Blog

We are constantly learning new things, and believe that knowledge should be shared.

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

UniswapV4: Further research to improve hooks security

Uniswap V4 hooks is an area full of potential, but also threats lurking for unprepared hook developers. To innovate, they need help and tools […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Protect your account: SIM swap hack

Learn more about the SIM card swap scam which is one of the most popular attack vectors for X account hijacking. SIM swap scam […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Uniswap V4: Oracle hook with malicious owner

The threat scenario covered in this article is “malicious hook owner updates the oracle parameters resulting in invalid price“. The example illustrating such a […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Uniswap V4: Liquidity Theft via Hook Fee

This article is one of a series where we present some implementations of “Bad Hooks” as part of our research supported by the Uniswap […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Uniswap V4: Re-Initialization Leading to Funds Locked

This article is one of a series where we present some implementations of “Bad Hooks” as part of our research supported by the Uniswap […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Threats for UniswapV4 hooks

Uniswap Foundation Grant Uniswap is undoubtedly the OG and trendsetter in the crypto ecosystem. The new Uniswap update is the largest yet and will […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

How to choose the best smart contract auditing firm?

Choosing the right smart contract auditor is not as easy as it may seem. After all, the success of the whole project in a […]

Zuzanna Jelska

Marketing Manager

Ethena – SOFT_RESTRICTED_STAKER_ROLE can withdraw stUSDe for USDe

When a holder has the SOFT_RESTRICTED_STAKER_ROLE, they can exchange theirstUSDe for USDe using StakedUSDeV2 despite the protocol requirement. Vulnerability Details The Ethena readme has […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Ethena – FULL_RESTRICTED stakers can bypass restriction through approvals

A restricted user can approve another address and redeem their USDe despite being restricted. Vulnerability Details The StakedUSDe contract implements a method to SOFTLY […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit