KeySecurity

56 posts

KeySecurity

@KeySecurityLtd

40+ conducted audits Have been working with: Ai Agent Layer, Cookie3, StarHeroes, GameSwift, DYAD, DayHub Reach out on Telegram https://t.co/c1UUIhw14m

Bergabung Haziran 2024

1 Mengikuti200 Pengikut

Tweet Disematkan

KeySecurity@KeySecurityLtd·8 Şub

Almost 30 Published Security Reports are in our portfolio You will find: - 40 high severity findings - 60 medium severity findings If you want to increase your security knowledge, you may want to read them. Star the repo if you like the findings⭐️ github.com/gkrastenov/aud…

English

3.4K

KeySecurity me-retweet

gkrastenov@gkrastenov·18 Oca

Issues in DAI & WETH with Permit ERC-2612 1. DAI have two additional input parameters in the permit function, which can cause the call to revert. 2. WETH does not have a permit function, but the call will execute without errors because the fallback function will be triggered.

English

4.3K

KeySecurity me-retweet

gkrastenov@gkrastenov·14 Ara

📄New Security Report Published I conducted a small audit back in October on a project that is a fork of OKX. No critical, high, or medium issues were found. The new changes are well written and have been reviewed✅ Full report 👇 github.com/gkrastenov/aud…

English

1.7K

KeySecurity me-retweet

gkrastenov@gkrastenov·17 Kas

Sharing the report from a 3-week solo audit: • 16 High • 6 Medium • 4 Low • 16 Info Large codebase using the Diamond Proxy pattern and integrating with Uniswap. Report 👇 github.com/gkrastenov/aud…

English

158

21.3K

KeySecurity@KeySecurityLtd·3 Eki

8 new reports dropping in the coming weeks. 20+ High severity issues already found and fixed ✅

gkrastenov@gkrastenov

I appreciate everyone who chooses me as their auditor. Regardless of budget, I always give my best to prevent their project from being hacked. That’s why most of my clients keep working with me. I’ve been working with one client for 2+ years and we’ve done 10 audits together.

English

168

KeySecurity@KeySecurityLtd·30 May

Sharing our security report for @alaska_game One year ago, we conducted a small audit of their CARAT ERC-20 multichain token, which uses CCIP The codebase was well-written and no crucial vulnerabilities were found ✅ Report 👇 github.com/gkrastenov/aud…

English

753

KeySecurity@KeySecurityLtd·27 May

🚩Replay Attacks/Signature Malleability Every signature should include: - nonce, as a unique identifier to prevent reuse - expiry time, after which the signature is no longer valid - chain. id, to prevent reuse on different blockchains Also, proper check of the signer whether it's msg.sender or the project's off-chain address.

English

448

KeySecurity me-retweet

gkrastenov@gkrastenov·27 May

🧵For 2 years (2023-2025), @ether_fi conducted 18 audits More than 25+ High vulnerabilities were found. Here is a short, simple explanation of the 16 most important findings. 🔖Bookmark this thread or read it now👇

English

3.6K

KeySecurity@KeySecurityLtd·25 May

🚩Common DAO Vulnerabilities - Flash Loan Manipulation - Transferable Voting Power - Execution and Voting in the Same Transaction - Insufficient Proposal Validation - Spamming or Creating Invalid Proposals - Double Execution of a Proposal in the Same Block

English

434

KeySecurity@KeySecurityLtd·14 May

Finding from one of our audits Avoid calculating the slippage amount on-chain. Consider implementing an off-chain price feed for slippage checks to minimize the risk of manipulation during swaps.

English

146

KeySecurity@KeySecurityLtd·26 Nis

📄New Security Report Published Our client is building early invoice payments on top of @compoundfinance After two days of auditing, 2 Medium findings were found and resolved the next day. Full report 👇 github.com/gkrastenov/aud…

English

948

KeySecurity@KeySecurityLtd·23 Nis

This bug was spotted in one of our recent audits. If you want to read it and see 3 more high vulnerabilities. Here is the report 👇 github.com/gkrastenov/aud…

gkrastenov@gkrastenov

The reward should NOT be calculated based on token.balanceOf(msg.sender); it should be based on the amount of tokens the user deposited into the contract. The bug is trivial, but it still occurs nowadays.

English

195

KeySecurity@KeySecurityLtd·17 Nis

13 Chainlink Oracle Security Considerations If your project uses Chainlink Oracle, you must read this #0faf" target="_blank" rel="nofollow noopener">medium.com/cyfrin/chainli…

English

203

KeySecurity me-retweet

gkrastenov@gkrastenov·31 Mar

Q1 2025 Stats: > 6 private audits & 2 mitigation reviews > 3 projects launched > 15M TVL protected > 1 large audit scheduled for April Follow @KeySecurityLtd, where we will share every High & Medium severity issue we find. Reports👇 github.com/gkrastenov/aud…

English

4.8K

KeySecurity@KeySecurityLtd·26 Mar

Today we finished our 4 audit for @honeydotfun In the last few months, we were able to audit their Tokenomics contracts twice and their Platform contracts. All 4 reports have been published and can be found here👇 github.com/gkrastenov/aud…

English

272

KeySecurity@KeySecurityLtd·18 Mar

Mini milestone reached by us! 🚀 Two of the projects we audited 4 months ago were listed on @binance and @coinbase. Since then, there have been no incidents, and their utility tokens are highly traded.

English

154

KeySecurity@KeySecurityLtd·13 Mar

📄New Security Report Published We conducted a very small audit of a project that was previously audited by us one year ago. No critical, high, or medium issues were found. The new changes are well-written and reviewed ✅ Full report 👇 github.com/gkrastenov/aud…

English

108

KeySecurity@KeySecurityLtd·11 Mar

📄New Security Report Published We conducted a second audit of our client for one day. We were able to find a critical issue in how the already claimed amount is stored and updated in their vesting contract Full report 👇 github.com/gkrastenov/aud…

English

430

KeySecurity@KeySecurityLtd·26 Şub

📄New Security Report Published For 2 days, we were able to audit 2 staking and vesting contracts, as well as the airdrop contract. We found 2 High and 1 Medium findings, which were resolved by the dev team. ✅ Full report 👇 github.com/gkrastenov/aud…

English

393

Jelajahi

@alaska_game @ether_fi @compoundfinance @honeydotfun @binance @coinbase @elonmusk @BarackObama