// Blog

Insights & Research

Hunting methodologies, live war room stories, disclosures, and thought leadership on the state of web3 security.

1 / 3

Returndata Bombing RAI's Liquidation Engine - A Critical Bug Worth $0

How a spec-compliant savior contract crashes liquidations, and why governance rubber stamp became the perfect excuse to avoid paying bounties.

A behind-the-scenes look at how Optimism nodes read new data, and how one small parsing detail could have caused a consensus split on the network.

How a tiny missed check could let someone block new Polymarket polls, discovered with a simple search in an old audit.

A story about how a routine Optimism upgrade accidentally opened the door to withdrawing the same ETH twice.

How bug bounty results get decided, why people argue about severity, and a practical way to judge fairly.

Uncovering a bridging attack that could freeze NFTs in limbo as they are transferred.

1 / 3