Blog

by anatomist

Pwning Solana for Fun and Profit - Exploiting a Subtle Rust Bug for Validator RCE and Money-Printing

A deep dive into a critical vulnerability in Solana's Direct Mapping optimization that could have allowed remote code execution on validator nodes and compromised over $9 billion in total value locked. This technical analysis walks through the complete bug hunting process—from initial discovery to working exploit—demonstrating how even memory-safe languages like Rust can harbor powerful vulnerabilities in complex systems. While the vulnerable feature was never enabled on mainnet, this research reveals the intricate security challenges in blockchain performance optimizations and provides rare insight into real-world vulnerability research methodology.

by anatomist

Ethereum Attackathon — Vyper Under the Microscope

In this blog, we will walk through the findings we reported during the Ethereum Attackathon. The attackathon had a 1.5M reward pool, but only 0.5M is unlocked. These bugs totaled nearly 150K in rewards, which allegedly earned us 1st place in the Attackathon.

by anatomist

A Preventable Two-Day Shutdown Caused by a Compiler Bug

During the Fuel Attackathon, our team reported several Sway compiler bugs that went unfixed. After Fuel's mainnet launch, one of these bugs caused Swaylend transactions to fail, leading to a 2-day service shutdown while the compiler was patched and contracts were redeployed.