QED Audit

Interesting article by @r0bre. Some of my takes: To prove the effectiveness of AI tools, I think it's definitely the best to showcase in a bounty/contest with explanations of the architecture/logics. The Cosmos bug from @QED_Audit and Monad win from @octane_security are very nice examples. In terms of EVMbench, it is a pretty basic/light baseline research work that's essentially a Codex wrapper, and I see a lot of research on improving the agentic workflows. Exploit mode is definitely one of the more interesting contributions out of the OpenAI/Paradigm work. IMO it makes little sense to just find another benchmark (or even the same benchmark), run the tool and say "hey we got much higher detection rate vs. XYZ", since it could be subjective and performance can be very dataset-/model-dependent. Past research from @xy9301 have proved that. People would want to get the tool running and instantly catch real world bugs instead of spending time on benchmarks or looking at bull-shitposting all the time. Note: This is not directing at any AI tool, just some random thoughts. We should definitely leverage AI much more to improve audit workflow.

Sounding smart vs. Being optimistic

LLM: finds bug CT: doesn’t count, junior could do it LLM: claims bounty CT: show receipts, doesn’t count LLM: wins competition CT: large codebase, previous audit, doesn’t count None of those headlines claim humans in the mix aren’t productive. It’s been established that these tools are useful. Learn to use them or get left behind.

If integrated AI + fuzzing + formal verification finds real bugs. So why no persistent scanner for high-TVL chains? lot's of potential usecase which helps with: → Continuous detection across live contracts → Responsible disclosure pipeline to affected teams → Public feed of patched vulns maybe get it funded via ecosystem grants. Audit-as-a-service → security-as-infrastructure ^^

@shresth3103 We can cover mostly everything from PBFT to simplex to minimmit.

@shresth3103 Hey, wanna check us out? qedaudit.io/blog/tachyon-t…

any rust auditor available for a 1-week gig on short notice? ideally someone with experience auditing complex financial systems and/or BFT consensus logic.

20b4ec1675a76e5943cab97cecfd0472aa4ca273381527e68735fea1aec050db

0605882c4c9d5a3942284e26d2d682df2161d5b4f5f9f45289784e9535899537

cdc0f73e39eeff1e875baa3d076475e281dfda9cf8b4d76bb55328b4b58611a0 dc3fc1313818a0a8544992066ccfdd205f9f22da1888c8786160351081201c17

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

@ma1fan We describe the collapse step-by-step as well. In addition, we identified an alternative code path (before _calc_supply) that manifests in a similar phenomenon. Full PoC + detailed algebraic breakdown: x.com/QED_Audit/stat…

I have read all the yETH exploit writeups (The actually keypoint is how vb_prod turn into `0`) Although they are all well written, they do not provide a detailed analysis of the key calculation steps. I have manually reproduced the entire process（the picture `p` ==`vb_prod` ==0）and I will release my writeup as soon as possible! @yearnfi

Here's are detailed blogpost: qed-audit.github.io/2025/12/05/yet… (N/N)

Moreover, we identified an independent vulnerability outside of _calc_supply() that zeroes vb_prod and operates irrespective of the four primary issues. #file-exploitoneshotpicollapse-t-sol" target="_blank" rel="nofollow noopener">gist.github.com/ainta/1ebce1b9…

As promised, here's our view on Yearn Finance exploit. After checking @banteg's post, we sent our analysis to Yearn via @_SEAL_Org. TL;DR: there are at least 4 things that should be fixed 🧵(1/N) x.com/QED_Audit/stat…