Tech Deep Dive

The CPIMP Attack: an insanely far-reaching vulnerability, successfully mitigated
[by the Dedaub team] A major attack on several prominent DeFi protocols over many blockchains was (largely) successfully mitigated last week. The …
15 July 2025
START READING
The CPIMP Attack: an insanely far-reaching vulnerability, successfully mitigated
[by the Dedaub team] A major attack on several prominent DeFi protocols over many blockchains was (largely) successfully mitigated last week. The …
15 July 2025
START READING
The $11M Cork Protocol Hack: A Critical Lesson in Uniswap V4 Hook Security
On 28th of May 2025, Cork Protocol suffered an $11M exploit due multiple security weaknesses, culminating in a critical …

The Cetus AMM $200M Hack: How a Flawed “Overflow” Check Led to Catastrophic Loss
On May 22, 2025, the Cetus AMM on the Sui Network suffered a devastating hack resulting in over $200 million in losses. …

From Ethereum to Solana: How Developer Assumptions Can Introduce Critical Security Vulnerabilities
Ethereum Developers on Solana Solana stands out as one of the most popular blockchains, known for its high throughput …

Bedrock vulnerability disclosure and actions
A few hours ago, the Dedaub team discovered a smart contract vulnerability in a number of uniBTC vault smart contracts …

Rho Markets Incident
On July 19th, Rho Markets - a Compound V2 fork on Scroll - was involved in an incident that led to the creation of …

Web 3 Audit Methodology by Dedaub
Web3 Audit Methodology Dedaub’s Security Audit teams comprise at least two senior security researchers, as well as any …

Common Solidity Security Vulnerabilities
Solidity Security Vulnerabilities Understanding and Mitigating Solidity Security Vulnerabilities Solidity Security …

Bulk Storage Extraction
Most Dapp developers have heard of and probably use the excellent Multicall contract to bundle their eth_calls and …

Arbitrum Sequencer Outage | Root Cause Analysis
The Arbitrum network experienced significant downtime on December 15 due to problems with its sequencer and feed. The …

Thestandard.io Exploit | A Thorough Analysis by Dedaub
Hello everyone, this is Yannis Bollanos, Security Researcher at Dedaub. A few days ago, we published a tweet about the …

Transaction Simulation Solutions | An In-depth Guide
Introduction to Transaction Simulation Solutions Transaction simulation tools improve developer and user experience …

Smart Contracts | Tale of Little Bugs
As most programmers would admit, the most annoying bugs are often the “little” ones. Tiny logic errors caused by a few …

The Critical Thirdweb Vulnerability
Summary: The root cause of the thirdweb critical vulnerability is that independent libraries implementing ERC2771 & …

Smart Contract Audits Guide
Smart Contract Audit Essentials: Navigating the Web 3 Landscape with Expertise and Security With blockchain platforms, …

Smart Contract Security Tools | A Guide to Dedaub Security Suite, Step-by-step Tutorial
Dedaub Security Suite (former Watchdog) is a comprehensive security system designed for Smart Contract analysis and …

Platypus Finance Hack
Platypus Finance Hack: The platform was targeted by a flashloan attack, resulting in an approximate $2 million loss. …

Preparing for Your First Web3 Audit
Your project is at an advanced state of engineering and you have decided to hire an auditor to maximize security and …

I See Dead Code
What if I told you that over one-third of recently-deployed Ethereum smart contracts consist mostly of unusable junk? …

Poly Network Hack Postmortem
On July 2nd, 2023 06:47:20 PM UTC Poly Network suffered what was initially reported to be a notional $34b hack (the …

Uniswap Reentrancy Vulnerability Disclosure
By the Dedaub team! Uniswap Reentrancy | Uniswap Labs recently advertised a boosted $3M bounty program for bug reports …

Latent Bugs in Billion-plus Dollar Code
You are probably safe, but be aware…! Daniel Von Fange pinged me last week: Hey, I just realized that the xSushi reward …

Mass Disclosure of Griefing Vulnerabilities
This week, with the help of @drdr_zz and @wh01s7 of SecuRing, we tackled a backlog of warnings from the Dedaub Watchdog …

Rari Capital Vulnerability
Security researchers actively participating in Tribe DAO’s Discord security channel, raised concerns about a security …

The Dedaub Watchdog Service
The Dedaub Watchdog is a technology-driven continuous auditing service for smart contracts. What does this even mean? …

Phantom Functions and the Billion-dollar No-op
By the Dedaub team On Jan. 10 we made a major vulnerability disclosure to the Multichain project (formerly “AnySwap”). …

Etheria | A Six-year-old Solc Riddle
By the Dedaub team The Assignment A few weeks ago, we were approached with a request to work on a project unlike any …

Harvest Finance Vulnerability | $200k Bounty
We disclosed a critical bug to Harvest Finance. The contracts in scope held a total of $6.4M in Uniswap V3 positions. …

Symbolic Value-flow Static Analysis of Ethereum Smart Contracts
We present a static analysis approach that combines concrete values and symbolic expressions. This symbolic value-flow …

Verkle Tree Gas Metering Impact
Dedaub was commissioned by the Ethereum Foundation to investigate the impact of Vitalik Buterin’s Verkle tree gas …

Yield Skimming: Forcing Bad Swaps on Yield Farming
By the Dedaub team Yield Skimming Last week we received bug bounties for disclosing smart contract vulnerabilities to …

R-bounty / Primitive Finance Analysis
Three articles on the Primitive Finance vulnerability disclosure and rescue: PrimitiveFi post-mortem analysis Awarded …

Killing a Bad (Arbitrage) Bot … To Save Its Owner
Following the previous white-hat hacks (1, 2), on contracts flagged by our analysis tools, today we’ll talk about …

“look Ma’, No Source!” Hacking a Defi Service With No Source Code Available
By the Dedaub team This story describes a cool hack, for over $300K (even nearly $600K, if done at the right time). It …

Ethereum Pawn Stars: “$5.7m in Hard Assets? Best I Can Do is $2.3m”
defi saver Saving DeFi Saver with Static Contract Analysis By the Dedaub team In the complex DeFi protocols and …

Rising Gas Prices Are Threatening Our Security (No, It’s Not the Saudi Attack)
Mr. Out of gas exception EIP 1884 is set to be implemented into the upcoming Ethereum ‘Istanbul’ hard fork. It: …

Gigahorse: Thorough, Declarative Decompilation of Smart Contracts
The rise of smart contract-autonomous applications running on blockchains-has led to a growing number of threats, …

Chronicle of an Attack Foretold
Co-written with Neville Grech In a few hours, an attacker will claim the prize for the first Consensys Diligence …

Bad Randomness is Even Dicier Than You Think
Co-written with Neville Grech Bad Randomness Trivial Exploits of Bad Randomness In Ethereum, and How To Do On-Chain …

The $11M Cork Protocol Hack: A Critical Lesson in Uniswap V4 Hook Security
On 28th of May 2025, Cork Protocol suffered an $11M exploit due multiple security weaknesses, …

The Cetus AMM $200M Hack: How a Flawed “Overflow” Check Led to Catastrophic Loss
On May 22, 2025, the Cetus AMM on the Sui Network suffered a devastating hack resulting in over $200 …

From Ethereum to Solana: How Developer Assumptions Can Introduce Critical Security Vulnerabilities
Ethereum Developers on Solana Solana stands out as one of the most popular blockchains, known for …

Bedrock vulnerability disclosure and actions
A few hours ago, the Dedaub team discovered a smart contract vulnerability in a number of uniBTC …

Rho Markets Incident
On July 19th, Rho Markets - a Compound V2 fork on Scroll - was involved in an incident that led to …

Web 3 Audit Methodology by Dedaub
Web3 Audit Methodology Dedaub’s Security Audit teams comprise at least two senior security …

Common Solidity Security Vulnerabilities
Solidity Security Vulnerabilities Understanding and Mitigating Solidity Security Vulnerabilities …

Bulk Storage Extraction
Most Dapp developers have heard of and probably use the excellent Multicall contract to bundle …

Arbitrum Sequencer Outage | Root Cause Analysis
The Arbitrum network experienced significant downtime on December 15 due to problems with its …

Thestandard.io Exploit | A Thorough Analysis by Dedaub
Hello everyone, this is Yannis Bollanos, Security Researcher at Dedaub. A few days ago, we published …

Transaction Simulation Solutions | An In-depth Guide
Introduction to Transaction Simulation Solutions Transaction simulation tools improve developer and …

Smart Contracts | Tale of Little Bugs
As most programmers would admit, the most annoying bugs are often the “little” ones. Tiny logic …

The Critical Thirdweb Vulnerability
Summary: The root cause of the thirdweb critical vulnerability is that independent libraries …

Smart Contract Audits Guide
Smart Contract Audit Essentials: Navigating the Web 3 Landscape with Expertise and Security With …

Smart Contract Security Tools | A Guide to Dedaub Security Suite, Step-by-step Tutorial
Dedaub Security Suite (former Watchdog) is a comprehensive security system designed for Smart …

Platypus Finance Hack
Platypus Finance Hack: The platform was targeted by a flashloan attack, resulting in an approximate …

Preparing for Your First Web3 Audit
Your project is at an advanced state of engineering and you have decided to hire an auditor to …

I See Dead Code
What if I told you that over one-third of recently-deployed Ethereum smart contracts consist mostly …

Poly Network Hack Postmortem
On July 2nd, 2023 06:47:20 PM UTC Poly Network suffered what was initially reported to be a notional …

Uniswap Reentrancy Vulnerability Disclosure
By the Dedaub team! Uniswap Reentrancy | Uniswap Labs recently advertised a boosted $3M bounty …

Latent Bugs in Billion-plus Dollar Code
You are probably safe, but be aware…! Daniel Von Fange pinged me last week: Hey, I just realized …

Mass Disclosure of Griefing Vulnerabilities
This week, with the help of @drdr_zz and @wh01s7 of SecuRing, we tackled a backlog of warnings from …

Rari Capital Vulnerability
Security researchers actively participating in Tribe DAO’s Discord security channel, raised concerns …

The Dedaub Watchdog Service
The Dedaub Watchdog is a technology-driven continuous auditing service for smart contracts. What …

Phantom Functions and the Billion-dollar No-op
By the Dedaub team On Jan. 10 we made a major vulnerability disclosure to the Multichain project …

Etheria | A Six-year-old Solc Riddle
By the Dedaub team The Assignment A few weeks ago, we were approached with a request to work on a …

Harvest Finance Vulnerability | $200k Bounty
We disclosed a critical bug to Harvest Finance. The contracts in scope held a total of $6.4M in …

Symbolic Value-flow Static Analysis of Ethereum Smart Contracts
We present a static analysis approach that combines concrete values and symbolic expressions. This …

Verkle Tree Gas Metering Impact
Dedaub was commissioned by the Ethereum Foundation to investigate the impact of Vitalik Buterin’s …

Yield Skimming: Forcing Bad Swaps on Yield Farming
By the Dedaub team Yield Skimming Last week we received bug bounties for disclosing smart contract …

R-bounty / Primitive Finance Analysis
Three articles on the Primitive Finance vulnerability disclosure and rescue: PrimitiveFi post-mortem …

Killing a Bad (Arbitrage) Bot … To Save Its Owner
Following the previous white-hat hacks (1, 2), on contracts flagged by our analysis tools, today …

“look Ma’, No Source!” Hacking a Defi Service With No Source Code Available
By the Dedaub team This story describes a cool hack, for over $300K (even nearly $600K, if done at …

Ethereum Pawn Stars: “$5.7m in Hard Assets? Best I Can Do is $2.3m”
defi saver Saving DeFi Saver with Static Contract Analysis By the Dedaub team In the complex DeFi …

Rising Gas Prices Are Threatening Our Security (No, It’s Not the Saudi Attack)
Mr. Out of gas exception EIP 1884 is set to be implemented into the upcoming Ethereum ‘Istanbul’ …

Gigahorse: Thorough, Declarative Decompilation of Smart Contracts
The rise of smart contract-autonomous applications running on blockchains-has led to a growing …

Chronicle of an Attack Foretold
Co-written with Neville Grech In a few hours, an attacker will claim the prize for the first …

Bad Randomness is Even Dicier Than You Think
Co-written with Neville Grech Bad Randomness Trivial Exploits of Bad Randomness In Ethereum, and How …