ZoA 🦀

Since I joined Cantina Fellowship as an Apprentice, I have been devoting my full efforts on @cantinaxyz competitions, to achieve my next short-term goal, which is leveling-up to Resident, take the Perfect Score Badge, and leaderboard Top 100, by the end of May. Give me a like if you think it's possible for me.

@0xCharlesWang Which audit companies belong to "shit" category? 😄

It is kind of ironic that all shit audit companies immediately tweet when a protocol got hacked 😂😂

@hklst4r @Corkprotocol What about the relationships with previous audits or contests?

A detailed analysis of the Cork Protocol hack. @Corkprotocol A DeFi "Insurance" protocol is not secure itself, turned open bar for attackers. Cork Protocol — a platform meant to insure users against depegging. Instead, it depegged from reality. 1. First, What is Cork Protocol? An insurance protocol allows users to hedge the risk of depegging. It lets users bet for or against a stable asset holding its peg. To achieve this, Cork Protocol has a set of markets where each of them composes 4 key assets and a PSM. - RA: redemption asset. The price target asset. - PA: pegged asset. The asset that is pegged to RA. - DS: Depeg swap. The users who want to protect their token from depegging will buy DS. It's like an option to purchase RA with PA at a pegged rate. - CT: Covered Token. The users who bet there is no depeg by selling the DS (similar to selling a call option) The PSM has 2 functionalities: - 1 DS + 1 PA => 1 RA (exercise of the option) - 1 DS + 1 CT => 1 RA (redemption) 2. What did the Cork protocol hacker do? 0) There's a legit market A deployed by the project itself, where: - RA = wstETH, - PA = weETH, - DS = weETH8DS-2, - CT = weETH8CT-2. 1) creation of a fake market where RA=weETH8DS-2 and PA=wstETH. We denote the CT=ct_B and ds=ds_B. DS tokens from the real market (weETH8DS-2) were now being treated as RA in this rogue market. A shell game begins. 2) The attacker legally buys weETH8CT-2 from Market A. Nothing suspicious. Yet. 3) Here’s the tragic twist. Cork’s routerState contract at 0x55b9... was built to split incoming RA into corresponding DS + CT tokens for users. It assumes RA is a base asset, not a token from another market. But the attacker fed it DS tokens (weETH8DS-2) from the real market — which, in the fake market, were considered RA. RouterState blindly split them — as if they were fresh RA — into fake ds_B and ct_B. For free. Like watching a vending machine spit out sodas for tokens it shouldn’t even recognize. All this happened inside a Uniswap v4 hook. 4) With stolen ds_B and ct_B in hand, the attacker converted them back into weETH8DS-2 via the fake market. Wood -> splinters -> pass through a fence -> glue back into wood. 5) The Final Act Now holding: - weETH8CT-2 (from Step 2), - weETH8DS-2 (reacquired via reassembly), The attacker redeemed both through Market A’s PSM: DS + CT => wstETH. Game over. What began as a depeg insurance protocol ended in a logic depeg. --- Thanks to @RektHQ for using the similar tone from your articles. --- I wanted to make this post more accessible after my earlier thread was too brief. Let me know if I missed any technical details or I made any mistakes — happy to dive deeper. #DeFi #hack #attack #cork

@GammaStrategies @Uniswap Glad to contribute to the protocol security 🫡

We are introducing the first on-chain limit order book built exclusively on @Uniswap V4 Our limit order hook system enables single-tickspacing limit orders that execute automatically through V4's afterSwap hook. 🧵 x.com/GammaStrategie…

@0xnevi @x0sauce Good job you did, why didn't you onboard me earlier 😄

Remember @x0sauce, one of the friends I onboarded into web3 security? He just won his first contest, super proud and happy for him!!

I started learning Move lang from a week ago, by practically participating Aptos AAVE competition on @cantinaxyz. First day of learning was a bit frustration because of its new resource-centered concept which is pretty much different from other smart contract languages, but I kept learning for a week, and now, the pieces are coming together to make a whole sense. Keep trying, never give up.

@hrkrshnn Great! Not unifying spearbit researchers and cantina fellowship members?

We thought it was obvious Spearbit and Cantina were operating as one. Well, now it's official. Honestly, this was the natural next step. We built Spearbit to raise the bar on what expert-led, high-touch security could look like. But over time, it became clear: reviews alone had to be backed by something stronger.

@cantinaxyz @spearbit Amazing, I knew it would happen.

We've seen the gap, and so we're closing it. @Spearbit and Cantina are now united, combining elite security expertise with scalable infrastructure to deliver end-to-end security for blockchain organizations and financial services. Full details below.

Today I've finished learning 9 chapters of Module 1 in ZK Book, written by @RareSkills_io. This book is really amazing and written in the way that programmers can understand essential mathematical concepts required for ZKP while avoiding complex and deeper stuff in maths and algebra. I am proud that I've made a practical step in learning ZKP, and can't wait to learn Module 2 of the book. If you are interested in learning ZKP, it's the first book you need.

@SCAuditStudio Looks amazing!

Now live: A new standard for trust in DeFi. Our platform is officially in open beta — providing security scores, insights & vulnerability reports to help DeFi protocols protect their communities and earn user confidence. Transparency starts here. 🔗app.scauditstudio.com

@lmanualm Thanks man

VigilSeek now breaks the timeline down week by week A yellow line marks the start of each new week

I can't usually believe that protocols coming to @immunefi bug bounty still have this kinds of bugs. They've gone through audits more than once, haven't they?

@PashovAuditGrp Sounds reasonable, what would that team work and collaboration include?

Collaboration in team audits is optional, as some great talents prefer working completely alone & unbothered, but working together almost always results in new findings. We make sure to push towards more and more collaboration in audits, as they are not contests, it's teamwork🤝

@4gontuk @cantinaxyz @taikaigarden Congrats

First time participating in an invite-only competition at @cantinaxyz — and it's results time! Ranked 7th among some incredible SRs, with 6 High and 1 Medium findings. Had a great time researching UniV4 hooks! Learned a lot. Thanks @cantinaxyz & @taikaigarden

@huntoor @cantinaxyz Top 100 leaderboard

@zoasec @cantinaxyz What is the 3rd goal?

I am promoted to @cantinaxyz Resident, and I've got 100 reps score now. 2 out of 3 goals I planned for May has been reached, and I am trying my best to accomplish one remaining goal.

@0xDontonka @high_byte It's 1M

@high_byte 🔥. 2M or 1M unlocked?

results for this gonna be wild 👀

Another result came in! I took 3rd place in @taikaigarden competition on @cantinaxyz and this time with one solo HIGH!

@0xcastle_chain @GammaStrategies @cantinaxyz Thanks friend

@zoasec @GammaStrategies @cantinaxyz congratulations bro 🫡

Finally, my first 1st place on @GammaStrategies competition on @cantinaxyz, and with one solo medium issue. Very grateful for @cantinaxyz for motivating me to dedicate on audit competitions. 🫡

@hrkrshnn @GammaStrategies @cantinaxyz Thanks Hari

@zoasec @GammaStrategies @cantinaxyz Wow! Congrats 🫡

@demorextess @GammaStrategies @cantinaxyz Thanks man

@zoasec @GammaStrategies @cantinaxyz Congrats ZoA, happy to see your improvements 🫡