So this was the highest I ever made it on the @code4rena leaderboard. I'm now lucky to be working with some other incredibly smart people which I'll share more about soon...but fyi it's pretty cool. Can't thank C4 enough for existing; consistently great work gets recognised fast.
With support from Solana Foundation, we're launching STRIDE, a comprehensive security program that sets clear standards for @solana ecosystem projects.
STRIDE will provide independent opsec evaluations with public findings for real transparency into protocol security posture.
Our intern program is back, now with the option to work in-person in NYC or Zurich.
We're looking for security research types who are curious, skilled, and ready to work on security challenges that matter.
Apply below ↓
Asymmetric Research and @osec_io have established a shared leadership structure that aligns both teams while each continues to operate independently.
Full details below.
New post: @RelayProtocol’s contracts trusted Ed25519 verification without validating offsets, opening the door to forged allocator signatures and potential double-spends.
@_fel1x details the bug, the risks it posed to cross-chain liquidity, and how the issue was addressed.
Threat Contained: marginfi Flash Loan Vulnerability by @_fel1x
A new instruction broke the flash loan logic, creating a way to borrow without repaying and putting $160M at risk.
We explain the vulnerability, potential impact, and how it was fixed. Full post below ↓
Adevar Labs is a new kind of audit firm: deeply focused, radically transparent, and built for high-stakes Solana projects.
If you care about safety, trust, and getting it right before launch, keep reading 🧵
Security Engineer (DeFi) ⇢ Help secure high-stakes smart contracts across multiple runtimes, building custom tooling, monitoring systems, and security frameworks for top DeFi protocols.
https://t.co/QHiUX60kB7
Delegating to the Asymmetric Research validator is a vote for safety and security on Solana. Here’s a quick guide to how to get started ⇣
https://t.co/ObSsQ0B5iI
Asymmetric Research is hiring ⚔️🛡️
Join our team and help tackle some of web3's toughest security challenges.
More details below & please share with friends who might be a fit ↓
New blog post: Corrupt Commitments: Proposer Equivocation Bug in Helix MEV Relay, by @0xalpharush. It explores how a lack of validation on proposers’ commitments to blob data can be used in unbundling attacks.
New blog post: Ghost in the Block, an Ethereum Consensus Vulnerability, by Giuseppe Cocomazzi. Slight nuances in SSZ deserialization between the Prysm and Lighthouse clients could have allowed an attacker to degrade Ethereum consensus.
https://t.co/8kTIQTNr2x
New blog post: Circle CCTP Noble Mint Bug by @evonide. A critical vulnerability in Circle’s Noble CCTP implementation could have allowed the circumvention of message sender verification to mint arbitrary USDC tokens.
https://t.co/SmfNBGz3qS
New blog post: Evmos Precompile State Commit Infinite Mint. A critical vulnerability in EVM state commits during precompile execution could cause a mismatch between the state held within EVM and the Bank module, resulting in inflated contract balances. https://t.co/ktx9t2nRjZ
New Boost alert! 🚨
@jump_firedancer v0.1 is launching a Boost on Immunefi, kicking off on July 10th!
With up to $1m available in rewards, you’ll want to get involved.
Get ready to hunt — and earn big! 🤑 LINK in the tweet below 👇
🔥💃Calling all bounty hunters! @Immunefi is hosting a $1M prize pool to help secure Firedancer v0.1, a new Solana client written in C and Rust!
https://t.co/UsF8zy2Q5C
New blog post: Cosmos IBC Reentrancy Infinite Mint. A critical reentrancy bug in ibc-go could have enabled the infinite mint of IBC tokens on Cosmos chains.
https://t.co/ybeLpiUqTU