Blog

We are constantly learning new things, and believe that knowledge should be shared.

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Fee on withdrawal from strategy can lead to protocol’s loss

Due to this vulnerability the protocol experiences a loss of assets proportional to the fees charged. Vulnerability Details The Max Vaults allocate assets to […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Inability to unstake required assets from Kernel

The vulnerability leads to the inability to automatically withdraw WBNB from the KernelClisStrategy. Vulnerability Details The KernelClisStrategy contract is designed to stake deposited WBNB […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Rate provider for ynBNBx is missing ynClisBNBk strategy

The processAccounting function will revert on every invocation within the ynBNBx context Vulnerability Details The Provider contract, responsible for retrieving rates for all assets […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Invalid rate for vaults

The valuation of vault tokens is inaccurately represented, leading to a decreasedvalue of the assets held within the MaxVault. Vulnerability Details The rate providers […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Vault not compliant with ERC4626 in maxWithdraw function

This results in non-compliance with the ERC4626 standard, leading to the potentialfor withdrawal attempts based on maxWithdraw results to fail. Vulnerability Details Per the […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Back-running the rewards transfer

The attacker acquires rewards that are generated by other users’ capital. Vulnerability Details An attacker can unfairly gain by back-running the transfer with rewards […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Secure Private Key Management for DApps

Clear instructions and best security practices to ensure the secure usage of private keys for smart contract management. Why does private key require more […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

ERC-4626: Easy To Understand Essentials

This article covers the basics of ERC4626. Take a helicopter view of how it works and what are the main security concerns that need […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Web3 Founder: 5 questions that help improve security for FREE

Learn five essential questions every Web3 founder should ask themselves to increase the security of their project without incurring additional costs. By addressing these […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit