Tâ vs Tâ: The Simulation Problem
Transaction simulations make crypto users feel safer. But the gap between simulation and execution is where attackers live.
Blog Posts
Security Research
You're Doing xERC20 Wrong
A DoS vulnerability in the xERC20 rate limiting spec and a proposed fix using a merged buffer model.
Multi-Contract Reentrancy Locks
A global reentrancy lock pattern for multi-contract systems, tested with Echidna, Foundry, and hevm.
Ethereal Sentinels
Three classes of on-chain security tools: pre-hack prevention, time-of-exploit bounties, and post-hack PvP.
The Invariant That Wasn't
Learning formal verification at Certora's office in Israel â and being evacuated when war broke out.
Securing 50 Million in Smart Contracts. Lessons Learned
Lessons from deploying and securing $50 million in smart contracts â what actually matters when real money is at stake.
What's in the code?
A single Volt feature upgrade: 17 code reviews, 8 engineers, integration testing. What extreme diligence looks like.
Secure Governance Testing Framework
Testing governance proposals against forked mainnet state to catch issues before they reach production.
Introducing Forge Proposal Simulator
An open-source framework for testing governance proposals against mainnet state before execution.
Security Methodology
Security: The Infinite Game
A comprehensive history of smart contract security tooling and how attack complexity has evolved faster than defenses.
A Security Stack
A multi-layered testing and auditing model. Each layer catches what the others miss.
A Security Stack - Part 2
Eleven layers of defense, from unit tests to bug bounties. The Swiss cheese model applied to smart contract security.
The End of Audits
Why continuous internal security processes beat one-shot audits, and how to build an audit log that actually works.
Product
9 Clicks to Send
Crypto products are built by people who understand crypto, for people who already understand crypto. The exchanges that collapse 9 clicks into 2 are going to eat everyone else's lunch.
Kleidi Wallet
A self-custody wallet with mandatory transaction delays, giving users a window to cancel compromised transactions before funds leave.
Timelocks and Multisigs
Most custody systems are opinionated implementations of the same two primitives. Individuals lack the resources to craft systems that fit their needs.