// Blog

Insights & Research

Hunting methodologies, live war room stories, disclosures, and thought leadership on the state of web3 security.

1 / 3
Returndata Bombing RAI's Liquidation Engine - A Critical Bug Worth $0
Bounty

Returndata Bombing RAI's Liquidation Engine - A Critical Bug Worth $0

How a spec-compliant savior contract crashes liquidations, and why governance rubber stamp became the perfect excuse to avoid paying bounties.

January 4, 2026Read more
A Realistic Breakdown of Optimism - Part 2
Bounty

A Realistic Breakdown of Optimism - Part 2

A behind-the-scenes look at how Optimism nodes read new data, and how one small parsing detail could have caused a consensus split on the network.

March 27, 2025Read more
No More Bets
Research

No More Bets

How a tiny missed check could let someone block new Polymarket polls, discovered with a simple search in an old audit.

February 25, 2025Read more
A Realistic Breakdown of Optimism - Part 1
Audit

A Realistic Breakdown of Optimism - Part 1

A story about how a routine Optimism upgrade accidentally opened the door to withdrawing the same ETH twice.

December 27, 2024Read more
The Art of Judging Bug Bounties
Security

The Art of Judging Bug Bounties

How bug bounty results get decided, why people argue about severity, and a practical way to judge fairly.

May 20, 2024Read more
Learning by Breaking - A LayerZero Case Study - Part 3
Bounty

Learning by Breaking - A LayerZero Case Study - Part 3

Uncovering a bridging attack that could freeze NFTs in limbo as they are transferred.

March 3, 2024Read more
1 / 3