OpenZeppelin Move Contracts are now live on @SuiNetwork 💧
The same library securing over $35 trillion in onchain value and trusted by the industry's most critical protocols is now purpose-built for Sui.
Here's what's in the first release 👇
🚨 V4 Swap Router by z0r0z - Loss $42.6K (2026-03-03)
Type: ABI Encoding / Authorization Bypass
The swap(bytes,uint256) function in UniswapV4Router04 uses inline assembly with a hardcoded calldata offset (calldataload(164)) to verify that the payer in the swap data equals msg.sender. This assumes standard ABI encoding where the bytes parameter offset is always 0x40. An attacker crafted non-standard (but valid) ABI-encoded calldata with the bytes offset set to 0xc0, placing their own address at position 164 to pass the authorization check, while the actual decoded bytes data contained the victim's address as the payer. This allowed the attacker to drain 42,607 USDC from a victim wallet (an EIP-7702 delegated EOA) that had approved the router, swapping it for 21.2 ETH via Uniswap V4's ETH/USDC pool.
TX: https://t.co/lwyxjvMP1v
Victim: https://t.co/dl7vmpSQGG
Router: https://t.co/kQ6yIkeuk1
We have reached out to @z0r0zzz, but the contract is not upgradeable and cannot be paused. Revoke approvals to UniswapV4Router04!
Now, the quantum resistance roadmap.
Today, four things in Ethereum are quantum-vulnerable:
* consensus-layer BLS signatures
* data availability (KZG commitments+proofs)
* EOA signatures (ECDSA)
* Application-layer ZK proofs (KZG or groth16)
We can tackle these step by step:
## Consensus-layer signatures
Lean consensus includes fully replacing BLS signatures with hash-based signatures (some variant of Winternitz), and using STARKs to do aggregation.
Before lean finality, we stand a good chance of getting the Lean available chain. This also involves hash-based signatures, but there are much fewer signatures (eg. 256-1024 per slot), so we do not need STARKs for aggregation.
One important thing upstream of this is choosing the hash function. This may be "Ethereum's last hash function", so it's important to choose wisely. Conventional hashes are too slow, and the most aggressive forms of Poseidon have taken hits on their security analysis recently. Likely options are:
* Poseidon2 plus extra rounds, potentially non-arithmetic layers (eg. Monolith) mixed in
* Poseidon1 (the older version of Poseidon, not vulnerable to any of the recent attacks on Poseidon2, but 2x slower)
* BLAKE3 or similar (take the most efficient conventional hash we know)
## Data availability
Today, we rely pretty heavily on KZG for erasure coding. We could move to STARKs, but this has two problems:
1. If we want to do 2D DAS, then our current setup for this relies on the "linearity" property of KZG commitments; with STARKs we don't have that. However, our current thinking is that it should be sufficient given our scale targets to just max out 1D DAS (ie. PeerDAS). Ethereum is taking a more conservative posture, it's not trying to be a high-scale data layer for the world.
2. We need proofs that erasure coded blobs are correctly constructed. KZG does this "for free". STARKs can substitute, but a STARK is ... bigger than a blob. So you need recursive starks (though there's also alternative techniques, that have their own tradeoffs). This is okay, but the logistics of this get harder if you want to support distributed blob selection.
Summary: it's manageable, but there's a lot of engineering work to do.
## EOA signatures
Here, the answer is clear: we add native AA (see https://t.co/YD9nIpsxcC ), so that we get first-class accounts that can use any signature algorithm.
However, to make this work, we also need quantum-resistant signature algorithms to actually be viable. ECDSA signature verification costs 3000 gas. Quantum-resistant signatures are ... much much larger and heavier to verify.
We know of quantum-resistant hash-based signatures that are in the ~200k gas range to verify.
We also know of lattice-based quantum-resistant signatures. Today, these are extremely inefficient to verify. However, there is work on vectorized math precompiles, that let you perform operations (+, *, %, dot product, also NTT / butterfly permutations) that are at the core of lattice math, and also STARKs. This could greatly reduce the gas cost of lattice-based signatures to a similar range, and potentially go even lower.
The long-term fix is protocol-layer recursive signature and proof aggregation, which could reduce these gas overheads to near-zero.
## Proofs
Today, a ZK-SNARK costs ~300-500k gas. A quantum-resistant STARK is more like 10m gas. The latter is unacceptable for privacy protocols, L2s, and other users of proofs.
The solution again is protocol-layer recursive signature and proof aggregation. So let's talk about what this is.
In EIP-8141, transactions have the ability to include a "validation frame", during which signature verifications and similar operations are supposed to happen. Validation frames cannot access the outside world, they can only look at their calldata and return a value, and nothing else can look at their calldata. This is designed so that it's possible to replace any validation frame (and its calldata) with a STARK that verifies it (potentially a single STARK for all the validation frames in a block).
This way, a block could "contain" a thousand validation frames, each of which contains either a 3 kB signature or even a 256 kB proof, but that 3-256 MB (and the computation needed to verify it) would never come onchain. Instead, it would all get replaced by a proof verifying that the computation is correct.
Potentially, this proving does not even need to be done by the block builder. Instead, I envision that it happens at mempool layer: every 500ms, each node could pass along the new valid transactions that it has seen, along with a proof verifying that they are all valid (including having validation frames that match their stated effects). The overhead is static: only one proof per 500ms. Here's a post where I talk about this:
https://t.co/rAUSJjW7WL
https://t.co/EtXpkaDll5
Quick take on #OpenAI × #Paradigm’s EVMbench for AI smart contract auditing.
Previously, ScaBench has been widely used for benchmarking AI-based contract analysis.
Both have strengths — and different optimal use cases.
Here’s a breakdown:
1️⃣ Benchmark positioning
• EVMbench feels like a live exploit arena.
It’s ideal for evaluating whether an AI auditing agent can go from reading → identifying → patching → validating — and ultimately generate working exploits.
• ScaBench provides richer structured labels and semantic annotations.
It’s better suited for training, optimizing, and benchmarking vulnerability detection performance at scale.
2️⃣ When to use which?
• Want to test whether your AI agent can actually write patches or generate PoCs? → Use EVMbench.
• Running large-sample recall studies or training detection models? → Use ScaBench.
• Best practice: combine both.
Use ScaBench for broad recall, then push specific cases into EVMbench containers for deeper exploit validation.
3️⃣ GitHub
EVMbench:
https://t.co/5Y87rmtIs5
ScaBench:
https://t.co/NsGdEaSVji
At the same time, #DeepScan — the AI auditing engine developed by #GoPlus — covers everything from low-level syntax pitfalls to complex business logic flaws.
We’ve conducted deep coverage benchmarking of DeepScan against both EVMbench and ScaBench.
🔎 EVMbench alignment
DeepScan strongly aligns with EVMbench on high-severity, fund-impacting vulnerabilities.
EVMbench focuses on “money bugs” — 120 high-impact flaws that can directly cause asset loss.
DeepScan’s core detections — reentrancy, access control issues, price manipulation, arithmetic errors — directly map to these categories.
🔎 ScaBench alignment
DeepScan closely matches ScaBench in terms of audit breadth and logic coverage.
ScaBench uses real contest audit reports as ground truth, including medium/low severity and complex business logic invariants.
DeepScan’s detection of consistency flaws, DoS vectors, and ERC-4626-specific checks aligns strongly with datasets sourced from Code4rena and Sherlock.
DeepScan is now capable of challenging both leading benchmarks —
especially in fine-grained business logic classification, which reflects the industry’s expectation for expert-level AI auditing systems.
🔗 DeepScan: https://t.co/Ln1P9QnAU4
CredShield, with support from the One Trillion Dollar Security Initiative, has released the annual OWASP Smart Contract Top 10.
This list provides an overview of the most critical smart contract risks for developers and security teams to protect against today.
EIP-7702 is an auditor’s nightmare💀
Sticky storage can leave dirty slots behind between delegatecalls — wallets can get bricked. On top of that: huge init front-running risk.
🔎 A must-watch breakdown from
@theredguild
https://t.co/7XwaLZYoIO