Research

Security research, vulnerability analysis, and insights from real-world engagements.

Smart Contracts2025-11-15

Reentrancy Patterns in Modern DeFi: Beyond the Classic Attack

An analysis of cross-function and cross-contract reentrancy patterns found during recent DeFi protocol audits, including novel attack vectors in ERC-4626 vault implementations.

Red Team2025-09-22

Red Teaming a Web3 Organization: Lessons from the Field

Case study of a full-scope red team engagement against a Web3 company, covering social engineering of developer teams, CI/CD pipeline compromise, and smart contract deployment key extraction.

Web3 Infrastructure2025-07-10

Validator Key Management: HSMs, MPC, and the Gaps Between

A practical guide to validator key management security, comparing HSM-based approaches with MPC solutions and identifying common configuration mistakes that undermine both.

Tools2025-05-03

Fuzzing Solidity: Maximizing Coverage with Echidna and Medusa

Practical techniques for writing effective fuzz harnesses for Solidity smart contracts, with benchmarks comparing Echidna and Medusa on real-world protocol code.

Vulnerability Research2025-03-18

Bridge Security: Analyzing Cross-Chain Message Verification

Deep dive into common vulnerability classes in cross-chain bridge implementations, from signature verification flaws to message replay attacks and oracle manipulation.