Blog

We are constantly learning new things, and believe that knowledge should be shared.

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

How to choose the best smart contract auditing firm?

Choosing the right smart contract auditor is not as easy as it may seem. After all, the success of the whole project in a […]

Zuzanna Jelska

Marketing Manager

Ethena – SOFT_RESTRICTED_STAKER_ROLE can withdraw stUSDe for USDe

When a holder has the SOFT_RESTRICTED_STAKER_ROLE, they can exchange theirstUSDe for USDe using StakedUSDeV2 despite the protocol requirement. Vulnerability Details The Ethena readme has […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Ethena – FULL_RESTRICTED stakers can bypass restriction through approvals

A restricted user can approve another address and redeem their USDe despite being restricted. Vulnerability Details The StakedUSDe contract implements a method to SOFTLY […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

INSIDER! Impersonating others on GitHub

Do you know it is easy to impersonate other users on GitHub if you have write access to any repository? I will show you […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Secure integration with LayerZero

A few weeks ago we reviewed a project that was integrating with LayerZero Omnichain Tokens. We were not able to find an all-in-one security […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

White hack policy

We’ve all seen more than one situation where a black hat “turned out” to be a “white hat” and when someone meant well, it […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

ETHWarsaw 2022 – Security Panel

Join us in revisiting the first edition of ETHWarsaw, where Damian Rusinek, as a representative of Composable Security, alongside esteemed colleagues from Certora, Quantstamp, […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Uniswap v4 – threat modeling for secure integration

Learn what to watch out for and what to take care of when integrating with Uniswap v4. Vision behind Uniswap V4 and team approach […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Account Abstraction – a tale on the evolution of wallets

Trust, convenience, and security are just a few values from Sir Codelot’s knightly ethos. Let’s find out what they turned into. The history of […]

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit