Bypassing Cursor’s Command Allowlist with GTFOBins-Style Execution While evaluating Cursor IDE, a behavior was found that looked like a security control but did not behave like one under realistic command-execution patterns. […]
Securing $29 199 014 133 – Methodology to Secure One of the Biggest Project on Ethereum At the forefront of Web3 security, our team has developed a robust and multi-faceted approach to safeguarding the industry’s largest projects. A prime example […]
Top 7 Findings in Off-Chain Components This article highlights seven interesting vulnerabilities discovered during security audits of off-chain components. These findings are presented with detailed descriptions, potential attack vectors, recommended […]
Thoughts After Auditing Multiple Off-chain Components The security of Web3 projects is often synonymous with the robustness of their smart contracts, which reside on the blockchain. However, a significant portion […]
Security Guide Security Guide for DApps CTOs, Lead Developers, and Security Enthusiasts This forthcoming resource cuts straight to the point, delivering practical, effective security strategies without […]
Build secure Uniswap V4 Hooks in AVS In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]
Uniswap V4: Bad hook with broken access control The threat scenario covered in this article is “attacker calls hooks directly on the hook contract”. The example illustrating such a vulnerability was based on […]
Uniswap V4: Oracle hook with malicious owner The threat scenario covered in this article is “malicious hook owner updates the oracle parameters resulting in invalid price“. The example illustrating such a […]
Uniswap V4: Liquidity Theft via Hook Fee This article is one of a series where we present some implementations of “Bad Hooks” as part of our research supported by the Uniswap […]
