security | Web3ReadList

Mon, 30 Mar 2026 16:37:21 GMT

https://hexens.io/research/polygon-bridge-forging-transaction-proofs
一个基于 memory corruption 的复杂 #security 漏洞

Medium

How a Memory Corruption Bug Almost Drained $800M From the Polygon Bridge

Two bugs, one exploit chain: forging arbitrary withdrawal proofs on the Polygon Plasma bridge, ~10 min read.

Sat, 28 Mar 2026 10:58:57 GMT

https://paragraph.com/@0x3b/oracle-bugs
一些简单的有关 Oracle 的 #security 漏洞

Pyro | 0x3b

5 oracle bugs (from real audits)

5 real world oracle mistakes that will wreck your protocol before an attacker even shows up.

Mon, 23 Mar 2026 18:34:42 GMT

https://x.com/0xprivacypools/status/2036128249525272887
误用 bytesToNumber 而导致随机熵降低导致的 #security 漏洞

X (formerly Twitter)

Privacy Pools (@0xprivacypools) on X

Privacy Pools SDK Bug Patch and Key Migration

Thu, 12 Mar 2026 14:15:37 GMT

https://x.com/z0r0zzz/status/2031755989968642511
实战测试智能合约 AI #security 审计工具

X (formerly Twitter)

ross.wei (@z0r0zzz) on X

I ran 21 AI scans on a smart contract

Wed, 11 Mar 2026 15:46:03 GMT

https://blog.trailofbits.com/2026/03/11/six-mistakes-in-erc-4337-smart-accounts/
ERC4337 的常见 #security 漏洞

The Trail of Bits Blog

Six mistakes in ERC-4337 smart accounts

After auditing dozens of ERC‑4337 smart accounts, we’ve identified six vulnerability patterns that frequently appear.

Mon, 23 Feb 2026 15:01:37 GMT

https://paragraph.com/@0x3b/9-common-vault-bugs
金库合约可能存在的安全 #security 问题

Pyro | 0x3b

The most common vault bugs (from real audits)

Real bugs we keep finding in DeFi vaults: first depositor, bad debt, MEV, lockup gaming, insolvency, broken reward handling, and yield killing routing. If you’re building or integrating vaults, read this before mainnet or you’ll learn these the hard way.

Sat, 17 Jan 2026 04:03:24 GMT

https://muellerberndt.medium.com/finding-soundness-bugs-in-zk-circuits-ea23387a0e1e
#zk #security 安全研究和案例

Medium

A Practical Guide to Finding Soundness Bugs in ZK Circuits.

Zero-knowledge proofs are a core building block for blockchain scaling and privacy. In real-world deployments, the fragile part is usually…

Sat, 29 Nov 2025 19:37:45 GMT

https://hacken.io/insights/order-book-security-vulnerabilities/
链上订单簿可能存在的 #security 安全漏洞

Hacken

19 Security Pitfalls in On-Chain Order Books (and How to Fix Them)

On-chain order books look great on paper. You get full transparency, composability with the rest of DeFi, and a clean story for users and regulators: “everything is on-chain.”

But once you start implementing them, things get messy fast. Edge cases around…

Wed, 05 Nov 2025 11:28:41 GMT

https://www.coinspect.com/blog/balancer-rate-manipulation-exploit/
balancer 被盗 #security 分析

Coinspect Security

Balancer V2 Stable Pools Exploit — Rate Manipulation

An attacker exploited a rounding issue in the calculation of the stable swap invariant, deflating the implied BPT price and extracting value via internal balances and a...

Tue, 16 Sep 2025 15:10:10 GMT

https://www.coinspect.com/learn-evm-attacks/
#EVM #security Hack Poc

Coinspect Security

Learn Real Smart Contract Security | Coinspect Security

Study real-world DeFi vulnerabilities through a curated collection of realistic, Foundry-based reproductions.

Fri, 28 Feb 2025 11:45:14 GMT

https://getrecon.substack.com/p/the-right-way-to-multisig
多签安全 #security 最佳实践

Substack

The Right Way To Multisig

How to implement best practices in multisig security to prevent your protocol from getting rekt.

Tue, 11 Feb 2025 09:41:44 GMT

https://osec.io/blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets
介绍了 Aptos 内复杂的同质化代币标准及 #security 相关安全事项

OtterSec

Hitchhiker's Guide to Aptos Fungible Assets

We take a deep dive into Aptos’ implementation of fungible assets, exploring the intricacies hidden within its functions, objects, and interactions. While the Fungible Asset model was designed to address the limitations and security flaws of the legacy Coin…

Mon, 10 Feb 2025 16:08:08 GMT

https://blog.openzeppelin.com/web3-security-auditors-2024-rewind
2024 年 #security 漏洞报告

Openzeppelin

Web3 Security Auditor's 2024 Rewind

Welcome to the Web3 Security Auditor's 2024 Rewind, a collection of succinct technical breakdowns of notable security incidents and vulnerabilities from the past year.

Mon, 10 Feb 2025 15:59:08 GMT

https://hatsfinance.medium.com/guest-spotlight-article-how-to-analyze-reports-and-become-a-great-auditor-8429e20df2c2
列举了作者在 #security 审计报告内读到的有趣例子

Medium

Guest Spotlight Article: How to analyze reports and become a great auditor

The following content has been kindly guest contributed by bogo, as part of the Security Researcher Content Contributor Programme.

Fri, 31 Jan 2025 05:59:35 GMT

https://a16zcrypto.com/posts/article/generalized-property-tests-for-erc4626-vaults/
ERC4626 测试组件 #security

a16z crypto

Generalized property tests for ERC4626 vaults - a16z crypto

ERC4626 property tests for fuzzing and symbolic execution to help vault builders detect standard violations

Fri, 17 Jan 2025 11:25:04 GMT

https://threesigma.xyz/blog/defi-front-end-exploits
#defi 前端 #security 安全问题

Three Sigma

DeFi Front-End Exploits & Security Threat Detection | Three Sigma

Phishing, DNS hijacks, and front-end exploits drain user funds and TVL. Get a proven defi threat detection platform to stop threats and protect dapps.

Sun, 05 Jan 2025 12:04:19 GMT

https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials
一份关于审计 #security 的教程资料

zokyo-auditing-tutorials.gitbook.io

Zokyo Auditing Tutorials

Mon, 30 Dec 2024 18:15:00 GMT

https://mirror.xyz/0x3Cc99bfc69575CFA83658CAb5256D98143a2aAaa/FO6bCbBCGdLxzQXGuT4BUkSUjECnLPetJluT4e5U7Ko
#security 代码审计的工作流

Sat, 30 Nov 2024 01:24:29 GMT

https://theredguild.org/
以太坊 #security 安全公共物品激励

theredguild.org

The Red Guild

The Red Guild (TRG) advances security, education, and open-source tools in the crypto ecosystem. Challenges, resources, and audits for the community.

Tue, 19 Nov 2024 03:22:42 GMT

https://blog.sigmaprime.io/governance-dao.html
#DAO 的治理攻击案例分析与安全 #security 建议

Sigma Prime

Common Vulnerabilities: Protocol Governance and DAOs - Smart Contracts

Many DeFi Protocols have decentralised using DAOs and token governance. This article explores the common vulnerabilities in the...