Blog
Our latest thoughts and news.
Perma-brick UUPS proxies with this one trick (devs hate this!)
iosiro disclosed a UUPS proxy vulnerability to several teams, affecting over $50m in assets. This post details the technical details and the disclosure to OpenZeppelin.
September 16, 2021
Temporary DOS disclosed to and remediated by Polygon
iosiro disclosed a Temporary Denial-of-Service vulnerability to Polygon. This blog post details the bug details, disclosure process, and remediation.
August 23, 2021
High Risk Vulnerability Disclosed to Alchemix
iosiro disclosed a high risk bug to Alchemix through Immunefi for a bounty of $7,500. This blog post details the bug and the disclosure process.
August 13, 2021
Critical Bug Identified in 88mph Awarded with $42,069 Bounty
iosiro identified a critical bug in the fixed-interest-rate lending protocol 88mph. The bug was reported to 88mph through Immunefi for a bounty of $42,069. This blog post details the bug and the disclosure process.
June 15, 2021
How to Prepare for a Smart Contract Audit
This post describes some of the things you should do before a smart contract audit to ensure that you get the most out of it.
May 20, 2021
Introducing Baserunner: a tool for exploring and exploiting Firebase datastores
In this post we'll be looking at some risks posed by Firebase, a popular serverless application platform. We'll also be introducing Baserunner, an open-source tool that helps to interact with these applications to find vulnerabilities.
May 5, 2021
Smart Contract Security for Pentesters
This article provides an introduction to the world of smart contract security for people with a background in traditional cyber security and little knowledge of crypto and blockchain tech. It's drawn from the experiences of our team of exploit developers and pentesters turned smart contract auditors.
April 21, 2021
Secure your system.
Request a service
Start Now