We just published a new article about an edge case that allowed to drain 100k+ from different morpho vaults as a result of the resolve hack.
There are still countless morpho vaults vulnerable to the same exploit/architectural weakness.
https://t.co/ynZfOlcZes
As soon as the next "stablecoin" goes bust, the same thing will happen all over again
Hot take: the main reason why contests are dead is because they became free.
- There is less incentive to convince a customer to host a contest when you are not going to make money out of it, especially when there are more lucrative alternatives you can sell.
- There is less incentive to allocate resources to improve a product you don't earn money from.
- In addition to contests becoming free, the % going to judges has been decreasing over time, and meanwhile LLM spam has only gone up which only increases judging cost: this contest only had a disproportionate 4K judging pot, while the contest pot was 500K - and this is a complex codebase with 164K lines of code;
If perhaps 30K was allocated to 2 or 3 senior judges + a cheaper presorter (remember C4 lookouts?) which could spend more time on judging maybe the story would be different.
@0xCharlesWang Depends on whether the "state transition in between" uses (directly/indirectly read/writes)/depends on the "global state value". This is the heuristic for thinking about re-entrancy.
Fun question, where is this from?
We're excited to initiate @Zippel_Labs audits, a cryptography security led by I.
ZKP's security is extremely important to build secure pillars of Privacy.
*Currently most zkVMs are not fully audited, & for them offering subsidized audits.
@chrisdior777 There are duplicate valid (found by multiple people). 84 submissions are valid and rewarded, but there are 4 distinct issues in total.
The 735 is the number of non-reward submissions. 90% is still pretty high though.