smart contract audit

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Lido – Node Operator can exit and slash their validator to move withdrawal finalization border epoch

Bypassing the border epoch as determined by the mass slashing event. Vulnerability Details During a mass slashing event, the withdrawal queue may delay finalization […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Lido – Uncaught exception on creating ejection report

The report generation cannot be completed and submitted due to this bug. Vulnerability Details The get_remaining_forced_validators function is designed to remove validators that are […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Lido – Security Review of Oracle V5 update

Lido partnered with Composable Security to conduct a thorough security review of the Oracle V5 update to prepare for upcoming Pectra hard fork. Basic […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Othentic – Invalid EigenLayer reward submission

The standard rewards distribution process (as recommended by the CLI) fails, resulting in gas loss for the AVS manager. Vulnerability Details The OperatorDirectedRewardsSubmission struct […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Othentic – Uncleared claims

Operators face the risk of losing rewards on the default L2 and also jeopardizesubsequent rewards on the non-default L2. Vulnerability Details The AVSGovernance contract […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Othentic – Permanent revert on rewards submission

Permanent blockage in the rewards distribution process. Vulnerability Details In the AVSGovernance contract, when processing a payment request from the AttestationCenter contract, the function […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Othentic – Security Review of Rewards V2

Composable Security partnered with Othentic to conduct a thorough security review of the Rewards V2 smart contract module. The project aimed to verify the […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Invalid decimals used to calculate totalAssets

The primary outcome of this vulnerability is that the totalAssets variable will be inaccurately calculated, leading to theft of assets or potential losses for […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Inflating vault’s share rate via reentrancy

This attack results in the theft of assets alongside an inflated share value Vulnerability Details The withdrawal process from the Max Vault works in […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit