Blog

We are constantly learning new things, and believe that knowledge should be shared.

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

SEAL Certification Goes Live: Composable Security in the First Accreditation Cohort

Today the Security Alliance (SEAL) announced that its Certification program is moving from pilot into live engagements. SEAL Certification Goes Live: Composable Security in […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Bypassing Cursor’s Command Allowlist with GTFOBins-Style Execution

While evaluating Cursor IDE, a behavior was found that looked like a security control but did not behave like one under realistic command-execution patterns. […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

How to Minimize the Risk of Prompt Injection?

Learn how to reduce prompt injection risk in LLM apps and AI agents using threat modeling, least privilege, output validation, monitoring, and adversarial testing. […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Securing $29 199 014 133 – Methodology to Secure One of the Biggest Project on Ethereum

At the forefront of Web3 security, our team has developed a robust and multi-faceted approach to safeguarding the industry’s largest projects. A prime example […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Top 7 Findings in Off-Chain Components

This article highlights seven interesting vulnerabilities discovered during security audits of off-chain components. These findings are presented with detailed descriptions, potential attack vectors, recommended […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Thoughts After Auditing Multiple Off-chain Components

The security of Web3 projects is often synonymous with the robustness of their smart contracts, which reside on the blockchain. However, a significant portion […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

ERC-8004: a practical explainer for trustless agents

For agents to cooperate with each other, they need to know about the existence of other agents, what abilities they have, and to be […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Red Flags and Green Flags of Yield Bearing Stablecoins

Below are practical green flags and red flags you can verify yourself using a project’s website, documentation, and a blockchain explorer. Each flag includes […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Yield bearing stablecoins

Yield bearing stablecoins are tokens designed to hold a peg while earning interest for holders. Sounds good, right? However, where there’s yield, there’s also […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit