Huckleberry: IBC Event Hallucinations
This blog post describes a vulnerability in ibc-go, the reference implementation of the Interblockchain Communication Protocol (IBC) used by most Cosmos blockchains
Sep 06 2023 _ 4 min read
Stop the Chain! CosmWasm Stack Overflow
This post announces a vulnerability we discovered in CosmWasm, a smart contract platform written for the Cosmos ecosystem. The vulnerability was a stack overflow, which would have ...
Jun 01 2023 _ 1 min read
Election Fraud? Double Voting in Celer’s State Guardian Network
We describe a vulnerability in Celer's State Guardian Network, which would have allowed a malicious validator to compromise Celer's cBridge.
May 24 2023 _ 7 min read
Preventing Airdrop Theft on Stride: an IBC integration vulnerability
This blog post describes a vulnerability we discovered in Stride, a Cosmos chain for liquid staking across the Cosmos ecosystem. The issue could have allowed an attacker to steal a...
May 15 2023 _ 6 min read
Stealing Gas: Bypassing Ethermint Ante Handlers
This blog post describes a largely unknown bug class that affects Cosmos-based blockchains and its impact on Ethermint, a popular EVM implementation.
Apr 13 2023 _ 6 min read
Helping Secure BNB Chain Through Responsible Disclosure
We describe a vulnerability we discovered in the BNB Beacon Chain, the governance and staking layer of BNB Chain. The issue would have allowed an attacker to mint an infinite numbe...
Feb 10 2023 _ 6 min read
Statistical Attacks on Proof of Solvency
In theory, for Proof of Solvency to bind on crypto exchanges, only a handful of random checks are needed. But in practice, exchanges can predict which consumers are likely to check...
Dec 21 2022 _ 15 min read
SAFU: Creating a Standard for Whitehats
Whitehats and DeFi protocols need a shared understanding of security policy. We propose the SAFU - Simple Arrangement for Funding Upload - as a versatile and credible way to let wh...
Oct 24 2022 _ 17 min read
Whitehats and Dropboxes
Protocols should set up "dropboxes" (distinct on-chain addresses) for whitehats to move funds into, from the protocol — and they should promise rewards and favorable treatment for ...
Aug 12 2022 _ 8 min read
Security Stack-Up: How Bridges Compare
As crypto matures, the same maxim is becoming increasingly true about bridge protocols. In terms of security risk, bridges are a big target.
Aug 09 2022 _ 14 min read
Thoughts on Token Bridge Safety
Introduction If the past two decades working in the security industry has taught me anything, it is that software is imperfect. Despite our aspirations of writing perfect code, the...
Aug 03 2022 _ 6 min read
The information on this website and on the Brick by Brick podcast or Ship Show Twitter spaces is provided for informational, educational, and entertainment purposes only. This information is not intended to be and does not constitute financial advice, investment advice, trading advice, or any other type of advice. You should not make any decision – financial, investment, trading or otherwise – based on any of the information presented here without undertaking your own due diligence and consulting with a financial adviser. Trading, including that of digital assets or cryptocurrency, has potential rewards as well as potential risks involved. Trading may not be suitable for all individuals. Recordings of podcast episodes or Twitter spaces events may be used in the future.