gbaleeee

Inspired by the "two parser bug," I identified a vulnerability related to precision loss during the audit. If you're interested in precision loss or fuzz testing, check this out: @zxy211965/precision-loss-accumulation-the-two-parser-bug-lurking-in-the-shadows-5d9d11252b2a" target="_blank" rel="nofollow noopener">medium.com/@zxy211965/pre…

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

I’ve been getting a lot of questions about how this bug was found, so here are the answers: kritt.ai/technical-revi… This is a technical review of how Claude Code was used to uncover this crazy bounty, and more broadly how AI can be leveraged to find Critical and High-severity issues.

@ret2basic @brandon_shi @taichiaudit “没有～”

@brandon_shi @taichiaudit 不同意的请举手

Holiday season is here, and we @taichiaudit are starting a DeFi source code walkthrough campaign: one article every 1–2 days, from now until the end of January 2026. If you're a dev or security researcher leveling up in the bear market, this is for you.

⚠️ The full technical postmortem for the USPD exploit is now live. The root cause was not contract logic, but deployment atomicity. Our forensic analysis indicates this is an industrial-scale operation: we identified ~200 other proxies on mainnet infected by the same infrastructure. 👉 Read it here: uspd.io/blog/anatomy-o… We deployed the proxy in one transaction and initialized it in another. In that brief window, an attacker installed a "shim" that forwarded calls to our legitimate code while retaining admin control. This allowed the protocol to function normally for 3 months, passing verification checks, until we attempted a routine upgrade. We break down the specific architectural decisions—specifically regarding deterministic addresses—that created the window for the CPIMP attack. Full analysis and data in the article. 👇 V2 architecture is already in motion, moving to strictly atomic deployments to eliminate this vector entirely. Simplified modular architecture, DeFi-compatible yield design, and more. We will share further details as we progress. Next steps: Recovery Tokens and closed group affected holders, protocol adjustments and re-launch preparation. 🤝 Special thanks to @SEAL_911 for their immediate assistance in helping us navigate the aftermath.

Post-Mortem Analysis of the yETH Exploit - 1 December 2025 github.com/yearn/yearn-se…

@ret2happy @lzhou1110 It’s time to start studying plumber 101😇.

Given the recent Balancer/Yearn exploits, imagine what on-chain miracles we’d see if Lazarus started developing an LLM for automated attacks. In addition, they should cite the A1 preprint by @lzhou1110, as it is the first work for on-chain AEG.

New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing, AI agents found $4.6M in exploits. The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark: red.anthropic.com/2025/smart-con…

.@Balancer and several forked projects were attacked a few hours ago, resulting in losses exceeding $120M across multiple chains. This was a highly sophisticated exploit. Our initial analysis suggests the root cause was an invariant manipulation that distorted the BPT price calculation, allowing the attacker to profit from a specific stable pool through a single batch swap. Take an attack TX on Arbitrum as an example, the batchSwap operation can be broken down into three phases: 1. The attacker swaps BPT for underlying assets to precisely adjust the balance of one token (cbETH) to the edge of a rounding boundary (amount = 9). This sets up the conditions for precision loss in the next step. 2. The attacker then swaps between another underlying (wstETH) and cbETH using a crafted amount (= 8). Due to rounding down when scaling token amounts, the computed Δx becomes slightly smaller (8.918 to 8), leading to an underestimated Δy and thus a smaller invariant (D from Curve’s StableSwap model). Since BPT price = D / totalSupply, the BPT price becomes artificially deflated. 3. The attacker reverse-swaps the underlying assets back into BPT, restoring balance while profiting from the deflated BPT price. Attack TX on Arbitrum: app.blocksec.com/explorer/tx/ar…

@ret2basic pls issue the ret2basic token😁

Me go to conference, people ask what I do, I say smart contract/l1/zk security, people just leave 🤒🤒

@ret2basic 叮咚鸡

哈基米

@Xor0v0 用力活着用力爱哪怕肝脑涂地

充满鲜花的世界到底在哪里

好累啊 不想干安全了 审计审得头晕 攻击看得眼花 干技术是最不值钱的:-(

Just mitigated: The CPIMP Attack – a stealthy front-running exploit infecting 100s of DeFi proxies across many protocols Attacker inserts hidden proxies that self-restore, spoof Etherscan, and lie dormant for high-value strikes Tens of millions at risk dedaub.com/blog/the-cpimp…

@ret2basic @CertiK 🤣

@gbaleeeee @CertiK 等我入职了内推你

I am starting a 100 days challenge, building my web3 security portfolio in public until my dream company @CertiK hires me. 📅Day 001/100, I saw CertiK team doing suidex contest on hackenproof real-time leaderboard, so I am doing it as well. Let's hunt down some bugs!🫡

@QiuhaoLi @immunefi dddd

@GMX_IO V1 has been hacked. Here is how:

@Xor0v0 “这次不一样”