Preview card for 'Metamask Snaps: Playing in the Sand'
Featured Post

Metamask Snaps: Playing in the Sand

A deep dig into Metamask Snaps. We explore safety considerations, environment design, and break down a property spoofing vulnerability in the Snaps sandboxing layer.

Read More

Security exploits, tutorials, and findings

Preview card for 'Metamask Snaps: Playing in the Sand'
Nov 1, 2023

Metamask Snaps: Playing in the Sand

A deep dig into Metamask Snaps. We explore safety considerations, environment design, and break down a property spoofing vulnerability in the Snaps sandboxing layer.

Preview card for 'Web2 Bug Repellant Instructions'
Aug 11, 2023

Web2 Bug Repellant Instructions

An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.

Preview card for 'Vyper Hack Timeline'
Aug 1, 2023

Vyper Hack Timeline

A timeline and postmortem for the Vyper compiler bug. Thoughts on trust assumptions, vulnerability disclosures, and whitehack recoveries.

Preview card for 'Solidity Compilers: Memory Safety'
Jul 28, 2023

Solidity Compilers: Memory Safety

An exploration into the Solidity compilation pipeline, optimization assumptions, and how it all relates back to memory-safe assembly.

Preview card for 'Solana Formal Verification: A Case Study'
Jan 26, 2023

Solana Formal Verification: A Case Study

We present a novel framework for formal verification of Solana Anchor programs — and a case study application to the Squads multisig.

Preview card for 'Rust, Realloc, and References'
Dec 9, 2022

Rust, Realloc, and References

Rust is safe.. right? Not if your dependencies are unsafe.. A deep dive into a subtle Solana SDK bug, Rust internals, and how we found it all.

Preview card for 'The Move Prover: A Guide'
Sep 16, 2022

The Move Prover: A Guide

A practical guide to the Move Prover - tutorial, case study, and specifications.

Preview card for 'Move: An Auditor's Introduction'
Sep 6, 2022

Move: An Auditor's Introduction

What actually makes Move secure? A discussion of Move's typing system and formal verification.

Preview card for 'Reverse Engineering Solana with Binary Ninja'
Aug 27, 2022

Reverse Engineering Solana with Binary Ninja

An introduction to our open-source Binary Ninja plugin for blackbox Solana program analysis along with an executive reference to the Solana runtime.

Preview card for 'The Story of the Curious Rent Thief'
Aug 19, 2022

The Story of the Curious Rent Thief

A tale of pickpockets preying on the Solana ecosystem. Read our investigation into the persistent theft of rent from uninitialized accounts. This is the story of the Solend rent thief.

Preview card for 'Becoming a Millionaire, 0.000150 BTC at a Time'
Apr 26, 2022

Becoming a Millionaire, 0.000150 BTC at a Time

How we discovered a critical issue in Solana's stable swap implementation. A story about arbitrage and rounding.

Preview card for 'Solana: An Auditor's Introduction'
Mar 14, 2022

Solana: An Auditor's Introduction

A security focused introduction to Solana, exploring the underlying runtime environment, security boundaries, and implications. An important resource for all developers who want to write more secure code.

Preview card for 'The $200m Bluff: Cheating Oracles on Solana'
Feb 16, 2022

The $200m Bluff: Cheating Oracles on Solana

How we fooled oracles to beat the house. An exploration into liquidity tokens and oracle price manipulation.