Sabitlenmiş Tweet
Statemind. DeFi Security Audit & Research.
The protocols we partner with ship and scale.
Contact: statemind.io/request
Public Audits: github.com/statemindio/pu…
English
Statemind
783 posts
Statemind
@statemindio
Security research for Web3 & DeFi | Lido, Curve, Fluid, Symbiotic, Valantis, Yield Basis, Vyper | Top in Paradigm CTF | ICPC |
Blockchain Katılım Mayıs 2022
87 Takip Edilen1.7K Takipçiler
Off-chain Python operator. Not the contracts.
During an internal review of @stakewise_io, our researcher @melemmeme found a vulnerability that could let anyone freeze automated withdrawals and consolidations. No exploit, no special access, just spam.
We flagged it. They fixed it fast.
If a project has off-chain and on-chain components connected, errors can occur in any part and attack vectors become more complex, each layer interfering with the other.
Writeup: gist.github.com/Leminkay/9e9a3…
Fix: github.com/stakewise/v3-o…
English
@AnantaDeva_ Hey! Applications for Fellowship #10 are closed. The next cohort will be announced in 3–4 months, stay tuned! 👀
English
@statemindio @statemindio may I know if you're still accepting application for fellowship. If not may I know when next time it will be open
English
If your protocol has off-chain dependencies, it's not DeFi. It's CeDeFi.
Echo proved it: one compromised admin key, $76M minted from nothing. The contracts worked as intended.
CeDeFi needs security at every layer:
→ Key management & policies
→ Backend audit
→ Infrastructure / opsec
→ Smart contract audit
Only one of these has become an industry standard. That needs to change.
Decrypt@DecryptMedia
Bitcoin DeFi Platform Echo Protocol Hit By $76M Monad Exploit decrypt.co/368315/bitcoin…
English
Permissionless MetaVault creation is a meaningful upgrade for the @stakewise_io Happy to contribute to the security side. 🔒
Snapshot.eth@SnapshotLabs
@stakewise_io has hit quorum on two votes in parallel: opening MetaVault creation to anyone, and making it 5x more expensive to push proposals into a binding vote. The first lets anyone spin up a MetaVault (a diversified ETH staking position that mints $osETH) without DAO approval. New factory contracts audited by @statemindio. The second raises the $SWISE bond required to advance a proposal through StakeWise's escalation game (the security gate against low-quality or malicious proposals reaching a vote) from 200,000 to 1,000,000 $SWISE. Author @kiriyha1: "200,000 SWISE now costs less than $1,000, putting the protocol at additional risk of malicious votes being tried because they're cheap to attempt." So far unanimous on each: 3 voters, 5,706,939 $SWISE in favor, zero against (190% of quorum required). Voting closes May 11th at 1pm UTC. Proposals: 1. [SWIP-39] Upgrade MetaVault Factory to Enable Permissionless MetaVaults: snapshot.box/#/s:stakewise.… 2. [SWIP-40] Increase Bond Requirement For Initiating Escalation Game In Governance & Remove Manifold Relay: snapshot.box/#/s:stakewise.…
English
@MezennerFares Intentional change this time, we removed the entry assignment to open the door wider and give more people the opportunity. Fixed the description to make it clear. Thanks for flagging!
English
@statemindio The form in the website does not contain the technical assignment, I just discovered the form with the assignment after I want to invite someone else. Please fix this.
English
New from Statemind: Audit of @stakewise_io Core V3. The vault-based liquid staking protocol powering osETH and osGNO. Operator model, meta vaults, overcollateralization math.
Report → github.com/statemindio/pu…
English
Proud to be among the trusted providers in this.
$1M in audit subsidies for builders on Ethereum.
Read this and apply 👇
Findlay@0xboo
2/ The Ethereum Security Subsidy Program is proud to be launching with access to 20+ of the leading audit providers active in the Ethereum ecosystem: @AdevarLabs, @bailsecurity, @BlockSecTeam, @Certora, @chain_security, @cyfrin, @dedaub, @GuardianAudits, @hackenclub, @HackenProof, @Hashlock_, @hexens, @immunefi, @LeastAuthority, @lethalspoons, @NethermindSec, @Quantstamp, @QuillAudits_AI, @rv_inc, @SecurityOak, @sherlockdefi, @spearbit, @statemindio, @zellic_io, and @zokyo_io. These top-tier security providers make the program possible through their commitment to support Ethereum mainnet.
English
New from Statemind: a full implementation walkthrough of @yieldbasis . From the leveraged liquidity math behind LEVAMM to deposits, withdrawals, fee splits, and the price oracle migration. All the way down to the Vyper code.
Full breakdown → statemind.io/blog/how-yield…
English
New from Statemind: we dove deep into @CurveFinance's Donations mechanism for CryptoPool. How pools can be "refueled" when fees aren't enough for repegs, with built-in safety considerations.
Full breakdown → statemind.io/blog/curve-cry…
English
We’ve been researching fixed-rate lendings in DeFi.
@pendle_fi , @NotionalFinance, @TermMaxFi: mechanics and design trade-offs, compared side by side. Thanks to the teams for feedback and to @dsstore345 for the research.
For a thoughtful weekend deep dive
statemind.io/blog/fixed-rat…
English
Statemind retweetledi
Big thanks to @statemindio for the great CTF challenges🫡
CTFs are one of my favorite ways to learn something new, explore edge cases, and sharpen security thinking in practice. Always fun and useful.
English
Ready to feel the same?
Get on the interest list for the next Statemind Blockchain Security Fellowship cohort → statemind.io/fellowship
📽️ Kudos to Ilya @ilya_komar0ff for this masterpiece
English
The doors to Statemind Fellowship are opening again 🚀
✓ Ace our entrance challenge
✓ Dive into a month-long training program with expert guidance
✓ Battle-test your skills in our handcrafted CTF
✓ Get a chance to join our team
Apply: statemind.io/fellowship
English
Proud to audit TW & CSM v2 - securing Lido's path to more decentralized staking
Lido@LidoFinance
Aragon Vote: CSM v2 Onchain Release An Aragon omnibus vote including the previously approved CSM v2 Onchain Release • Share limit increase 3% → 5% • Community Stakers Identification Framework Audited by: @AckeeBlockchain, @statemindio & @code4rena Also included: Triggerable Withdrawals, Nethermind → Twinstake Migration, and Kiln’s key rotation. Vote here: vote.lido.fi/vote/192
English
Math & Audits & Rock & Roll 🎸
@yieldbasis audit delivered. Complex protocol, thorough analysis, fascinating findings. Check out the full breakdown👇
yieldbasis@yieldbasis
Audit reports from: @statemindio @chain_security @Quantstamp @electisec @MixBytes @PashovAuditGrp docs.yieldbasis.com/user/audits-bu…
English
@smykjain @0xfluid @Instadapp The audit was conducted before launch! After the audit, a re-audit was performed and the vulnerabilities found were fixed before going live.
English
English
📣We are proud to release our audit report for @0xfluid the bespoke liquidity layer of @Instadapp .
Vulnerabilities found & fixed:
🔴 3 Critical
🟠 8 High
🟡 15 Medium
Read the report here 👇
github.com/statemindio/pu…
English