AI as a Force Multiplier for Security Engineers
AI has not replaced auditors. It has made strong auditors faster and more powerful, while also amplifying attackers.
By Kirk Baird
Tag
#security
40 posts tagged
Go for Security Auditors: Part 1 - Syntax That Will Trip You Up
The first in a three-part series on auditing Go code, covering deceptive syntax, common pitfalls like nil maps and slice aliasing, testing gotchas, and compiler pragmas that hide security-relevant behaviour.
Defensive Protocol Design
This article covers protective steps developers can take to prevent protocol exploits via defensive design.
By Kree Dotcom
Your first ZK vulnerabilities: From ZeroKnowledge of ZK to OneKnowledge
An introduction to ZK circuit security, exploring fundamental mental models for creating and thinking about ZK circuits. Learn about under-constrained variable vulnerabilities that appear in ZK code through a practical Circom example.
Fusaka's Impact On Smart Contract Security
A summary of Ethereum's Fusaka upgrade and its implications on smart contract functionality.
The Ultimate Guide to the Top for Security Researchers: Setting Sail
A comprehensive four-part series guide for security researchers who want to rise faster, build reputation, and make lasting impact in the web3 security space, from foundations to mastery and consistent results.
By Shealtielanz
SP1 and zkVMs: A Security Auditor's Guide
Practical security checklist and auditing guide for engineers reviewing SP1/RISC-V guest programs (also useful for Risc0). Covers input validation, 32-bit pitfalls, third-party dependency compatibility, overflow protection and verification key handling.
By Kirk Baird
The Economics of MEV in Cross-Chain Bridge Exploits: A Game-Theoretic Analysis
An explanation of how MEV affects cross-chain bridge exploits and the incentives driving them.
Pectra's Impact On Smart Contract Security
A summary of Ethereum's Pectra upgrade and its implications on smart contract functionality.
Live EigenLayer Bug Discovered During Sidecar Security Review
Analysis of a critical division-by-zero vulnerability in the EigenLayer sidecar rewards calculation process, its potential DoS impact, and the implemented fixes.
By Andy Li
A Security Engineer's Guide to Reviewing Core Blockchain Nodes
A comprehensive methodology for conducting security reviews of blockchain infrastructure, using Reth as a practical example
By Kirk Baird
Common Vulnerabilities: Oracles and Pricing - Smart Contracts
To achieve composability in DeFi, many projects require external sources of truth or price feeds. This article explores the common vulnerabilities in the use of pricing and oracles with real-world examples.
By Kree Dotcom
Transitioning from EVM to SVM: Key Concepts for Solana Security Assessments
Key concepts to understand the Solana Virtual Machine (SVM).
By Dimaz Wijaya
NEAR Smart Contract Auditing: Accounts & Access Control
This article explores how NEAR's unique account system combines human-readable names with multi-tiered permissions, examining the security implications and providing practical guidance for implementing robust access control in smart contracts.
Unraveling a Curious Edge Case in EigenLayer's Slashing Accounting
Examining an interesting edge case discovered in EigenLayer's beacon chain slashing calculation that affects withdrawable share calculations.
NEAR Smart Contract Auditing: Storage
In this article, we dive into the storage system of the NEAR blockchain. We'll explore how storage works on NEAR, how to use it securely, and highlight some of the common pitfalls.
NEAR Smart Contract Auditing: Sharding & Cross Contract Calls
NEAR Protocol introduces Nightshade sharding to tackle blockchain scalability while maintaining security. This article explores the security implications of cross-contract calls in sharded environments, demonstrating both proper implementation patterns and potential vulnerabilities through practical examples.
Common Vulnerabilities: Protocol Governance and DAOs - Smart Contracts
Many DeFi Protocols have decentralised using DAOs and token governance. This article explores the common vulnerabilities in the governance of DAOs with real-world examples.
By Kree Dotcom
Common Vulnerabilities: Liquid Restaking Protocols - Smart Contracts
Liquid Restaking protocols are a big trend in the DeFi space. This article explores the common vulnerabilities in liquid restaking protocols with real-world examples.
Forge Testing Leveling
Enhancing Forge testing with fuzzing and invariant testing for smart contract security.
By Dimaz Wijaya
The Effects of Ethereum's Upgrades on Smart Contracts
A summary of Ethereum's upgrades and their implications on smart contract functionality.
On the Importance of the Security Alliance
About the new Security Alliance and why we support it
Using Proxies: An Essential Guide
A practical guide to safe choices and best practices when deploying proxies for a project
Rogue Key Attack on Gennaro et al. DKG for Polynomials of Excessive Degree
A rogue key attack on Gennaro et al. DKG for polynomials of excessive degree, allowing full control of the private key
By Kirk Baird
Beacon Fuzz - Update #09
Beacon Fuzz - Update #09
Beacon Fuzz - Update #08
Beacon Fuzz - Update #08
Beacon Fuzz - Update #07
Beacon Fuzz - Update #07
Beacon Fuzz - Update #06
Beacon Fuzz - Update #06
Beacon Fuzz - Update #05
Beacon Fuzz - Update #05
Beacon Fuzz - Update #04
Beacon Fuzz - Update #04
Beacon Fuzz - Update #03
Beacon Fuzz - Update #03
Beacon Fuzz - Update #02
Beacon Fuzz - Update #02
Beacon Fuzz - Update #01
Beacon Fuzz - Update #01
Announcing Beacon Fuzz, an Eth2 Differential Fuzzer
Beacon Fuzz Update #00
Lighthouse Fuzzing Update
Update on fuzzing our Ethereum 2.0 client, Lighthouse.
By Kirk Baird , Mehdi Zerouali
Dapper Ethereum Smart Contract Wallet: Security Review
This post shares publicly the details of a security assessment conducted by Sigma Prime, which targeted an Ethereum smart contract wallet developed by Dapper Labs.
Status ENS Integration: Smart Contract Security Review
This post shares with the public details of a security review performed by Sigma Prime, which targeted an Ethereum Name Service (ENS) registrar developed by Status.
Lighthouse Security Considerations
Introduction to Rust security and fuzzing, with particular focus on our ethereum 2.0 client, lighthouse.
Purity in the EVM
A definition of purity in the Ethereum EVM with strategies for detecting purity on-chain.
By Paul Hauner
Solidity Security: Comprehensive list of known attack vectors and common anti-patterns
This post aims to be a relatively in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity developers in an effort to prevent future devs from repeating history.
Other tags
Working on something in this space?
Sigma Prime audits Ethereum protocols, smart contracts, and consensus implementations.
Request a scoping callServices
Products
Resources
Company
Social
© Copyright 2026 by Sigma Prime. All Rights Reserved.