深入解析漏洞的原創研究。
致力於挖掘新攻擊面、建構完整的漏洞利用鏈,並挑戰各項安全防禦的極限。
Mysticeti-C, Sui's DAG-based consensus algorithm, claims strong liveness guarantees. However, a subtle flaw allows attackers to repeatedly stall leader-slot decisions, halting the entire chain. In this post, we dive into how this vulnerability works, why it slipped past the original liveness proof, and what it means for DAG-based consensus going forward.
What "really" is a blockchain? How does consensus actually work? Why is it safe? In this blog, we're going to introduce the real fundamentals of a blockchain that suprisingly no one talks about. In the end, you'll walk away with a clear, intuitive understanding of how blockchains actually hold together — and you'll see the technology in a way most people never do.
A deep dive into a critical vulnerability in Solana's Direct Mapping optimization that could have allowed remote code execution on validator nodes and compromised over $9 billion in total value locked. This technical analysis walks through the complete bug hunting process—from initial discovery to working exploit—demonstrating how even memory-safe languages like Rust can harbor powerful vulnerabilities in complex systems. While the vulnerable feature was never enabled on mainnet, this research reveals the intricate security challenges in blockchain performance optimizations and provides rare insight into real-world vulnerability research methodology.
In this blog, we will walk through the findings we reported during the Ethereum Attackathon. The attackathon had a 1.5M reward pool, but only 0.5M is unlocked. These bugs totaled nearly 150K in rewards, which allegedly earned us 1st place in the Attackathon.
During the Fuel Attackathon, our team reported several Sway compiler bugs that went unfixed. After Fuel's mainnet launch, one of these bugs caused Swaylend transactions to fail, leading to a 2-day service shutdown while the compiler was patched and contracts were redeployed.