Posts

Most new auditors and security researchers struggle to find unique vulnerabilities. Why? Simply put, they’re auditors, not hackers. At the core, they’re approaching the task with the wrong mindset. Today’s security education outside apprenticeships is essentially a spoon-feeding of known vulnerabilities. Students learn how vulnerabilities work and the patterns behind them, but not how to think about finding new ones. This creates what I call the “auditor cognitive bias” - a sort of mental checklist approach to security assessment....

On Sunday, 30th July, tragedy struck as a vyper compiler bug was dug up from the past. This document is intended as a technical educational resource to demystify exactly what happened on the compiler side only ahead of the Vyper team’s official post mortem for impatient individuals such as myself. If you’re looking for post mortems of protocols exploited with this vulnerability, Curve released one under Llama Risk. Other affected protocols have yet to release theirs....