You're Doing xERC20 Wrong
A DoS vulnerability in the xERC20 rate limiting spec and a proposed fix using a merged buffer model.
What's in the code?
A single Volt feature upgrade: 17 code reviews, 8 engineers, integration testing. What extreme diligence looks like.
Timelocks and Multisigs
Most custody systems are opinionated implementations of the same two primitives. Individuals lack the resources to craft systems that fit their needs.
The Personal Attack Surface
A person who works in crypto also has a multidimensional attack surface. The wallet is the obvious one. It is not the most exposed.
The Invariant That Wasn't
Learning formal verification at Certora's office in Israel — and being evacuated when war broke out.
The End of Audits
Why continuous internal security processes beat one-shot audits, and how to build an audit log that actually works.
The Attack Surface
A crypto company is not a single thing to defend — it's a multidimensional object with surfaces in every direction. The least-defended surface right now is contractors.
Security: The Infinite Game
A comprehensive history of smart contract security tooling and how attack complexity has evolved faster than defenses.
Securing 50 Million in Smart Contracts. Lessons Learned
Lessons from deploying and securing $50 million in smart contracts — what actually matters when real money is at stake.
Secure Governance Testing Framework
Testing governance proposals against forked mainnet state to catch issues before they reach production.
Multi-Contract Reentrancy Locks
A global reentrancy lock pattern for multi-contract systems, tested with Echidna, Foundry, and hevm.
K&R Insurance for Crypto Executives - Pricing Risk
K&R (Kidnapping and Ransom) insurers have begun treating digital visibility, follower counts, on-chain addresses, and event attendance as material risk factors. This session explores the pricing mechanics, threat hierarchy, and mitigations that follow from that shift.
Kleidi Wallet
A self-custody wallet with mandatory transaction delays, giving users a window to cancel compromised transactions before funds leave.
Introducing Forge Proposal Simulator
An open-source framework for testing governance proposals against mainnet state before execution.
Ethereal Sentinels
Three classes of on-chain security tools: pre-hack prevention, time-of-exploit bounties, and post-hack PvP.
Composable Privacy
My career has had two threads: writing smart contracts and investing in privacy coins. The intersection is what I most want to see ship and what nobody has figured out how to build.
A Security Stack - Part 2
Eleven layers of defense, from unit tests to bug bounties. The Swiss cheese model applied to smart contract security.
A Security Stack
A multi-layered testing and auditing model. Each layer catches what the others miss.
9 Clicks to Send
Crypto products are built by people who understand crypto, for people who already understand crypto. The exchanges that collapse 9 clicks into 2 are going to eat everyone else's lunch.
T₀ vs T₁: The Simulation Problem
Transaction simulations make crypto users feel safer. But the gap between simulation and execution is where attackers live.