fedebianu

Today marks my 1-year anniversary at @electisec. 19 audits completed, many vulnerabilities found, but above all met so many talented auditors along the way. Still excited to keep learning and improving.

Maybe you heard: we're yAudit again

yAudit is BACK It's an annual tradition for us to rebrand, but this year is different: we're re-rebranding. We're yAudit, no longer electisec. More updates coming soon!

@yAuditDAO is back 😉

@yAuditDAO @DrasticWM @adrianromero @usmannk @juancito @blocksec Congrats mates 👑

Winners and security legends: Wonderland CTF crushed by @DrasticWM @adrianromero @usmannk @juancito @blocksec

@Electisec 🤝 @Optimism Proud to announce we're now whitelisted as a Superchain Audit Service Provider! This means projects building on Superchain can access subsidized audits through the Foundation's grant program. Excited to help secure the ecosystem we believe in!

@yieldbasis 🤝 @electisec We audited @yieldbasis, a new AMM protocol by Curve founder @newmichwill that solves impermanent loss through pure mathematics 📐 Well-architected throughout, all in @vyperlang 🐍

Huge thanks to the incredible team at @electisec. It's been an intensive two weeks with 2 of their senior researchers and nearly 20 fellows from their program. Thoughtful, well architected, and security first is what we live by. Onwards.

Audit Complete: Centrifuge V3 🏁 We reviewed the latest architecture powering @centrifuge's push for modular and decentralized on-chain asset management. We're always glad to see codebases like this: thoughtful, well-architected, and built with security in mind 🛡️

On July 9, a vulnerability was identified by @schlagonia and our long-term security partner @electisec, affecting pending epoch rewards in Origami’s lovSky vaults. Please note: 💠 No user funds, nor epoch rewards were lost. 💠 User deposits were never at risk (just harvested rewards of $1-2k per epoch) TL;DR of the vulnerability: Origami uses programmatic CoW Swap orders to optimize execution and vault returns. The issue allowed external actors to potentially bypass the intended order submission flow and send orders directly to the CoW SDK. This means that a hypothetical attack could have captured pending epoch rewards. This vector had not been identified in previous audits. In response to the disclosure, the CoW integration contracts were paused. A patch was developed, reviewed by @electisec and deployed prior to the announcement of SKY+. We're grateful to @schlagonia and @electisec for the responsible disclosure and collaboration. A full re-audit was commissioned with @electisec as an extra precaution. No further issues were found. The full security review is available below 👇

Week 4 is wrapped, and with that, the Block 7 Fellowship has officially come to a close 😮 The final week was big. We served what they wanted, a @vyperlang protocol audit for @yieldbasis!

A critical vulnerability I found in code forked from @1inch could have drained ~650k COVE tokens from @cove_fi contracts. Here's how the attack worked and how it was responsibly disclosed 🧵

On June 12, 2025, a critical reentrancy vulnerability was identified by @adrianromero @yAuditDAO @electisec in Cove’s liquidity mining program and promptly neutralized. No user funds were lost, and 652,565 non-transferable COVE tokens were secured as a precaution. The vulnerability was introduced in @1inch token-plugins@1.0.0, and was integrated by Cove. This variant was never deployed within @1inch infrastructure.

Block 7 is officially in audit mode 🔍 The fellows joined a live session with the @Centrifuge team, where they walked us through the contracts, and gave essential context for the audit ahead. We also had a guest session from @0xleastwood, who walked us through a Centrifuge audit he recently worked on. Fellows joined in, asked great questions, and by the end of the walkthrough, it was clear everyone was ready to dig in.

We had the pleasure of hosting @0xadrii in a 🔥 session led by @watermelon_sec for our Block 7 fellows last week. From being an @electisec fellowship alum to becoming a Lead Senior Watson, his journey into web3 security is nothing short of inspiring. Some gems from the conversation 👇

Yay! Our first newsletter just dropped! 🎺 Security wins, ZK research, fellowship updates and more 🔍 Now you don't have to DM us for updates, we'll deliver it straight to your inbox. Subscribe for quarterly security goodness 💌👇

⏳ Only 3 days left to apply for the Electisec Smart Contract auditing fellowship. Hands-on audits, real-world experience, and you'll be learning from folks whose work you've probably already bookmarked. If you're serious about smart contract security, just do it!

⚡Electisec has shaped many security gigabrains… but we're not done! We're soon kicking off our Smart Contract fellowship to find the next set of security superstars, and we invite you to be a part of this trial-by-fire program. Think you’ve got what it takes? Details below!

Audited by the crunchy red veg 🥕

Congrats @berachain on the successful completion of the campaign!🎈 We had the pleasure of auditing @roycoprotocol’s Cross-Chain Deposit Module (CCDM), the engine powering Boyco behind the scenes. It secured $3B worth of TVL!

⚠️ Attention @Uniswap V4 Integratoors ⚠️ Creating and managing liquidity positions that involve native ETH on Uni V4? Read carefully: During our latest audit with @vfat_io, we identified a high severity issue in how liquidity is provided by Sickle to Uniswap V4 pools.