Phantom Functions and the Billion-Dollar No-Op

Largest crypto hack prevented?

A Six-Year-Old Solc Riddle

In mid-October, we received a request to work on a project unlike any we've had before.

Harvest Finance Vulnerability, $200K Bounty

We disclosed a critical vulnerability to Harvest Finance, through Immunefi. The vulnerability concerns a proxy pattern and was discovered via an interesting automated analysis.

Symbolic Value-Flow Static Analysis of Ethereum Smart Contracts

A technical paper describing our most recent analysis technology, responsible for 7 major vulnerabilities detected in-the-wild.

Verkle tree gas metering impact

We were commissioned by the Ethereum Foundation to study the impact of a new gas cost model, based on Verkle tree access costs.

EIP-3074 Impact Study

We were commissioned by the Ethereum Foundation to do a study of the impact of EIP-3074 (AUTH and AUTHCALL) on existing contracts.

Yield Skimming: Forcing Bad Swaps on Yield Farming

Received bug bounties from Vesper Finance and BT Finance for vulnerability disclosures. Both vulnerabilities follow the same pattern and we study when it can be exploited.

R-Bounty / Primitive Finance Analysis

We reported a critical vulnerability to Primitive Finance, leading to the generous R bounty and an article on the war room operation.

Killing a Bad (Arbitrage) Bot ... to Save Its Owner

A vulnerable bot was controlling some $80K. We killed it, saving the funds of its owner(s).