Zellic Blog

William Bowling (@wcbowling)

How (Not) to Create a DeFi CDP or Lending Protocol

A review of the attack landscape on DeFi borrowing protocols

Nipun Gupta

August 4, 2023

Exploring Cairo: A Security Primer

A brief look at Cairo 1.0, Starknet, and the security considerations

July 27, 2023

Your Sandwich Is My Lunch: How to Drain MEV Contracts V2

How Zellic found a bug in a top MEV contract

pepsipu

July 21, 2023

Algebraic Attacks on ZK-Friendly Hash Functions

A cryptographic deep dive into mathematical attacks on ZK hash functions

BaarkingDog

July 13, 2023

Intro to Zero-Knowledge: A Guided Tour of the ZK Landscape, Part 1

An intro to Zero-Knowledge and applications of zkSNARKs including zkEVMs, zkBridges, and zk Programming Languages

Cayden Liao

July 5, 2023

Exploring ERC-4626: A Security Primer

What ERC-4626 brings, why it matters, and how to use it

Sina Pilehchiha

June 12, 2023

ZK-Friendly Hash Functions

An exploration of MiMC, Poseidon, and Vision/Rescue, along with a deep dive into SNARK and STARK complexity

BaarkingDog

May 30, 2023

The Billion Dollar Bug: Finding and Fixing a Critical Issue in the Move Bytecode Verifier

How Zellic found and fixed a critical vulnerability that broke Move

Zellic

May 16, 2023

Top 10 Most Common Bugs In Your Aptos Move Contract

We see these bugs over and over. Are they in your Move contracts too?

Aaron

May 1, 2023

News

Announcing Smart Contract Fiesta: A Treasure Trove of Ethereum Smart Contracts

Explore 175 million lines of code in our open-source dataset

Zellic

April 24, 2023

How Does Tornado Cash Work?

A breakdown of the mathematical principles behind Tornado Cash

BaarkingDog

April 6, 2023

William Bowling (@wcbowling)

SafeMoon Exploit Explained

The SafeMoon liquidity pool exploit explained in simple terms

March 29, 2023

Auditing

Can ChatGPT Audit Smart Contracts?

ChatGPT fails to find simple, but critical smart contract bugs

Stephen Tong (@gf_256)

March 18, 2023

Euler Finance Exploit Analysis

How a single exploit transaction generated 110 million USD

Varun Verma

March 14, 2023

Cosmos

Exploring Cosmos: A Security Primer

A developer’s guide to building secure applications on Cosmos

Rajvardhan (@rajxnull)

February 2, 2023

Move Fast & Break Things, Part 2: A Sui Security Primer

Exploring the security pitfalls of the Move language in Sui compared to Aptos

Junyi (root)

December 1, 2022

Ethereum

Formally Verifying the World’s Most Popular Smart Contract

Proving the safety of the Wrapped ETH smart contract, using the Z3 Theorem Prover

Stephen (@gf_256)

November 18, 2022

You Could Have Found the Nomad Hack

Tracking unaudited code can reveal latent, deadly bugs, including the one used to hack Nomad

Stephen

November 15, 2022

Ethereum

Hosting an Ethereum CTF Challenge, the Easy Way

Painless smart contract CTF challenges using Paradigm’s CTF framework

Stephen

November 14, 2022

News

Ante x Zellic: Audit Incentive Alignment

The first audit firm to stake ETH behind the effectiveness of an audit

Zellic

November 3, 2022

Binance Bridge Hack in Layman’s Terms

The Binance Bridge Hack explained in simple terms

Stephen (@gf_256)

October 7, 2022

Move Fast & Break Things, Part 1: Move Security (Aptos)

Exploring the security pitfalls of the Move language (Aptos)

Jazzy & Varun Verma

September 6, 2022

Solana

The Vulnerabilities You’ll Write With Anchor

Anchor is no silver bullet for avoiding mistakes in Solana code

The Zellic Team

August 16, 2022