Blog
Our latest thoughts and news.
Geth Out-of-Order EIP Application Denial-of-Service
iosiro reported a bug to the Ethereum Foundation that could be used to remotely crash Ethereum Mainnet geth clients through RPC.
April 3, 2024
Optimism Censorship Bug Disclosure
iosiro reported a bug to Optimism that allowed over 1.3 million accounts to be censored for an arbitrary period of time.
October 9, 2023
Nethermind ModExp Out of Memory Consensus Issue
iosiro reported a consensus breaking bug in the Nethermind client. The bug was awarded with bounties from both the Ethereum Foundation, as well as Gnosis.
December 2, 2022
High Risk Bug Disclosure: Across Bridge Double-Spend
A high risk vulnerability was disclosed to Risk Labs by iosiro affecting the Across bridge relayer infrastructure and awarded with a $90,000 bounty.
October 12, 2022
High Risk Vulnerability Disclosed to Ondo Finance
A high risk vulnerability was disclosed to Ondo Finance by iosiro affecting the Tranche Token smart contract and surrounding contracts and awarded with a $25,000 bounty.
March 22, 2022
UUPS Vulnerability Disclosed to OpenZeppelin
iosiro disclosed a UUPS proxy vulnerability to several teams, affecting over $50m in assets. This post details the technical details and the disclosure to OpenZeppelin.
September 16, 2021
Temporary DOS disclosed to and remediated by Polygon
iosiro disclosed a Temporary Denial-of-Service vulnerability to Polygon. This blog post details the bug details, disclosure process, and remediation.
August 23, 2021
High Risk Vulnerability Disclosed to Alchemix
iosiro disclosed a high risk bug to Alchemix through Immunefi for a bounty of $7,500. This blog post details the bug and the disclosure process.
August 13, 2021
Critical Bug Identified in 88mph Awarded with $42,069 Bounty
iosiro identified a critical bug in the fixed-interest-rate lending protocol 88mph. The bug was reported to 88mph through Immunefi for a bounty of $42,069. This blog post details the bug and the disclosure process.
June 15, 2021
How to Prepare for a Smart Contract Audit
This post describes some of the things you should do before a smart contract audit to ensure that you get the most out of it.
May 20, 2021
Introducing Baserunner: a tool for exploring and exploiting Firebase datastores
In this post we'll be looking at some risks posed by Firebase, a popular serverless application platform. We'll also be introducing Baserunner, an open-source tool that helps to interact with these applications to find vulnerabilities.
May 5, 2021
Smart Contract Security for Pentesters
This article provides an introduction to the world of smart contract security for people with a background in traditional cyber security and little knowledge of crypto and blockchain tech. It's drawn from the experiences of our team of exploit developers and pentesters turned smart contract auditors.
April 21, 2021
Secure your system.
Request a service
Start Now