Blog

  • Request Audit

    Please answer the questions below and click the Submit button.
  • DD slash MM slash YYYY
    When will your code be 100% finished and ready for audit?
    We'll send you automated emails if audit slots become available on short-notice. You can opt out anytime. This is not a newsletter.
Book an Audit

Curve LP Oracle Manipulation: Post Mortem

On April 14, we informed Curve and affected projects about a read-only reentrancy vulnerability in some Curve pools. More specifically, the value of function get_virtual_price can be manipulated by reentering it during the removal of liquidity. Now, since all teams secured their projects, we are happy to share the technical details. Background Curve is an…

Read More

Heartbreaks & Curve LP Oracles

It’s easy to get tricked by lies and deception when you’re blinded by beauty. Taking off rose-colored glasses can be heartbreaking but getting them smashed on your face will be disastrous. Oracle manipulations are quite similar. They deceive you into not seeing the true value of something. Once you realize, the world around you is…

Read More

Why is Oracle Manipulation after the Merge so cheap? Multi-Block MEV.

Proof of Stake is coming Ethereum’s Merge is coming soon™ and will be moving the network from PoW to PoS. This is a consensus layer change and will have relatively few effects on the application layer. However, there is a consensus layer change that can affect the security model of certain smart contracts: The way…

Read More

PolPatrol – Validator for Polkadot Runtimes

ChainSecurity is happy to release PolPatrol, an automated validator for testing the stability and security of Polkadot runtimes with respect to generic security and performance properties. Since Polkadot’s relay chain runtime lies at the core of the Polkadot network, the current version of PolPatrol focuses on ensuring that relay chain runtimes are secure and functionally…

Read More

Istanbul Hardfork EIPs – Changing Gas Costs and More

The Ethereum network will soon have its next hardfork called Istanbul. Many Ethereum Improvment Proposals (EIPs) were submitted to be included in that hardfork. Six EIPs have been accepted for Istanbul, but due to the large number of proposals eight have been tentatively accepted and will likely be part of another hardfork, called Berlin. The…

Read More