Blog
Your source for high-signal Web3 security education and awareness.
spearbit

Vulnerability Deep Dive: Centrifuge Router Flaw

In this blog, we will dive into a critical-severity vulnerability identified in the Centrifuge review, where a router contract flaw could allow a bad actor to gain control of a vault.

samaraadmin

samaraadmin

October 15, 2024

spearbit

vCISO: Your consultative security partner

When progressing through each stage of the development lifecycle, there are a multitude of security considerations to take into account. During the early stages of system design, for example, an architectural review is pivotal. Once a feature set is frozen, comprehensive test coverage is considered a non-negotiable. Consultations with a security expert are the perfect way to ensure that, at every stage, your protocol is implementing best practices. That’s where vCISO comes in. vCISO is Spearbit’s answer to this need for a trusted third party advisor with the expertise to enhance your project’s security posture, no matter what stage of development you’re in.

Spearbit

Spearbit

July 24, 2024

spearbit

The importance of testing in securing your project

Testing is a broad term for the process of identifying vulnerabilities in a systematic manner. In any security-conscious development lifecycle, testing is a non-negotiable. With the web3 industry still maturing, the current issue is that many projects don’t test enough, or worse, don’t test at all. This increases the risk of undetected vulnerabilities for a project, and dilutes any additional security engagements they may undergo. In this article, we will explore different forms of testing and how the adoption of these processes can benefit individual projects and the ecosystem as a whole.

Spearbit

Spearbit

July 23, 2024

spearbit

A Spearbit Case Study: SAP

This article explores the successful collaboration between SAP, a leader in enterprise application software, and Spearbit, a network of top security researchers, to conduct a security review of SAP's NFT Management platform.

Spearbit

Spearbit

July 22, 2024

spearbit

Security review readiness guide

At Spearbit, we have established a reputation for conducting very thorough smart contract and protocol security reviews. Our focus often centers around the reviews themselves, the dedicated researchers conducting them, and the significant findings they reveal. However, one aspect that merits additional emphasis is **Security Review Readiness** for protocols where there is an intentional effort to prepare the codebase, technical documentation, resources, and communication structure to streamline the security review and maximize potential results.

Spearbit

Spearbit

January 10, 2024

spearbit

Cross-Chain Security with LayerZero Labs

This article is a written breakdown of Ryan Zarick’s, CTO of LayerZero labs, seminar delivered at Spearbit. Ryan dives into building cross-chain with a security-first mindset.

Spearbit

Spearbit

August 21, 2023

spearbit

Arbiter - EVM Logic Simulator for Security and Performance Testing

This article is a written breakdown of the Primitive Finance team’s seminar delivered at Spearbit on Arbiter - a tool designed to execute EVM logic with full parity as quickly as possible. It is able to do this by interfacing with the Rust implementation of EVM called revm and can simulate price processes and price action with smart contracts under a DeFi Context.

Spearbit

Spearbit

June 15, 2023

spearbit

Demystifying ZKPs with Porter Adams

This article is a written breakdown of Porter Adam’s seminar delivered at Spearbit, an experienced blockchain security researcher. He delved into the topic of Zero-Knowledge Proofs (ZKP) and their potential applications within the sphere of verifiable computation.

Spearbit

Spearbit

June 8, 2023