The log.
Security notes, post-mortems, and observations from the audit floor.
NFT Protocol Security: Approvals, Signatures, and Minting Reentrancy
NFT protocols combine approval mechanics, off-chain signature systems, and in some cases on-chain randomness. Each creates a distinct vulnerability class. The minting reentrancy surface via _safeMint is the most consistently underestimated.
On-Chain Randomness: Why Every Source Can Be Manipulated
There is no free randomness on a deterministic blockchain. Every source — block hash, timestamp, prevrandao, VRF — has a trust model and a failure mode. The choice of randomness source is a security decision, not a technical convenience.
Invariant Testing in Practice: From Protocol Spec to Foundry Suite
Identifying invariants is the conceptual work. Expressing them in Foundry requires the handler pattern, ghost variables, and careful state management. This is the implementation guide — from blank test file to a suite that finds real bugs.
Uniswap V4 Hooks Security: The New Attack Surface
Hooks give Uniswap V4 flexibility that V3 could not offer. They also give attackers callback access to pool state during swaps. The beforeSwap, afterSwap, and donate surfaces are not theoretical — they require explicit security analysis.
DeFi Composability Risk: When Your Security Depends on Theirs
A protocol that integrates with five other protocols inherits the security assumptions of all five. Oracle cascades, liquidity dependencies, and cross-protocol reentrancy are risks that appear at the integration boundary, not in the code you wrote.
Writing Audit Reports That Are Actually Useful
A finding that cannot be reproduced is not a finding. A recommendation that says 'add access control' is not a recommendation. The quality of an audit report determines whether the client can act on it — and whether the attestation means anything.
Solana Account Confusion: Owner Checks, Discriminators, and PDA Security
In Solana, an account is just data at an address. The program is responsible for verifying that the account is what it claims to be. Missing owner checks, wrong discriminators, and PDA seed collisions are the consequences of getting this wrong.
Solana CPI Security: Privilege Escalation and Arbitrary Program Invocation
When a Solana program invokes another program, it can transfer signing authority for PDAs it controls. This is powerful and dangerous. Arbitrary CPI vulnerabilities — where an attacker provides a malicious program to invoke — are a persistent class of critical finding.
Fee Manipulation: How Protocol Revenue Becomes an Attack Vector
Fee systems sit at the intersection of accounting, governance, and tokenomics. Fee-on-transfer tokens, rounding in fee calculations, dynamic fee manipulation, and governance-controlled fee switching each create exploitable surfaces.
Zero-Knowledge Proof Security: Circuits, Verifiers, and Trusted Setups
A ZK proof system has two security surfaces: the circuit that generates proofs and the on-chain verifier that checks them. Vulnerabilities at either layer can allow invalid proofs to be accepted. Auditing both requires different skills.