top of page


A Realistic Breakdown of Optimism - Part 2
In Part 1 , we've covered a flaw in the Superchain upgrade mechanism that could lead to double withdrawals on L1. Today, we'll take a...
Mar 275 min read
Â


No More Bets - How Ctrl+F led to breaking Polymarket's polling markets
The crafts of security auditing and bounty hunting are deeply interwoven. Very often a novel exploit idea discovered during auditing is...
Feb 255 min read
Â


A Realistic Breakdown of Optimism - Part 1
Over the past year, TrustSec has contributed to the security of OP chain through several initiatives. We began with a private audit of...
Dec 27, 20246 min read
Â


The Art of Judging Bug Bounties
In the competitive world of bug bounties, judges play a pivotal role. With both sides (competitors and sponsors) pulling the rope to...
May 20, 20245 min read
Â


Learning by Breaking - A LayerZero Case Study - Part 3
In part 3, we'll persevere with our DoS efforts and finally pick up a bounty in a LayerZero asset.
Mar 3, 20246 min read
Â


Learning by Breaking - A LayerZero Case Study - Part 2
oday we'll discuss Stargate, the liquidity layer built atop of LayerZero, plus dig into two high-severity DoS we've identified in it.
Mar 1, 20247 min read
Â


Learning by Breaking - A LayerZero Case Study - Part One
We'll look into the anatomy of the LZ architecture, study how it safeguards key security properties, and finally find ways to break it.
Feb 29, 20245 min read
Â


Permission denied - The story of an EIP that sinned
On 24/08 Trust Security disclosed a variety of DOS issues to 30+ projects through Immunefi and private bug bounty programs. In total $50k...
Jan 14, 20244 min read
Â


A Case for the Defense
Describing the various layers of defense a project may use to secure their smart contracts.
Jul 13, 20235 min read
Â


C4 Audit Report - Forgeries
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Forgeries is an NFT raffling platform. Repo is here....
Mar 23, 20235 min read
Â


C4 Audit Report - Debt DAO
I've competed in this contest between 03/11/22-10/11/22 and achieved first place. Repo is here. HIGH: 3 MED: 2 HIGH: When lender consents...
Mar 23, 20238 min read
Â


C4 Audit Report - Paladin
I've competed in this contest between 27/10/22-30/10/22 and achieved third place. Repo is here. MED: 4 MED: Fees charged from entire...
Mar 23, 20234 min read
Â


C4 Audit Report - Juicebox
I've competed in this contest between 18/10/22-23/10/22 and achieved first place. Repo is here. HIGH: 3 MED: 1 HIGH: Reserved token...
Mar 23, 20235 min read
Â


C4 Audit Report - Trader Joe v2
I've competed in this contest between 14/10/22-23/10/22 and achieved first place. Trader Joe is a UniswapV3-like AMM. Repo is here....
Mar 23, 20238 min read
Â


C4 Audit Report - The Graph
I've competed in this contest between 07/10/22-12/10/22 and achieved first place. The contest covered the L2 bridge component of the...
Mar 23, 20233 min read
Â


Breaking Fluidity for glory and $50K
Today we'll review a bug discovered at the end of last year. I'll try to cover it from an educational perspective so that the reader can...
Feb 11, 20237 min read
Â


C4 Audit Report - Holograph
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Holograph is an multi-chain NFT platform. Repo is...
Dec 17, 202210 min read
Â


C4 Audit Report - Blur #2
I've competed in this contest between 11/11/22-14/11/22 and achieved first place. It was a review of several changes made after the first...
Dec 17, 20226 min read
Â


C4 Audit Report - Olympus DAO
I've competed in this contest between 25/08/22-01/09/22 and achieved third place. Olympus DAO is the governance mechanism behind Olympus...
Nov 20, 20226 min read
Â


C4 Audit Report - PartyDAO
I've competed in this contest between 12/09/22-19/09/22 and achieved second place. PartyDAO is a decentralized auction platform allowing...
Nov 20, 202210 min read
Â
bottom of page