Kavita B

This is a great opportunity for anyone who wants to learn Formal Verification. It can be a way to join Pashov Audit Group as well 🫡️

Wishing you a bright and prosperous Diwali!

The Recon Extension is now fully compatible with Echidna, Medusa and Halmos. The same code can be used to run these different powerful tools to break properties. The extension automatically converts all broken properties to Foundry, so debugging is easyer. So close to 300 downloads!

🛡️GMX V1 Got Exploited for ~$40M on Arbitrum (July 9, 2025) GMX is a decentralized exchange (DEX) protocol for perpetual futures trading, operating on the Arbitrum and Avalanche blockchains. It enables users to trade leveraged positions on assets such as BTC, ETH, and others with low fees and no counterparty risk, leveraging smart contracts. 🔱Perpetual Futures Perpetual futures are a type of derivative instrument used in both traditional and decentralized finance (DeFi). They allow traders to speculate on the price of assets such as BTC or ETH without owning the actual asset. These contracts do not have an expiration date, so traders can hold their positions indefinitely, provided they maintain the required margin. 🔱Before we dive, the attack was on the chains of bugs Re-entrancy -> Unauthorised Access -> Broken Invariant -> State Manipulation -> Price/PnL Distortion -> Profit Extraction. 🔱Entry Point #L846" target="_blank" rel="nofollow noopener">github.com/gmx-io/gmx-con… 1⃣OrderBook.executeDecreaseOrder() This function reduces a trader's position and sends ETH back to the user via _transferOutETH. However, if the recipient is a malicious contract, it can re-enter GMX contracts (e.g., Vault) while executeDecreaseOrder() is still executing. Despite being marked nonReentrant, that protection only applies to the function itself, not to external calls made during its execution (like sending ETH to untrusted receivers). 2⃣Re-entrancy → Vault.increasePosition() globalShortAveragePrices[_indexToken] still held stale values from a valid previous position. This bypassed invariant assumptions: globalShortAveragePrices should be updated every time shortSize changes. But due to re-entrancy, the attacker could manipulate global short positions without resetting the price baseline. Internally, it calls _increaseGlobalShortSize() and inflates position size, breaking the invariant in P&L calculation. Creating a fake loss, depending on which direction the attacker wants. 3⃣Broken Invariant → Price and P&L Distortion This leads to a mismatch between the actual short position size and the average entry price, violating a key invariant used in profit/loss (PnL) calculations. 4⃣Price and P&L Distortion → Manipulated Profit Calculation The attacker broke the P&L calculation invariant by exploiting how GMX computes unrealized gains/losses. a. GMX uses getDelta() to calculate P&L based on: - averagePrice (which was stale/manipulated), - currentPrice (oracle-fed), - and positionSize. b. by manipulating globalShortAveragePrices and inflating globalShortSizes, the attacker made GMX think: - Short positions were deep in loss when they were actually profitable. => Result: - GMX overpaid when the attacker closed positions. - Attacker extracted excess funds from the vault by closing at fake losses, draining real assets. 5⃣AUM Distortion - GLP tokens are minted based on GMX’s AUM (Assets Under Management). - AUM = Pool Value + Unrealized PnL from Shorts - The attacker created fake short losses, which artificially inflated the AUM. - Using a 7.538M USDC flash loan, the attacker minted 4.1M GLP - significantly more than they should have received under normal conditions. 6⃣GLP Minting → Inflated AUM via Fake Shorts Loss - The GLP minting logic (GlpManager._addLiquidity()) uses AUM (Assets Under Management) to determine how much GLP to mint. - AUM includes unrealized P&L from short positions. - The manipulated fake loss in WBTC short inflated AUM dramatically. - So when the attacker minted GLP with 6M USDC, they received way more GLP than deserved, based on fake AUM. 7⃣GLP Redemption → Extracting Real Assets - The attacker closed short positions via executeDecreaseOrder(), and GMX overpaid due to manipulated unrealized P&L. - This was repeated using looped re-entrancy, amplifying the fake losses and payouts. - The attacker later burned the GLP tokens. - Since AUM was still artificially inflated, attackers could redeem significantly more USDC/WETH than the GLP was actually worth. - Massive profit extraction well beyond what their actual input should have entitled them to. 8⃣Flash Loan Repaid, Profit Secured After extracting ~$42M in real assets: - The attacker closed their large positions. - repaid the original flash loan 7.5M USDC. - left with clean profits and no open positions. They distributed the funds across multiple wallets and later returned a large portion to GMX. #Web3Security #SmartContractAuditing #DeFi #DailyVulnerabilitySeries

@pashov 😂

When you haven't recently done an audit for a web3 project that you have a security partnership with, but then you see commits on their Github like "Fix M-01, M-03"

Introducing ZEX v0.1, a confidential peer-to-peer DEX that requires no protocol-level modifications or co-processors to operate. Privacy assumptions impose very tight constraints, making DeFi use cases almost impossible to implement. Confidential tokens are usually very limited in functionality, enabling only encryption of balances and push-only transfers. The ZEX v0.1 protocol aims to defy the odds. It extends the cWETH-like confidential tokens with confidential approvals and transferFrom operations, allowing confidential peer-to-peer swaps (and other protocols) to be implemented. Although very heavy on the UX side (and gas-wise), requiring multiple ZK proofs to be verified within the same transaction, and potentially leaking confidentiality in some edge cases, ZEX shows that native confidential DeFi on Ethereum is not a dream anymore. *ZEX is still a draft and there are security issues to consider. We will try to properly address them in the future revisions of the protocol.

@chrisdior777 And where do you see it going?

Web3 Security has been part of my everyday life for more than a 3 years now - here’s what I’ve learned so far (wish someone have given me these insights and tips when I started): 👇 1. Competing with big companies is a losing game - but you don’t have to. They’ve got brand, funding, and huge teams = power. But there’s still a market for smaller security firms. Focus, niche and speed win too. 2. The ups and downs are real. One month you’re closing big deals or winning contests. Next month? Blows. Learn to ride the wave. 3. Consistency is everything. No matter how smart you are, if you’re not showing up consistently, you won’t last. 4. Network like it’s part of the job. Security is a trust game. The best gigs, insights and collabs often come from people, not job boards. 5. Don’t be afraid to ask for help. DM people, ask questions - but always do your homework first. 6. The space is still young and evolving. What was true 3 years ago is very different now. Things move fast and you have to adapt. 7. Help others when you can. If you’re in a position to give back, do it. This space grows when we lift each other up. Web3 security has been one of the best things that’s happened to me. I’m here to stay. Let’s see what’s next 🚀

@0xaudron Rust

rust or golang ?

@pashov Even I use solidity-code-metrics for estimates.

I've been asked more than 50 times how to estimate how much time an audit would take. Here is a potential approach for you. This is a Cursor AI prompt. If you are still using VScode, I see no reason to not switch to Cursor (it's the same but with built-in AI chatbot). Replace X, Y, Z by your preference and auditing speed. Of course, it may need manual refinement, use at your own responsibility. Here it is: Install `solidity-code-metrics` plugin by ConsenSys. Run it and based on it's output estimate the timeline needed for a security researcher to review all Solidity contracts under the "src" directory. Etimate it with the knowledge that he reviews ~X nSLOC per day for average complexity codebase, ~X+Y for low complexity, and ~X-Z for high complexity ones. List out: nSLOC (if any) External calls and/or integration, complex math, data structures) Based on the above, Complexity - low, average or high Duration estimate

Never surrender when defeat feels certain—that's when miracles happen. My friend had me checkmated in chess. Victory was his. But he lost hope and emotionally resigned, and accepted a stalemate. He quit fighting when winning was guaranteed. We all do this. We surrender right before breakthrough. We abandon hope when opportunity hides behind one more move. This is always wrong. Always a trap. Always the worst possible choice. Your life deserves relentless optimism. Not blind faith, but ruthless hope. The kind that keeps fighting when logic says quit. Stay all in on yourself. Tomorrow's miracle needs today's stubborn refusal to surrender. Fight until the final move.

@arsen_bt Defendor

This is literally the best Web3 Security Insights channel. Hacks, News, Education — in simple words • Like the post • Comment "Defendor" And I'll DM you the invite link.

@KirsteinUri @EthCC Looking forward to it.

Smart contract bug-finding tools all have shortcomings. Fuzzing misses input-specific bugs. Formal verification is powerful but slow and complex. At @EthCC, I’ll introduce Bounded Model Checking, an approach that finds realistic bugs by systematically exploring execution paths.

@thepantherplus @cantinaxyz Thanks for sharing..👍

Lessons from hitting 5x Top 3 finishes in contests at @cantinaxyz 🔥 Dropping the alpha that moved my rank to top 50s and achieved 5x top 3 finishes at Cantina - zero fluff, pure trenches-tested insights that actually work 💯 Thread 🧵👇

A solid guide into different bridges/interop solutions: across.to/blog/complete-…. It's written by Across, so it's biased to showcase their architecture as superior, but nonetheless, it's a solid read. If you're assessing a bridge, always check what independent researchers have to say: #risk-analysis" target="_blank" rel="nofollow noopener">l2beat.com/bridges/projec…

Top-5 Articles to learn Blockchain Vulnerabilities 🏴 Ethereum Consensus Vulnerability 🔗blog.asymmetric.re/ghost-in-the-b… 🏴 Confusion in Polygon 🔗blog.asymmetric.re/polygon-log-co… 🏴 Cosmos Reentrancy Infinite Mint 🔗blog.asymmetric.re/cosmos-ibc-ree… 🏴 Vulnerabilities in Solana CPIs 🔗blog.asymmetric.re/invocation-sec… 🏴 Evmos Precompile Infinite Mint 🔗blog.asymmetric.re/evmos-precompi…

If you want to start learning zk, I highly recommend this talk by @extropyLaurence : watch.protocol.berlin/65a90bf47932eb…

vyper 0.4.3 was released this week! .. also 0.4.2 was released 3 weeks ago, but we decided to ship more features instead of tweeting about it 😅 highlights are: - raw_create allows low level access to creation opcodes - raw_return allows bypassing ABI encoding for proxy use cases - pragma nonreentrancy on enables nonreentrancy by default

New competitive audit with a $200,000 prize pool, STARTS NOW! Let’s welcome back Chainlink for an audit of a new version of Chainlink Rewards—a community engagement and rewards program designed to incentivize active participation in the Chainlink Network. 30 days to help secure @chainlink, with the biggest prizes going to the highest and rarest vulnerabilities found. For more details on this audit, check out the audit docs below. ⤵️

_ @yieldbasis is coming github.com/yield-basis/yb…

🦀 #Rust Tip #107: TIL about the #[cold] attribute for functions that don't get called very often. This helps the compiler prioritize hot path functions for better instruction cache performance. #[cold] can also be used to tag enum variants to optimize memory layout.