The log.
Security notes, post-mortems, and observations from the audit floor.
Access Control: The Paths Most Auditors Miss
Missing modifiers are the obvious case. The interesting findings are in initializer front-running, role inheritance logic, cross-contract privilege escalation, and the gaps between what a function claims to restrict and what it actually restricts.
Transient Storage Security: EIP-1153 and the New Attack Surface
Transient storage resets after each transaction, not after each call. Protocols that mistake this boundary — using TSTORE for state that must survive internal calls — create vulnerabilities that did not exist before Cancun.
Base Security: OP Stack Assumptions and What Auditors Check
Base inherits the OP Stack's security model — and its assumptions. The sequencer, withdrawal finality, cross-domain messaging, and predeploy contracts each require explicit treatment in any serious security review.
Medusa: Coverage-Guided Fuzzing Beyond Echidna
Medusa uses coverage-guided mutation to explore state space more efficiently than Echidna's pure random approach. For complex protocols with deep call chains, the difference in bug-finding coverage is material.
Starknet Security: Cairo Contracts and the ZK Execution Model
Cairo is not Solidity. The felt252 field arithmetic, account abstraction model, and STARK execution environment introduce vulnerability classes with no EVM equivalent. Auditing Cairo requires a different mental model.
Integer Arithmetic in Solidity: Where Precision Goes to Die
Solidity has no floating point. Every number is an integer. The rounding that happens at every division, in every direction, in every function, compounds. At scale, it becomes material.
Certora Prover: Writing Specs That Actually Catch Bugs
A Certora spec that passes proves nothing if the spec itself is wrong. Writing properties that are both correct and strong enough to be meaningful is the skill. This is how to do it.
ZK Circuit Security: Constraint Systems and Soundness Failures
A ZK circuit that accepts invalid proofs is broken at the mathematical level — no amount of smart contract security compensates for an underconstrained circuit. Circuit auditing is a distinct discipline from contract auditing.
Proxy Patterns and Upgradeability: Where Upgrades Go Wrong
Storage layout collisions, uninitialized implementations, function selector clashes, and the subtle ways that a well-designed proxy can still be exploited. Upgradeability is a feature. It is also an attack surface.
Semgrep for Solidity: Custom Rules for Audit Workflows
Semgrep is not a vulnerability scanner — it is a pattern matcher. In an audit workflow, it excels at finding every instance of a specific pattern across a large codebase in seconds. Writing the right rules is what makes it useful.