iosiro reported a bug to the Ethereum Foundation that could be used to remotely crash Ethereum Mainnet geth clients through RPC.

iosiro reported a bug to Optimism that allowed over 1.3 million accounts to be censored for an arbitrary period of time.

iosiro reported a consensus breaking bug in the Nethermind client. The bug was awarded with bounties from both the Ethereum Foundation, as well as Gnosis.

A high risk vulnerability was disclosed to Risk Labs by iosiro affecting the Across bridge relayer infrastructure and awarded with a $90,000 bounty.

A high risk vulnerability was disclosed to Ondo Finance by iosiro affecting the Tranche Token smart contract and surrounding contracts and awarded with a $25,000 bounty.

iosiro disclosed a UUPS proxy vulnerability to several teams, affecting over $50m in assets. This post details the technical details and the disclosure to OpenZeppelin.

iosiro disclosed a Temporary Denial-of-Service vulnerability to Polygon. This blog post details the bug details, disclosure process, and remediation.

iosiro disclosed a high risk bug to Alchemix through Immunefi for a bounty of $7,500. This blog post details the bug and the disclosure process.

iosiro identified a critical bug in the fixed-interest-rate lending protocol 88mph. The bug was reported to 88mph through Immunefi for a bounty of $42,069. This blog post details the bug and the disclosure process.

This post describes some of the things you should do before a smart contract audit to ensure that you get the most out of it.

In this post we'll be looking at some risks posed by Firebase, a popular serverless application platform. We'll also be introducing Baserunner, an open-source tool that helps to interact with these applications to find vulnerabilities.

This article provides an introduction to the world of smart contract security for people with a background in traditional cyber security and little knowledge of crypto and blockchain tech. It's drawn from the experiences of our team of exploit developers and pentesters turned smart contract auditors.