing the technical details from many of this year's Smart Contract Vulnerabilities and Exploits in and around the Ethereum ecosystem.

“Here is how you can get an easy H/M on @code4rena or @sherlockdefi. A 🧵 about the CREATE2 optcode👇”

Observations and tips for auditing protocols on multiple chains 🧐 - 0xJuancito/multichain-auditor: Observations and tips for auditing protocols on multiple chains 🧐

“1/9:🔒✨Attention auditors! Don't overlook this crucial step in upgradable contracts. Discover why reviewing constructors and initialize functions is crucial You can use your Solidity contracts with OpenZeppelin Upgrades without modifications... Wait, without any modification?”