The Dangers of Surprising Code The only thing worse than a bug in your code that breaks everything is a bug in your code that subtly breaks one thing
Booby Trapping the Ethereum Blockchain This is how an attacker could have hid a ticking time bomb on the Ethereum blockchain that, when triggered, would hard fork the entire network
Uncovering a Four Year Old Bug What does it take to find a bug? What about one in a contract that's survived the test of time?
The Block Mined In January, 584942419325 In a consensus protocol, the simplest mistake could have devastating effects.
So you want to use a price oracle Everything you need to know about price oracles and how to use them safely
Escaping the Dark Forest On September 15, 2020, a small group of people worked through the night to rescue over 9.6MM USD from a vulnerable smart contract. This is our story.
Taking undercollateralized loans for fun and for profit Price manipulation, now with 100% more blockchain
ConsenSys CTF - Rop EVM A second CTF from ConsenSys Diligence. The solution is a blast from the past.
Privilege Escalation on LegalRobot through Type Confusion While bug hunting on LegalRobot, I discovered a privilege escalation bug in Meteor by abusing JavaScript's weak types.
Finding more RCEs in math.js I read a great blog post by @CapacitorSet and @denysvitali about discovering a RCE vulnerability in math.js and thought I'd give it a shot as well.