Sarah Hicks

security isn’t just a feature, it's the whole damn infrastructure

Mutation testing is the most under-deployed technique in smart contract security. It doesn't find bugs. It tells you whether your tests would have caught the bug if there was one. That is the more useful signal.

A serious smart contract security pipeline runs static analysis on every commit, mutation testing on the test suite, fuzzing on adversarial inputs, formal verification on critical invariants, and audits as final validation. Anything less is incomplete coverage.

11/ Watch the full episode with @yorkerhodes here: youtube.com/watch?v=5UK-vy…

10/ This is the architecture @OlympixSecurity was built around. Deterministic methods that prove correctness, AI used where it actually multiplies value, all running continuously inside the dev workflow. If your team is thinking through how to make verifiability a property of how you ship, my DMs are open.

Verifiability in smart contracts starts with test cases. Not philosophy. Not principles. The actual tests that prove the code does what you claim. 🧵

The Fortune 500 teams scaling onchain are converging on the same architecture: deterministic security tooling embedded in CI, formal verification on the high-stakes paths, continuous fuzzing in production-equivalent environments. This is becoming the institutional baseline.

The protocols that will pass institutional diligence in 2026 will be the ones whose security artifacts are continuous and verifiable: mutation scores, fuzz campaign results, formal verification certificates, deterministic findings tracked over time. Audit reports will be one input, not the whole file.

When a regulated institution deploys onchain, the regulator can't freeze a contract that behaved exactly as written. Compliance can't rest on operational controls that don't exist. It has to rest on provable correctness of the code itself.

@Securitize blockchain-based ownership records integrate with regulated transfer agency and investor onboarding systems.

BlackRock has filed for a new tokenized fund structure with the SEC, and once again selected Securitize infrastructure to power it. The filing outlines a model where blockchain-based ownership records integrate with regulated transfer agency and investor onboarding systems.

Coverage measures what tests touched. Mutation score measures whether those tests would have detected a real defect. Institutional-grade protocols should be tracking the second number.

@AlliumLabs Capital is flowing into the assets and the issuers - not the wrappers built to yield-farm them.

The RWA stack YTD 2026, in 3 bars: Tokenized T-bills: +52% RWA protocols: +44% DeFi yield: –2% Capital is flowing into the assets and the issuers -- not the wrappers built to yield-farm them. The middleware got skipped. 🧵

@tokenterminal Why has private credit emerged as the dominant onchain RWA category ahead of equities?