


Themis Labs
10 posts

@ThemisLabs
Smart contract audits across EVM, Solana, and on-chain systems. We look past the code to who controls it. Trust enforced, not assumed.




On-chain: @MetronomeDAO Synth upgraded its msETH implementation on Base and Ethereum within ~1 min, each via the proxy's 3-of-5 governance multisig. Both new impls verified as SyntheticToken. Coordinated cross-chain upgrade. etherscan.io/tx/0x46905958e…



Themis Scan gave Aztec Connect a control-plane score of 100. However, the protocol was drained for roughly 2.1 million dollars on June 14. Does that mean Themis got it wrong? Spoiler alert: No. The score was right. Funds left through the proving layer, which on-chain analysis alone cannot see into. Let's take a dive into the onchain analysis. The contract had been immutable since the 2024 sunset. No upgrade key, authority renounced. This is confirmed on-chain. We then traced how a contract with no live operator lost everything: The attacker made 14 processRollup calls. Each carried a SNARK proof. The contract's original, never-modified verifier checked all 14 and returned valid, with the real precompiles running. No upgrade, no setVerifier, no admin call, no approval drain. Around 909 ETH and six tokens left through the rollup's own withdrawal path, gated by nothing but a valid proof. The contract did exactly what it was built to do, for the attacker. The problem most likely sits in the proving system. Our onchain trace cannot prove why the proofs were forgeable. It needs the off-chain circuit and proving key analysis. Those are not public.



Yesterday (June 9), We found another example of governance risk, the "elephant in the room". The $TOP governance had direct mint authority, no timelock, and a token supply small enough for an attacker to take control.

Humanity Protocol says the incident involved compromised private keys. But the harder question is: what could those keys do? I ran the referenced BNB Chain $H proxy through our control-plane scanner. It surfaced: • upgradeable proxy • proxy admin controlled by direct EOA • no timelock detected • upgrade path outside governance • one upgrade executed by 0x6Aa2...53bB This does not reconstruct the exploit or prove intent. It shows the authority surface. A key compromise is bad. A key with proxy-admin power can become protocol compromise. Contract logic is one layer. The authority graph is part of the attack surface.


