217730 32195 122 26578 191 344723
275707 698407 8388

Latest blog post


Latent Bugs in Billion-Plus Dollar Code

Attack vectors (and their combinations) over xSushi-like staking, ERC777 tokens

Start Reading


Yield Skimming: Forcing Bad Swaps on Yield Farming

Received bug bounties from Vesper Finance and BT Finance for vulnerability disclosures. Both vulnerabilities follow the same pattern and we study when it can be exploited.

Start Reading


R-Bounty / Primitive Finance Analysis

We reported a critical vulnerability to Primitive Finance, leading to the generous R bounty and an article on the war room operation.

Start Reading


Killing a Bad (Arbitrage) Bot ... to Save Its Owner

A vulnerable bot was controlling some $80K. We killed it, saving the funds of its owner(s).

Start Reading


“Look ma’, no source!” Hacking a DeFi Service with No Source Code Available

Reported critical vulnerability to Dinngo/DeFlast team leading to their rescue of all threatened funds. The vulnerable contract had no public source.

Start Reading


Ethereum Pawn Stars: “$5.7M in hard assets? Best I can do is $2.3M”

Reported critical vulnerability to DeFi Saver team which would have allowed hackers to steal over $3.5m. Vulnerability was originally flagged by one of our tools.

Start Reading


Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities

Technical paper on our analysis technology for tainted contract guards. Interesting observations on symbolic execution vs. static analysis approaches.

Start Reading


Precise Static Modeling of Ethereum 'Memory'

Research article on our analysis technology, especially the modeling of "memory" in EVM smart contracts.

Start Reading


Ethereum Foundation EIP-1884 bounty

Received bounty from the Ethereum Foundation for our analysis of the gas impact of EIP-1884.

Start Reading


Gigahorse: Thorough, Declarative Decompilation of Smart Contracts

Research article, at ICSE'19 conference, describing our decompiler.

Start Reading