Security

Contribute to stakewithus/defi-by-example development by creating an account on GitHub.

Share your videos with friends, family, and the world

The only thing worse than a bug in your code that breaks everything is a bug in your code that subtly breaks one thing

A few days ago, pool 23 of Rari’s Fuse platform was exploited. In this episode of the Replaying Ethereum Hacks series, we will look at what…

A high risk vulnerability was disclosed to Risk Labs by iosiro affecting the Across bridge relayer infrastructure and awarded with a $90,000 bounty.

How to Become a Smart Contract Auditor: https://jacksonkelley.gumroad.com/l/how-to-become-a-smart-contract-auditor/process-one-ytIn this video, I do the firs...

An introduction to maximal extractable value (MEV)

A chronological and (hopefully) complete list of reentrancy attacks to date. - pcaversaccio/reentrancy-attacks: A chronological and (hopefully) complete list of reentrancy attacks to date.

Slides: https://drive.google.com/file/d/1-wzuY4U4OKFQ2Mc4ctmwKh2g3fAl4_85/view?usp=sharingFurther to the section on Front Running, I have created a post on E...

In 2021 we privately disclosed multiple vulnerabilities in the InterPlanetary File System but never really talked about it. Let’s change that 😊!

iosiro disclosed a UUPS proxy vulnerability to several teams, affecting over $50m in assets. This post details the technical details and the disclosure to OpenZeppelin.

Browse distinguished companies providing smart contract auditing services and find contact information, previous reports, client testimonials and more.

How to efficiently maximise arbitrage profit over a set of exchanges via Convex Optimisation

Life of a DeFi developer: Say `gm`. Scroll crypto twitter and commiserate about the bear market. Architect new and complex financial and governance systems. Their robustness is so vitally critical

Having a similar name, Agave.finance is a forked from Aave V2 on the Gnosis chain. One would think that a fork of a battle-tested protocol…

London Blockchain Security meetup #001 Dirk Brink is a Tech Lead at Graphcore and bug bounty hunter at Immunefi. He studied Electrical and Electronic Enginee...

Digging deep into the EVM mechanics during contract function calls

Abstract Generally disallowing state-changing effects after an external function call and enabling the possibility to mark functions that specifically do this. Motivation I started this discussion ...

A curated list of Smart Contract Security materials and resources For Researchers - saeidshirazi/Awesome-Smart-Contract-Security: A curated list of Smart Contract Security materials and resources F...

My blockchains adventure continues! This time I protected Moonbeam network by disclosing a critical design flaw, safeguarding more than $100M assets at risk in various DeFi projects. I was awarded the maximum reward amount of their bug bounty program on Immunefi, $1M, and $50k bonus from Moonwell (I guess that’s also one of the top 10 highest bug bounties?)

An interactive reference to Ethereum Virtual Machine Opcodes

Digging deep into the EVM mechanics during contract function calls

“There are some extremely successful bounty hunters in web3. However, nobody tells you how they do it. Until now. Here is how you can become a bug bounty millionaire. 🧵👇”

Solidity Smart Contracts Samples. Contribute to ajlopez/SoliditySamples development by creating an account on GitHub.

Contract invariants are properties of the program program state that are expected to always be true. In my previous article I discussed the use of Solidity assertions to check contract invariants. This article expands on the use of invariants and provides a couple of additional examples. An interesting feature of invariant checking on the bytecode level is …

Semgrep rules for smart contracts based on DeFi exploits - Raz0r/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits

Contribute to razzorsec/AuditorsRoadmap development by creating an account on GitHub.