Hiding in Plain Sight

Most people trust, but how many people verify?

Two Rights Might Make A Wrong

Too much raw fish doesn’t make a better roll of sushi

The Dangers of Surprising Code

The only thing worse than a bug in your code that breaks everything is a bug in your code that subtly breaks one thing

Booby Trapping the Ethereum Blockchain

This is how an attacker could have hid a ticking time bomb on the Ethereum blockchain that, when triggered, would hard fork the entire network

Uncovering a Four Year Old Bug

What does it take to find a bug? What about one in a contract that's survived the test of time?

Paradigm CTF 2021 - swap

A guided walkthrough for swap, the hardest challenge in Paradigm CTF 2021

The Block Mined In January, 584942419325

In a consensus protocol, the simplest mistake could have devastating effects.

So you want to use a price oracle

Everything you need to know about price oracles and how to use them safely

Changing Lanes

A reflection on my transition from Trail of Bits to Paradigm

Escaping the Dark Forest

On September 15, 2020, a small group of people worked through the night to rescue over 9.6MM USD from a vulnerable smart contract. This is our story.

Authereum, meet Parity

2017 was fun. Let's never do it again.

Taking undercollateralized loans for fun and for profit

Price manipulation, now with 100% more blockchain

The Livepeer slashing vulnerability

What happens when good intentions go bad?

The 0x vulnerability, explained

An in-depth look at how 0x's Exchange contract was vulnerable

ConsenSys CTF - Rop EVM

A second CTF from ConsenSys Diligence. The solution is a blast from the past.

ConsenSys CTF Writeup

A writeup for the ConsenSys CTF "Ethereum Sandbox"

Privilege Escalation on LegalRobot through Type Confusion

While bug hunting on LegalRobot, I discovered a privilege escalation bug in Meteor by abusing JavaScript's weak types.

Finding more RCEs in math.js

I read a great blog post by @CapacitorSet and @denysvitali about discovering a RCE vulnerability in math.js and thought I'd give it a shot as well.