smart contract audit

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Security Review of Max Vaults and integration with Kernel

YieldNest partnered with Composable Security to evaluate the security of its Max Vault integration with the Kernel protocol on BNB Chain. The goal was […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Braintrust – Safe Wallet and Coinbase Integration

Freelance Labs, Inc. engaged Composable Security to conduct an in-depth security review of Braintrust, a decentralized talent network. The primary objective was to ensure […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Tapioca – OFT can be impersonated through _lzCompose with multiple compose messages

This vulnerability allows anyone to make a cross-chain calls with multiple compose messages, and execute the messages (all except the first one) as the […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Tapioca – Nesting remote transfer messages to steal tokens

The user can use a nested MSG_REMOTE_TRANSFER message in a valid MSG_REMOTE_TRANSFER to execute back the remote transfer as the owner of tokens (stealing […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Tapioca – Unprotected executeModule function allows to steal the tokens

The executeModule function allows anyone to execute any module with any params. That allows attacker to execute operations on behalf of other users. Vulnerability […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Tapioca – Unverified _srcChainSender parameter allows to impersonate the sender

The function executes modules depending on the _msgType parameter and some of them do not accept the _srcChainSender parameter. Vulnerability Details The _toeComposeReceiver function is called […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Key threat based cross-checks

Often projects do not carry out cross-checks due to the limited budget and the high cost of a smart contract audit – but there […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

How we do smart contract audit

Find out what the price of the smart contract audit consists of, when to perform it, and what the auditing process and report it […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Smart contract audit – the best tips on how to be prepared better

Prepare for your smart contract audit with confidence. Use this great opportunity to clean up and take care of the code and overall smart […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit