Zellic @zellic_io Twitter profile

Pinned Tweet

Zellic

1 year

Want to learn deep Web3 security knowledge written by the best hackers in the world? Here's a Twitter thread of interesting Twitter threads the Zellic team has written! 👇🧵

13

153

254

Last Seen Profiles

@anacondadaluisa

@cubinek

@nepozval

@humen_mi

@middleeast

@galery_basah10

@Matthewmon55896

@ElitePrepCentre

@monicaqfs

@stw46

@lbj23_girl

@eunchaecae

@terimakasih0001

@QB_Math

@alavailable

@dudymillz

@BruceLe77182802

@MsPrint_1

@capgaznews

@SlickBE_

@sfsskk

@EmmahsGarden

@Daniel30229048

@CruisingRecife

@jandakembangstw

@exdupermon

@clarathestudent

@rashmip1

@galery_basah10

@Muqaddus007

@dartvejder

@sss12aaa12

@MoreOfMig

@NotMarkLeonard

@dartvejder

@shespainn

Zellic

@zellic_io

2 years

In one of our recent engagements with a customer, we were asked to audit some code which depended on BokkyPooBah's DateTime library. The contract calculates the day of the month from block.timestamp, and it does this to ensure an operation happens only up to once a month.

27

92

608

Zellic

@zellic_io

1 year

A billion dollar bug: How Zellic found and fixed a critical security vulnerability affecting all Move L1's, including Aptos, Sui, Starcoin, and 0L This bug violated Move's core security properties and would've broken many smart contracts, e.g. flash loans! Read more: 👇🧵

13

100

491

Zellic

@zellic_io

2 years

1/ Nomad was just hacked for $190M, making it the 5th largest DeFi hack of all time. How did this happen? We break down not just the exploit, but also HOW THE VULNERABILITY WAS INTRODUCED IN THE FIRST PLACE. Understanding bugs isn't enough. We need to stop merging them.👇

28

130

409

Zellic

@zellic_io

2 years

Type Confusion

9

31

275

Zellic

@zellic_io

4 months

Signal has rolled out usernames, meaning users can now use the app while keeping their phone numbers private. This enhanced level of privacy was achieved through the use of Ristretto hashes and zero-knowledge proofs. We wanted to take a deeper look into how these two

6

50

262

Zellic

@zellic_io

7 months

The dangers of integer truncation: How the Zellic team found a critical vulnerability in the @AstarNetwork . This bug allowed an attacker to drain certain LP contracts on the Astar-EVM, with no bugs required in the contracts. Read more: 🧵👇

3

46

232

Zellic

@zellic_io

2 months

Zellic ⚔️ @Samczsun

3

10

207

Zellic

@zellic_io

1 year

You’ve probably heard of Tornado Cash - an open source coin mixer - because it was blacklisted by the US Department of Treasury last year. For security researchers, though, the mathematical principles behind Tornado Cash are wildly interesting. We dug in:

1

49

201

Zellic

@zellic_io

5 months

Following several major ZK audits and critical vulnerabilities uncovered, we're opening our ZK audit playbook to help developers write safer circuits. In this thread, we'll share useful tips and address the key questions to answer when auditing ZK applications. Let's dive in.

1

48

183

Zellic

@zellic_io

2 years

Thread: How thousands of Slope wallets were hacked and how other wallets can avoid this 👇

1

62

170

Zellic

@zellic_io

1 year

Can ChatGPT audit smart contracts? Surprise: The answer is "No". Here's why:👇🧵

16

45

176

Zellic

@zellic_io

2 years

4/ The Slope Wallet for iOS and Android uses Sentry for event logging. Any interaction in the app would trigger an event log. Unfortunately, Slope didn't configure Sentry to scrub sensitive info. Thus, mnemonics were leaked to Sentry s/o to @sniko_ for this screenshot:

8

52

169

Zellic

@zellic_io

8 months

In 2017, our founders @gf_256 and @ret2jazzy met at the CSAW High School Forensics competition, where they started their CTF journey and CTF team: perfect blue. The team went on to become the #1 team in the world. Six years later, Zellic is excited to be a sponsor of CSAW'23

6

155

Zellic

@zellic_io

1 year

🚨 Hack alert: $DEI was exploited on Arbitrum just a few hours ago. It was a simple, yet hidden bug that caused a loss of $5,000,000. How many other contracts have this same problem? Read below: 👇🧵

5

41

140

Zellic

@zellic_io

1 year

There are numerous ZK-friendly hash functions being utilized in ZK protocols. But are they truly secure enough to be entrusted with billions of dollars? Let's take a look at some attacks that may be particularly efficient against ZK hash functions👇🧵:

2

42

128

Zellic

@zellic_io

1 year

Front-running makes bots millions per month in MEV, maximal extractable value, to the deficit of everyone else. However, MEV bots are vulnerable to security issues. Let's take a look at some common MEV attacks and how we found a live bug while researching for this blog👇🧵:

1

14

135

Zellic

@zellic_io

2 years

Nomad was hacked in October 2022 for $190M. That's huge, but what's more surprising is the warning signs that were present *months ahead of time*. More:👇🧵

9

29

132

Zellic

@zellic_io

2 years

The Auditor Grindset: A crash course on crypto hacking while keeping your sanity

0

38

132

Zellic

@zellic_io

1 year

Earlier today, Euler Finance was exploited for over USD 190M. One transaction in particular yielded USD 110M. We've reverse engineered this transaction trace to recreate the attacker's extract exploit.

2

39

128

Zellic

@zellic_io

2 years

DeFi hack bingo :^)

4

28

116

Zellic

@zellic_io

2 years

Want 500 $USDT for FREE? Crypto scammers know you do. 🚨 SCAM ALERT: If you see someone "leak" a private key, don't act on it too quickly. Here's how it works 👇

4

37

105

Zellic

@zellic_io

1 year

ERC-4626 is a new standard for tokenized vaults in DeFi. In this thread, we’ll dive into how ERC-4626 aims to simplify integration, encourage robust implementations, and enable more secure cross-protocol interactions much like ERC-20 did for tokens 🧵👇

4

16

106

Zellic

@zellic_io

2 years

"code is law"

1

25

106

Zellic

@zellic_io

2 years

Anyways, now I feel much safer about this DateTime function. As you can see, formal verification is still in a very nascent stage. However, it remains a valuable and powerful tool for researchers. We'll be releasing a blog post with more details on our experiments. Stay tuned!

6

2

99

Zellic

@zellic_io

2 years

An attacker drained $6,000,000 from Audius $AUDIO <72 hours ago. Yet again, smart contracts remain rekt. How did this happen? Let's take a look:

2

21

105

Zellic

@zellic_io

10 months

We are excited to share the Zellic ZK Map, an ongoing effort to track the most important advancements in all things zero-knowledge. We’ve compiled 100+ projects in 20+ categories.

ZK map | Notion

We are in the midst of some of the most important advancements in all things zero-knowledge. This repository is an ongoing effort to track them. External contributors include: Ventali Tan (Delendum);...

zellic-inc.notion.site

5

23

94

Zellic

@zellic_io

2 years

1/ We forked Geth to compile a list of all 23,897,838 Ethereum contract addresses—a snapshot of every contract EVER deployed on Ethereum. We found some pretty interesting addresses out there...and you might have already interacted with some of them! Here's what we found 👇

4

17

89

Zellic

@zellic_io

4 months

Zcash uses zero-knowledge proofs to do private, trustless payments. But how does it work? In this thread, we’ll discuss the structure of Zerocash, its real-world applications, and the cryptographic flaws that led to changes in the Zcash protocol. Let’s dive in.

1

17

103

Zellic

@zellic_io

4 months

We are excited to announce that Zellic won a $1M @DARPA award to compete in the AI Cyber Challenge! We're proud to be building at the cutting edge of AI and security—combining techniques like chain-of-thought and resource augmented generation with static analysis excellence.

DARPA

@DARPA

4 months

Congrats to the 7 companies that will receive $1 million each to develop AI-enabled cyber reasoning systems that automatically find and fix software vulnerabilities as part of the #AIxCC Small Business Track! Full announcement: .

14

88

282

6

8

102

Zellic

@zellic_io

1 year

We recently partnered with the @cosmos_sdk team to perform a security review of a new Cosmos component for Ledger hardware wallets. In this thread, we'll walk through a couple of interesting findings, one of which could have lead to remote code execution on the Ledger!

3

17

100

Zellic

@zellic_io

6 months

Pairings, particularly in the context of elliptic curves, have become an important cryptographic building block. Let’s dive into what pairings are, what problems they solve, and where they are used, with a particular focus on elliptic curve pairings. Read more👇🧵

5

24

91

Zellic

@zellic_io

2 years

Congrats to our CMO @hacker_ on his $100k bounty for securing @opensea 🎉🥳

Corben Leo

@hacker_

2 years

I'm uncomfortable tweeting stuff like this out, but... I found a critical vulnerability in @opensea this weekend and reported it through @Hacker0x01 . They fixed the issue within 3 hours of reporting and I just got this notification👏🫢

340

311

5K

3

5

96

Zellic

@zellic_io

1 year

The ZK landscape is always changing so it can be hard to keep up. But, before you advance you need to know the basics. In our newest blog, we explore 3 applications on zkSNARKs: ✅ zkEVMs ✅ zkBridges ✅ ZK programming languages Let's take a look at some insights below:👇🧵

2

20

81

Zellic

@zellic_io

1 year

Move's security model revolves around certain key invariants. Similar to Rust, Move prohibits multiple simultaneous mutable references. Having multiple mutable references would completely break the language and VM. For instance, you could drain a Coin that you no longer own!

4

3

87

Zellic

@zellic_io

2 years

2

8

85

Zellic

@zellic_io

2 years

what being a smart contractor auditor is really like

2

11

85

Zellic

@zellic_io

1 year

Though the Move language is designed to make it difficult to write bugs, it is still possible — and smart contract bugs almost always have the potential for adverse financial impact. After many @Aptos_Network audits, here are the most common bug types we've observed: 👇🧵

6

15

80

Zellic

@zellic_io

2 years

Our first batch of audit reports is live! Proud to share our assessment results for @driftprotocol , @LayerZero_Labs ' @StargateFinance , and @1inch ! We're ready to take on your Solana and Ethereum needs. Let's secure DeFi together🎉

GitHub - Zellic/publications: Zellic's audits, publications, and reports

Zellic's audits, publications, and reports. Contribute to Zellic/publications development by creating an account on GitHub.

github.com

4

15

74

Zellic

@zellic_io

1 year

This weekend, we played 0xmonaco @matchbox_dao , a web3 gaming competition. We developed a highly profitable racing strategy by leveraging clever math and bugs. We got DQ-ed😅 In this thread, we'll break down: 🎯 our car's unique strategy 🎯 the vulnerabilities our car exploited

4

14

81

Zellic

@zellic_io

2 years

Solana development is error-prone. To solve this issue, people often use Anchor. However, there are many "gotchas" in Anchor that lead to vulnerabilities. "The Vulnerabilities You’ll Write With Anchor" highlights issues to be aware of.

3

14

73

Zellic

@zellic_io

2 months

Zellic is proud to announce the release of SOLP, our internal Solidity analysis library written in Python! The library is fast and easy to use, aimed at both developers and auditors. Read more to find out what SOLP can do and how to use it. Learn more:

SOLP: A Stand-alone Solidity Analysis Library | Zellic — Research

Zellic is proud to announce SOLP, a library for analyzing and transforming Solidity source code

www.zellic.io

3

11

80

Zellic

@zellic_io

1 month

Zellic 🙌 @CL207

3

6

76

Zellic

@zellic_io

11 months

Collateralized debt positions (CDPs) and lending protocols are at the core of DeFi. In this thread, we'll ✅ Share common bugs in CDPs and lending protocols ✅ Tour real-life examples that led to major hacks Let's get started!

3

68

67

Zellic

@zellic_io

2 years

Billions of dollars stolen. Of top DeFi hacks, half of the protocols exploited for nine-figures are *cross-chain bridges*. ⛓️🌉 But surprisingly, the root cause is usually NOT a coding mistake. A META-ANALYSIS THREAD.👇

3

21

73

Zellic

@zellic_io

1 year

Many ZK protocols are using relatively unfamiliar hash functions instead of the widely adopted SHA-2 and SHA-3, but why? In this thread we explain the rationale and performance behind ZK-friendly hash functions. Read more👇🧵:

3

25

70

Zellic

@zellic_io

9 months

We’re proud and excited to share Zellic’s new visual identity and website, designed by @restlessorg . Check out our new website here:

6

5

67

Zellic

@zellic_io

2 years

Developing in Move? Our latest blog post explores the security pitfalls of the Move language. Move Fast & Break Things: Move Security Pt. 1:

5

17

58

Zellic

@zellic_io

21 days

What would you do if your medical records were leaked, or your confidential financial transactions were exposed? FHE is a branch of cryptography that allows computations to be performed on encrypted data. To the party performing the computation, FHE is like a black box. They

2

14

63

Zellic

@zellic_io

2 months

SECURITY ADVISORY Zellic discovered two critical issues in certain forks of Gains Network. We worked with the teams to responsibly disclose these issues. The issues allowed attackers to create trades that always made 900% profit (the max allowed). Here’s how the bugs worked:

1

9

58

Zellic

@zellic_io

10 months

In our first guided tour of the ZK landscape, we covered three zkSNARK applications: zkEVMs, zkBridges, and ZK programming languages. On this leg of the tour, we'll be reviewing these applications of ZK: ✅ ZK payments ✅ ZK hardware acceleration ✅ zkVMs Let's get started👇🧵

5

12

48

Zellic

@zellic_io

2 years

We audited SPL-Token-2022 for the @SolanaFndn . It's an update for the SPL-Token program. In our review, we found an inflationary bug that would've allowed infinite minting of tokens for free. The audit was pre-launch. The code was not enabled, so no funds were at risk. 👇🧵

2

12

53

Zellic

@zellic_io

2 years

🍣 Hey Sushi lovers, 🎉 We're excited to announce our security partnership with @SushiSwap ! @SushiSwap 's proactive security measures include engaging with us on a regular basis to maki sure your funds are always SAFU 🔒🫡

3

5

48

Zellic

@zellic_io

2 years

Zellic is proud to be the first audit firm backing their audit with a real stake. Incentive alignment is a HUGE industry-wide problem, and founders deserve better! Our partnership with Ante Finance is the first step toward addressing this issue: 👉

Ante x Zellic: Audit Incentive Alignment | Zellic — Research

The first audit firm to stake ETH behind the effectiveness of an audit

www.zellic.io

4

9

49

Zellic

@zellic_io

10 months

The power of one word. Here's how one word resulted in a critical security vulnerability affecting all three million dollars' worth of staked Premia Finance tokens. Read more:

1

10

51

Zellic

@zellic_io

1 year

If you can just drop the undroppable object, you can just... not repay the loan. You can just take out all the money and walk away. That's just one thing the bug would've allowed.

1

2

50

Zellic

@zellic_io

7 months

Ledger wallet got hit by a supply chain attack, exploiting that their connect-kit-loader library. A phished credential token was enough to publish a newer version. It was automatically included and distributed further. Let's do a deep dive on how the drainer worked 👇🧵

2

8

46

Zellic

@zellic_io

7 months

Zellic and @immunefi are partnering to build a more secure Web3! This partnership will enable our customers to strengthen their security posture with a holistic security suite. For more details on this partnership join our Twitter Spaces with Scroll on Thursday at 2:30pm EST!

3

8

45

Zellic

@zellic_io

1 year

Earlier this morning, @safemoon 's Liquidity Pool was compromised and USD 8.9M worth of tokens were withdrawn. After looking at the transaction trace and the recent contract changes, we can tell you what happened:

2

7

45

Zellic

@zellic_io

2 years

Ever wondered what's up with Sui, and what the differences between Sui and Aptos are? Check out our new blog post! We introduce Sui, and highlight the differences between Sui, Aptos, and core Move. We also point out a few key security considerations.

Move Fast & Break Things, Part 2: A Sui Security Primer | Zellic — Research

Exploring the security pitfalls of the Move language in Sui compared to Aptos

www.zellic.io

4

12

38

Zellic

@zellic_io

5 months

The Zellic cryptography team recently placed second overall in the most recent @__zkhack__ competition, ZK Hack IV, with three puzzles created by @__geometrydev__ . For a look into the three puzzles and the solution code, check out our latest blog below.

2

9

45

Zellic

@zellic_io

4 months

You may have seen Groq's recent demo, with state-of-the-art LLM inference speed. But how is it so fast? We did a deep dive into Groq’s whitepaper (surprisingly easy to read!) to find out. Here’s how:🧵👇

1

5

43

Zellic

@zellic_io

5 months

Zellic is proud to be a founding member of the crypto Security Alliance (SEAL) to advance the state of best practices in blockchain security. Our Co-Founder and CTO @ret2jazzy is already a first responder for SEAL 911, a group of highly trusted security researchers available on

Security Alliance

@_SEAL_Org

5 months

Hello world!

24

61

336

1

5

42

Zellic

@zellic_io

2 years

17/ Audit drift is a major problem in Web3 security. Many projects seek out a single audit. Audits are often only a POINT-IN-TIME SNAPSHOT of the code. New code is often NOT AUDITED. New code must be rigorously tested or audited, as it can introduce new bugs, like in this case.

1

3

38

Zellic

@zellic_io

2 years

5/ However, Slope has been using Sentry for only 1 week now. **Hypothetically**, an attacker *with access to Sentry* could go through event logs and steal the thousands of mnemonics leaked in the past week Then drain thousands of wallets.

3

2

37

Zellic

@zellic_io

6 months

As 2023 comes to a close, we wanted to reflect on what our amazing team was able to accomplish this year. Let's take a look back.

2

4

39

Zellic

@zellic_io

2 years

New blog post! Breaking Down the Economics of DeFi Hacks:

0

8

37

Zellic

@zellic_io

2 years

6/ Wallets using Sentry or other analytics platforms need to be aware of what information is being logged. With Sentry, it's possible to scrub data you don't want to be logged. This can be done with server-side scrubbing or in the Sentry SDK.

1

4

36

Zellic

@zellic_io

8 months

We are excited to share write-ups for two @paradigm_ctf challenges from @farazsth98 , a Security Researcher at Zellic. We'll be looking at Grains of Sand and Hopping Into Place! For an in-depth look into both challenges, check out our blog:

1

6

32

Zellic

@zellic_io

1 year

We are ecstatic to partner with @MaiaDAOEco for a comprehensive security assessment of the Maia Ecosystem Reward System! Maia DAO is building a decentralized, community owned Omnichain Yield and Liquidity Marketplace. We are excited to share more in the coming days!

2

8

33

Zellic

@zellic_io

3 months

Ever wondered why multiparty computation (MPC) protocol wallets are considered the most secure of all crypto wallets? To find out why, we’ll look into: 1. What MPC is 2. MPC wallet functions 3. Vulnerabilities Let’s take a look at these functions below👇🧵

1

4

35

Zellic

@zellic_io

11 months

Meet Cairo, the native language of Starknet. In this thread we'll: ✅ Introduce Cairo & Starknet ✅ Explore the security features of Cairo ✅ Examine potential pitfalls when writing contracts in Cairo ✅ Give you things to consider when writing secure code Let's dig in👇🧵:

5

11

33

Zellic

@zellic_io

2 years

18/ For mission-critical and high-assurance code, simple unit test suites are INSUFFICIENT. * INTEGRATION tests, on a MAINNET FORK must be done. * NEGATIVE TESTS are necessary as well. A simple negative test for processing invalid messages would likely have caught this mistake!

1

4

34

Zellic

@zellic_io

2 years

Artifacts for experiments now available here: Enjoy!

2

4

33

Zellic

@zellic_io

6 months

In 2018, our co-founders @ret2jazzy and @gf_256 , along with a few other friends, founded perfect blue. That team went on to become the top-ranked CTF team worldwide, placing 1st in 2020, 2021, and now 2023 as part of their collab Blue Water. Happy new year, everyone!🎉

perfect blue

@pb_ctf

6 months

2023 was another great year for the team! 🎉 Blue Water, a collab between perfect blue and @Water_Paddler , placed 1st in CTFtime globally!🏆 🥇1st place in 6 CTFs 💻Hosted a successful pbctf 2023 In the past, we also placed first in 2020 and 2021.✌ Looking forward to 2024!🎆

0

15

100

1

4

34

Zellic

@zellic_io

1 year

Zellic event is live!! 🎉 #ETHDenver2023

2

1

32

Zellic

@zellic_io

3 months

We’re excited to share the new Zellic Reports site with a refreshed visual identity and layout! The new site includes our finalized audit reports and public findings uncovered by our team of security researchers. Check out the new reports site here:

1

2

32

Zellic

@zellic_io

2 years

To speed things up, I used multiprocessing to run it on all 32 cores of my CPU. Still, the verification wasn't too fast.

2

30

Zellic

@zellic_io

9 months

Predictable random data should never happen, but sometimes it does. These tools and wallets used weak randomness, resulting in $1M+ loss: • Libbitcoin Explorer • Trust Wallet • Profanity • Cake Wallet But how could this have been prevented? 🧵👇

1

7

31

Zellic

@zellic_io

2 years

After running our code, it yields unsat! That means the formula is correct for all values from 0 to 200000000000! That's a way bigger range than we initially checked. No way we could manually check this in a reasonable time.

2

0

30

Zellic

@zellic_io

1 year

In 2022, Zellic completed 90+ security assessments. 🛠 93 audits ⚠ 126 high impact findings ❌ 42 of those 126 findings were critical 🎯 51 of our 93 audits uncovered high impact issues Our clients innovate at a breakneck pace. They trust Zellic to keep them ahead.

1

2

30

Zellic

@zellic_io

2 years

Want to formally-verify your Move contracts? We created an example-based guide to show you how to use the Move Prover effectively! Let's secure those contracts 🛡️

GitHub - Zellic/move-prover-examples: A gentle, example-based guide to getting started with the...

A gentle, example-based guide to getting started with the Move prover. - Zellic/move-prover-examples

github.com

5

9

25

Zellic

@zellic_io

1 year

Building on Cosmos? Check out our latest blog post for a security focused introduction to Cosmos. Exploring Cosmos: A Security Primer

1

8

28

Zellic

@zellic_io

3 months

Last month we were announced as one of the seven winners of @DARPA AIxCC’s Small Business Track! In our newly published blog, we share a high-level overview of our winning proposal and perspective on the challenges that informed our eventual design.

Zellic Wins $1M From DARPA in the AI Cyber Challenge | Zellic — Research

DARPA awarded Zellic $1M in the AI Cyber Challenge's Small Business Track

www.zellic.io

1

5

29

Zellic

@zellic_io

2 years

0

1

25

Zellic

@zellic_io

2 years

So, we set out on verifying the function's correctness ourselves. It's a pure function that converts days since epoch to y/m/d. Let's compare it against Python's datetime module as a ground truth. We ported the code to Python, and ran it for all UNIX timestamps 30 years from now.

1

0

27

Zellic

@zellic_io

5 months

Check out our new blog post on building Yao's garbled circuits MPC from scratch!

MPC From Scratch: Everyone Can Do it! | Zellic — Research

Building an implementation of garbled circuits from the ground up

www.zellic.io

cts 🌸🏳️‍⚧️

@gf_256

5 months

In 2008, the Danish government used cutting-edge cryptography to auction 25,000 tons of beets. The auction was needed to set the price of sugar beets. However, the farmers didn't want to show their hand. Rather than hire expensive consultants, they used MPC to implement this

28

230

2K

0

7

23

Zellic

@zellic_io

2 years

It gives us some warnings, but the verification succeeds! The cvc4 SMT solver is able to verify billions of values in just a few seconds by actually proving facts about the equations! (I had to compile solc from source to enable cvc4, which is faster than z3)

2

0

28

Zellic

@zellic_io

2 years

This shows correctness, but only for a given range of values (+/-30 years). It doesn't provide any assurance for any other values. And verifying large ranges of values takes too long. My next instinct was to reach for formal verification using SMT solvers (theorem provers).

2

0

28

Zellic

@zellic_io

2 years

7/ Furthermore, if sensitive data has been logged, remove it from Sentry. Removing events is not enough, you must also remove the Sentry tags. This can be done in "Project Settings > Tags" to remove any related data for a given tag.

1

4

27

Zellic

@zellic_io

2 years

New blog post! An overview of the important changes Proof-of-Stake will bring to Ethereum post-merge, and what developers should be aware of to secure their smart contracts. Read it here:

0

10

27

Zellic

@zellic_io

2 years

SMTChecker is amazing. I implemented the two functions in Solidity, then added an assert to verify they're the same. Look how many values we're verifying here!

1

0

26

Zellic

@zellic_io

2 years

3/ First, let's talk about Sentry. Sentry is an event logging platform used for reporting errors in apps. If a certain event occurs in the app, a request containing the details & environment is logged to the company's Sentry. Many companies use Sentry on websites & mobile.

1

3

27

Zellic

@zellic_io

2 years

9/ If you have used Slope, you should generate a new wallet and migrate your assets there. The private keys previously used in Slope should be considered compromised.

2

7

26

Zellic

@zellic_io

8 months

We’re hiring! Zellic is expanding its Growth team to help us drive business development and partnership initiatives. If you’re looking to join a small and extremely ambitious team (who values substance and tech, not hype), check out our job posting for more details:

2

1

26

Zellic

@zellic_io

2 years

19/ TL;DR : Bugfix introduced a regression, that combined with a curiously initialized storage slot, led to a severe vuln. Attackers copycatted each other, messily draining the bridge over an hour. Negative testing may have prevented this bug.

2

3

24

Zellic

@zellic_io

1 year

We’re pleased to announce that our assessment of Cega’s Ethereum smart contracts is complete. @cega_fi is building a decentralized exotic derivatives protocol. This review found no critical vulnerabilities, and any issues raised were promptly resolved.

1

2

21

Zellic

@zellic_io

2 years

We are excited to partner with @LaminarMarkets for a comprehensive security assessment! Laminar is building the first, fully decentralized Spot DEX @AptosLabs ! We're looking forward to securing their on-chain systems!

6

7

16

Zellic

@zellic_io

2 years

20/ We will continue to investigate and work with the relevant teams. Follow @zellic_io and stay tuned for more. We have extensive experience securing cross-chain applications and we would love to help your protocol.

2

1

24

Zellic

@zellic_io

2 years

This wasn't our first seeing BokkyPooBah's DateTime library. Many other projects depend on this code as well. This made me wonder--with a magic looking formula like this, has this code been actually verified? If there were a bug, it would be a vulnerability across many projects.

1

0

23