A collection of writeups and other thoughts
Hiding in Plain Sight
Most people trust, but how many people verify?
Two Rights Might Make A Wrong
Too much raw fish doesn’t make a better roll of sushi
The Dangers of Surprising Code
The only thing worse than a bug in your code that breaks everything is a bug in your code that subtly breaks one thing
Booby Trapping the Ethereum Blockchain
This is how an attacker could have hid a ticking time bomb on the Ethereum blockchain that, when triggered, would hard fork the entire network
Uncovering a Four Year Old Bug
What does it take to find a bug? What about one in a contract that's survived the test of time?
Paradigm CTF 2021 - swap
A guided walkthrough for swap, the hardest challenge in Paradigm CTF 2021
The Block Mined In January, 584942419325
In a consensus protocol, the simplest mistake could have devastating effects.
So you want to use a price oracle
Everything you need to know about price oracles and how to use them safely
A reflection on my transition from Trail of Bits to Paradigm
Escaping the Dark Forest
On September 15, 2020, a small group of people worked through the night to rescue over 9.6MM USD from a vulnerable smart contract. This is our story.
Authereum, meet Parity
2017 was fun. Let's never do it again.
Taking undercollateralized loans for fun and for profit
Price manipulation, now with 100% more blockchain
The Livepeer slashing vulnerability
What happens when good intentions go bad?
The 0x vulnerability, explained
An in-depth look at how 0x's Exchange contract was vulnerable
ConsenSys CTF - Rop EVM
A second CTF from ConsenSys Diligence. The solution is a blast from the past.
ConsenSys CTF Writeup
A writeup for the ConsenSys CTF "Ethereum Sandbox"
Privilege Escalation on LegalRobot through Type Confusion
Finding more RCEs in math.js
I read a great blog post by @CapacitorSet and @denysvitali about discovering a RCE vulnerability in math.js and thought I'd give it a shot as well.