Latest

3 Ways to Write a Proof of Concept

Finding bugs is just one part of the bug hunting process. Once you've found a bug, you write a report, and more importantly, you must write a proof of concept. It helps you ensure your finding is valid, makes triage faster, and creates less room for ambiguity & interpretation in the

SirenMarkets V1 - Getting Free Leverage with a Block Stuffing Attack

How an attacker would have gotten free leverage by selling ITM options.

3 Mistakes I Made When I Started Bounty Hunting

Like anyone starting with something new, I made some mistakes when I just started bug bounty hunting. Here are some of my mistakes so that you might avoid them: 1 - I Had No Confidence At first, I only went for the new & small bounty programs. I thought programmes offering

Game Theory - Exploiting Superior Knowledge

Many smart contracts implement game-theoretic elements. Most also implement some form of automation, e.g. users deposit liquidity which gets used according to a given strategy. This strategy can be vulnerable when it provides too much of an advantage to a malicious user. Let's look at the difference between acceptable

Properties vs Fuzz tests

There are quite a few fuzzing related tools. However, it's not always clear how they fit together in the fuzzing picture. Do you write properties with Scribble, or do you fuzz using foundry? An option that you should consider for your next fuzz test is using both! Here is an

You Should Look for Game Theory Bugs

Many auditors and bounty hunters don't look for game-theoretic and economic flaws. Instead, they focus on the more tangible and well-known types of attacks. This is unfortunate as a game-theoretic design flaw can cause as much damage as regular attacks. Here is why you should be on the lookout for

3 Reasons Why You Should Publish Your Security Research

A bunch of security researchers that I know do the most exciting work. Unfortunately, they don't show it to the world. They might share their cool projects with colleagues and friends, but it stops there. Overall, nobody gets to enjoy and benefit from their awesome findings. Here is why they

Don't Ignore Oracle Extractable Value!

Not enough people care about Oracle Extractable Value! Over the recent years, we've all become aware of MEV. However, just like miners can extract value from their sequencing power, oracles can extract value from their position. If exploited, they can use this to extract significant value and drain entire protocols.

A Perfect Balance Between Practice and Execution.

Security is a fast-moving field, and you have to research and practice to stay on top of your game. However, there is so much to learn that you can easily get stuck just researching all the time! On the other hand, you want to avoid falling behind because you spend

3 Activities to Make You a Better Bug Hunter

That are not actually about hunting for bugs.

Hunting For Bugs: Top Idea in Your Mind

How you can use passive thinking to hunt for bugs and find critical vulnerabilities.

4 Strategies for picking the perfect bounty hunting targets

How you can overcome analysis paralysis and start finding bugs by picking the right target.

3 strategies to get into hunting bugs in smart contracts

You've probably read about one of these million-dollar bounties handed out to white-hat hackers, and you probably wouldn't mind becoming one of them! Here are three strategies that you can follow to become a (better) bug hunter. 🧱 Build a foundation You can do many things to become a better smart

Bounties & Two Sided Reputation

This article started as a feature request to be posted on the Immunefi discord, but turned into this along the way. Bug bounties are here, and they're here to stay. You've probably heard plenty of success stories of hackers receiving up to $2 million for their help securing a protocol.

Stealing all your secrets using IPFS Mounts

tl;dr you might want to stop using IPFS mounts.

Getting familiar with systems thinking, modelling and cadCAD

👋 Hey, interested in using automatic models to simulate systems and game theory problems? This article provides an intro to cadCAD, a python library for just that!

Security Analysis - Diving into Dataflow Analysis and Reaching Definitions

Static analysis comes in all shapes and sizes. A very common technique is dataflow analysis, where we look at how variables affect each other. In this article we’ll look at reaching definitions analysis, one of the core techniques enabling dataflow analysis.

Parse Solidity incrementally using tree-sitter

I recently wrote and released an incremental parser for Solidity using tree-sitter ( built by Max Brunsfield at GitHub). Let me tell you about the experience of working with tree-sitter to create an incremental parser. 💡 At GitHub they use tree-sitter as one of the core components for code highlighting and code

Shift Left and DevSecOps - What does it even mean?

DevSecOps and Shift Left are often used in the same sentence. But the difference between the two is not always clear. So in this article, I will introduce both topics and talk about their connection. ⬅️ Shift Left When we’re talking about shift left, we’re talking about shifting left

Mutation Testing for Smart Contracts - A step by step guide

In my previous article, I wrote about the core concepts of mutation testing. With this post, I will show you the mutation testing theory can be applied in practice using the mutation testing tool Vertigo. Setup To start with mutation testing, we need to do three things: * Install Truffle and

Introduction into Mutation Testing

Recently I released a mutation testing tool for smart contracts on GitHub called Vertigo. In this series of blog posts, I hope to do the following things: * Show you how powerful Mutation Testing is * Explain how you can use mutation testing in your SDLC * Demonstrate how you can use Vertigo