Zero Cipher

@VulSightSec identified a high-severity vulnerability in the Ethereum geth codebase. The issue had the potential to cause network halt across Ethereum and downstream chains inheriting the same execution logic. This marks another milestone in our focus on responsible security research. Glad to help secure Ethereum's future. To support teams building critical infrastructure, we’re offering a limited complimentary 1-day focused security review to protocols. Feel free to DM us

Spent 3 days building a proof of concept for a critical in a bug bounty. Full exploit chain. Exact steps showing how to drain the pool. Marked duplicate. Another researcher submitted the same finding hours before me. 72 hours of work. Zero payout. On to the next one.

The exploit that drains your protocol probably won't be sophisticated. It will be a single missing check. A function that accepts arbitrary token addresses without a whitelist. An attacker deploys a malicious contract that returns inflated price data. Uses it as collateral. Borrows real assets. Drains the pool. The fix is one line of code. A whitelist check on accepted collateral addresses. This exact pattern shows up constantly. In lending protocols. In liquidation functions. In any system that trusts external token inputs without validation. I've caught this pattern in pre-deployment audits. The teams that had it reviewed avoided catastrophic loss. The ones that didn't are the ones you read about. The difference between a multimillion dollar loss and a $0 loss is often just one review by someone who's seen the pattern before. How many protocols are live right now with this same vulnerability

@TheTradMod @fredrik0x High is still same xD

@fredrik0x @zerocipher002 xD

The Ethereum Foundation Bug Bounty Program (bounty.ethereum.org) has increased its maximum payout from $250K to $1M.

The biggest shift in my security career wasn't learning a new language. It was learning to stop thinking like a developer. Early on, I reviewed code asking: "Does this work correctly?" Wrong question. Developers build for the expected path. Attackers live in the unexpected. Every input you didn't validate. Every state you didn't consider. Every assumption you made about user behavior. That's where the bugs live. The shift happened when I stopped reading code to understand it and started reading code to break it. Different question. Completely different results. The best auditors don't think like better developers. They think like attackers who understand development.

ZK circuits are the least audited and most dangerous code in crypto right now. Most teams focus on the smart contract layer. The real risk lives underneath, in the constraint system. A ZK circuit defines what a prover must satisfy to generate a valid proof. If a constraint is missing or too loose, a malicious prover can create valid proofs for invalid state transitions. An under-constrained circuit can: Allow forged proofs that bypass validation entirely Enable double-spending through unchecked nullifiers Let attackers mint tokens from nothing with a valid-looking proof The worst parts are these bugs don't show up in testing. The circuit compiles. The proofs verify. Everything looks correct. Until someone crafts an input that satisfies your constraints but violates your intent. Most auditors treat ZK systems as a black box. They audit the Solidity verifier and skip the circuit. That's like auditing the front door while ignoring the open window. If you're building with ZK, your circuit isn't infrastructure, it's your most critical attack surface.

Your protocol had three audits and still got exploited. This happens more often than you think. Audits are point-in-time snapshots. They cover the code as it existed on the day of review. But protocols evolve. New integrations. Upgraded contracts. Modified parameters. Forked dependencies. Every change after an audit creates unreviewed attack surface. I've found criticals in codebases that had been audited twice before. Not because the previous auditors were bad. Because the code changed after their review. Three audits on three versions of your code doesn't mean your current version is safe. It means three old versions were reviewed. Security isn't a certificate. It's a process. If your last audit was before your last deploy, you're running unreviewed code in production.

One of the biggest bounties I've earned came from a vulnerability that most auditors would have never found. Not because it was deeply complex. Because it wasn't where anyone was looking. The vulnerability didn't exist in the GitHub version of the smart contract. It only existed in the on-chain deployed contracts. The code that was actually live, holding real funds. Most auditors only review the GitHub repo. That's the standard scope. But the deployed contract can differ. Different constructor arguments. Post-deployment configurations. State changes after initialization. I found it because I wasn't randomly scrolling through code. I chose one specific impact I wanted to test for: drain of funds. Then I worked backwards. Where does the money flow? Which functions move funds? What checks exist on those paths? I audited both the GitHub repo and the on-chain contracts. The discrepancy between them is where the critical was hiding. The methodology is simple. Pick the worst-case impact. Trace every path that could lead there. Audit both the repo and what's actually deployed. The GitHub repo is a draft. The on-chain contract is what attackers see. Audit both.

The most underestimated bug class in smart contracts isn't flash loan attacks or oracle manipulation. It's broken access control. Missing role checks on admin functions. Unprotected initializers. Public functions that should be internal. Privilege escalation through unvalidated callers. These aren't sophisticated exploits. They're oversights. But they consistently account for some of the largest losses in DeFi. Functions that simply didn't check who was calling. I've found access control bugs in protocols that passed multiple audits. Previous auditors focused on complex DeFi logic and overlooked a public function with no modifier. Every audit I start, I check every external and public function with one question: "Who can call this, and what happens if the wrong person does?"

Formal verification makes your protocol safe. Except when it doesn't. Formal verification proves your code matches your specification. It doesn't prove your specification is correct. I've audited formally verified codebases. Found criticals in two of them. The proofs were mathematically sound. The assumptions behind them weren't. A spec that doesn't model edge cases in liquidation logic won't catch a liquidation exploit. No matter how many theorems you prove. Most teams treat formal verification as the final layer of security. It's not. It's one layer. Verification without adversarial review is expensive false confidence. The math was perfect. The model was incomplete.

@bbl4de_xyz @immunefi Great work brother 🔥

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

@0xnirlin @AdevarLabs Million dollar bounty wen 👀

After a great run at @AdevarLabs, I'm going independent. I will be focusing more on Solana security, research, and pursuing other web3 security interests. If you're building on Solana and want your project battle-tested, DMs are open.

@WhiteHatMage @VulsightSec Thank you sir. Always nice to hear appreciation from someone who inspired me to work harder in web3sec :)

Good job @VulsightSec 🫡

@WhiteHatMage Thank you sir. Highly appreciated :)

Bounties are back. Great job @zerocipher002

$300,000 from a single bounty. Also yes, it was Move related. Move helps, but it doesn’t magically make protocols safe. The real bugs still live in assumptions, invariants, and integrations. Proud of what VulSight has been doing too. We’ve cleared over $500k in bounties in the last 2 months. If you’re a founder and you want an audit team that consistently finds criticals, we’re a DM away.

@nisedo_ Faced this too yesterday. They said the "Critical" is a known issue that was already reported and already paid out to an SR on immunefi but its not fixed.

So there's a live crit, that has already been reported, but is still not fixed? cool cool cool

Roughly around 70% of major exploits in 2024 hit protocols that had professional audits. The "Audited by X" badge has lost its meaning. It tells you an audit happened. Not how thorough it was. How much time auditors spent. What scope they covered. Whether they understood your architecture. Protocols display audit badges like security guarantees. They're not. Your audit is only as good as the people who did it, the time they had, and the depth they went to. Ask for the report. Read the findings. Check the scope. The badge alone means nothing.

@thepantherplus @VulsightSec Hopefully on most platforms 😉

@zerocipher002 @VulsightSec soon #1

2nd consecutive week of @VulsightSec being top 3 on the hackenproof bug bounty leaderboard. Working hard as always.

When a whitehat finds a critical in your live protocol, they have two choices: Report through your bug bounty and hope you respond in time. Or rescue the funds before an attacker can. The problem: "rescue" looks identical to "theft" on-chain. Same function calls. Same fund movements. Same outcome until assets are returned. This legal gray area has paralyzed whitehats. Move slow and attackers win. Move fast and face potential criminal charges. The SEAL Safe Harbor framework offers a solution. Protocols pre-authorize whitehat rescue operations through governance. Before any exploit, your DAO passes a proposal: authorized whitehats may execute protective transactions to secure user funds. This removes legal ambiguity. Speeds up response time. Creates clear framework for fund return and bounty payment. The alternative is what we see now: whitehats hesitating while attackers drain. If your protocol has significant TVL, SEAL Safe Harbor should be a standard governance proposal. The chaos of the first hour after discovery determines how much gets lost. Pre-authorization reduces that chaos.

Your L1 security assumptions don't transfer to L2. Especially for oracles. On Ethereum mainnet, manipulating a price oracle is expensive. Deep liquidity means significant capital to move prices. TWAP mechanisms with sufficiently long windows smooth out manipulation. On L2s that have low-liquidity, the math changes completely. Liquidity fragments across hundreds of rollups. Each L2 has DEXs with a fraction of mainnet depth. Cost to manipulate a local price feed drops dramatically. The "Donation Attack" example: Attacker donates assets to a pool, skewing spot price. Lending protocol reads that price same block. Attacker borrows against inflated collateral. Loan is undercollateralized when price corrects. On mainnet, this is often very infeasible. On a thin L2, a fraction of that. If your L2 protocol relies on local DEX data for pricing - exposed. TWAP with short observation window - exposed. Mainnet feeds without cross-domain latency accounting - exposed. Security parameters tuned for mainnet liquidity fail silently on L2. If you're deploying DeFi on a rollup, your oracle configuration needs fresh analysis. Not copy-paste from L1.