Daniil Fronts

Top 3 researchers this week: 🥇 @dan_fronts 🥈 @0xj3st3r 🥉  @artorias_thee Keep it up! Want your handle here? Join active programs: hackenproof.com/programs

Been a wild few weeks. Not often you hit 2+ criticals daily.

Top 3 researchers this week: 🥇 @xalerafera 🥈 Marius-dp 🥉 @dan_fronts Keep it up! Want your handle here? Join active programs: hackenproof.com/programs

Most audits miss Web2.5 Smart contract auditors focus onchain. Backend devs trust the blockchain. But the real attack surface is the interaction between them. Case study from our recent audit: double-spend via reverted tx secret leak + ECDSA mismatches. blog.decurity.io/a-web2-5-vulne…

🧐 Your protocol was audited in 2022? That's exactly why it got hacked in 2025. 2025 was the year hackers went hunting through old, audited code — and rounding errors became million-dollar exploits. Our breakdown of top 10 DeFi incidents of this year: 2025-recap.decurity.io

Ever audited Solana Anchor constraints with 20+ accounts and cross-checks everywhere? Our own @passkeyra built a tool that turns them into visual graphs - red flags for missing checks pop out immediately. blog.decurity.io/auditing-solan…

Hi all, I published my new SuiSource MCP - github.com/PassKeyRa/suis… Now it has two tools that are useful for researchers - getting the local decompiled version of a package bytecode and collecting extended info about all packages of a project just by a single found package ID

Wintermute Alpha Challenge 2025 has ended! Thank you to everyone who took on the 2-week challenge (Week 1 case studies and Week 2 PvP)! This year’s challenge at a glance: ‣ 1,161 participants ‣ 8 case studies ‣ 21 PvP traders ‣ 217 submitted solutions

We analyzed the smart contract hacks from 2020 to 2025 to answer the question: how fast the vulnerable smart contracts get exploited after the deployment? Read the research: time-to-hack.decurity.io

Releasing our new IDA Pro plugin for analyzing Solana's eBPF programs developed by @dewardgnome. Check out the blog post: blog.decurity.io/reversing-sola…

New blog post: an in-depth analysis of the recent $1.8 million GemPad incident. Discover how the hacker identified the vulnerability and how much larger the impact could have been. blog.decurity.io/gempad-1-8m-in…

This CTF will be next-level tough to crack. We want to thank @DecurityHQ for their incredible contribution to Remedy CTF 2025. Their team, known for conquering the toughest CTF challenges, has been essential in making this event possible. Secure your spot now: buff.ly/4j485R5

Defimon.xyz alerts are now public! Join t.me/defimon_alerts to learn about DeFi incidents in real-time. For bug bounty hunters we indexed all smart contracts from @Immunefi to notify about: ~ Proxy Upgrades ~ Access Control Changes ~ Governance Activity and more

Everyone heard of manual security review services in web3 but what about the automation of audits and hack prevention? Check our latest blog post to learn more about web3 security software! blog.decurity.io/current-state-…

📣 New release: tree-sitter grammar for the circom language github.com/decurity/tree-… It is already integrated by @semgrep in the latest 1.86.0 release, so now you can write custom semgrep rules for your ZK circuits in circom.

Li.Fi bridge was exploited for ~8M USD. The root cause is a possibility of an arbitrary call with user controlled data via `depositToGasZipERC20()` in GasZipFacet which was deployed 5 days ago! One of hack txs: defimon.xyz/attack/mainnet…

We are excited to announce a partnership with @YieldNestFi — a Liquid Restaking Protocol. Now we are monitoring YieldNest with Defimon for suspicious transactions. Get protection from DeFi hacks — defimon.xyz

📣 New Solidity semgrep rule: `oracle-uses-curve-spot-price` Detects vulnerable price oracles that rely on Curve's get_p() which was the root cause of the $22 million @UwU_Lend hack. Check it out: github.com/Decurity/semgr…

🔬New tool for onchain bug hunters: github.com/Decurity/tx-co… tx-coverage allows to reveal unused code of live smart contracts by collecting coverage from historical transactions. With it you can discover code that was never executed onchain and may contain potential bugs.

Our team of auditors yet again proves to be among the strongest in the world 💪💪💪 Thanks @OpenZeppelin for organizing the event!