Blog

We are constantly learning new things, and believe that knowledge should be shared.

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Security Guide

Security Guide for DApps CTOs, Lead Developers, and Security Enthusiasts This forthcoming resource cuts straight to the point, delivering practical, effective security strategies without […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Othentic – Invalid EigenLayer reward submission

The standard rewards distribution process (as recommended by the CLI) fails, resulting in gas loss for the AVS manager. Vulnerability Details The OperatorDirectedRewardsSubmission struct […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Othentic – Uncleared claims

Operators face the risk of losing rewards on the default L2 and also jeopardizesubsequent rewards on the non-default L2. Vulnerability Details The AVSGovernance contract […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Othentic – Permanent revert on rewards submission

Permanent blockage in the rewards distribution process. Vulnerability Details In the AVSGovernance contract, when processing a payment request from the AttestationCenter contract, the function […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Othentic – Security Review of Rewards V2

Composable Security partnered with Othentic to conduct a thorough security review of the Rewards V2 smart contract module. The project aimed to verify the […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Invalid decimals used to calculate totalAssets

The primary outcome of this vulnerability is that the totalAssets variable will be inaccurately calculated, leading to theft of assets or potential losses for […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Inflating vault’s share rate via reentrancy

This attack results in the theft of assets alongside an inflated share value Vulnerability Details The withdrawal process from the Max Vault works in […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Invalid amounts of asset returned by strategies

This issue prevents the successful withdrawal of assets based on the values returned by the ERC4626 functions and their equivalent versions for different assets. […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Fee on withdrawal from strategy can lead to protocol’s loss

Due to this vulnerability the protocol experiences a loss of assets proportional to the fees charged. Vulnerability Details The Max Vaults allocate assets to […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit