In this blog, we will dive into a critical-severity vulnerability identified in the Centrifuge review, where a router contract flaw could allow a bad actor to gain control of a vault.

In this article, we will dive into a high-severity vulnerability identified in the Fastlane Atlas review, where inconsistencies in bid calculations within the `solverMetaTryCatch()` function present a significant risk to the bidding process.

When progressing through each stage of the development lifecycle, there are a multitude of security considerations to take into account. During the early stages of system design, for example, an architectural review is pivotal. Once a feature set is frozen, comprehensive test coverage is considered a non-negotiable. Consultations with a security expert are the perfect way to ensure that, at every stage, your protocol is implementing best practices. That’s where vCISO comes in. vCISO is Spearbit’s answer to this need for a trusted third party advisor with the expertise to enhance your project’s security posture, no matter what stage of development you’re in.

Testing is a broad term for the process of identifying vulnerabilities in a systematic manner. In any security-conscious development lifecycle, testing is a non-negotiable. With the web3 industry still maturing, the current issue is that many projects don’t test enough, or worse, don’t test at all. This increases the risk of undetected vulnerabilities for a project, and dilutes any additional security engagements they may undergo. In this article, we will explore different forms of testing and how the adoption of these processes can benefit individual projects and the ecosystem as a whole.

This article explores the successful collaboration between SAP, a leader in enterprise application software, and Spearbit, a network of top security researchers, to conduct a security review of SAP's NFT Management platform.

This article is a written breakdown of Kurt Barry’s seminar delivered at Spearbit.

At Spearbit, we have established a reputation for conducting very thorough smart contract and protocol security reviews. Our focus often centers around the reviews themselves, the dedicated researchers conducting them, and the significant findings they reveal. However, one aspect that merits additional emphasis is **Security Review Readiness** for protocols where there is an intentional effort to prepare the codebase, technical documentation, resources, and communication structure to streamline the security review and maximize potential results.

This article is a written breakdown of Ryan Zarick’s, CTO of LayerZero labs, seminar delivered at Spearbit. Ryan dives into building cross-chain with a security-first mindset.

Spreek presented a deep-dive into the Platypus Finance hack during an internal Spearbit Seminar. Platypus Finance is an AMM protocol on Avalanche, and it's primarily designed for exchanging stablecoins.

This article is a written breakdown of the Primitive Finance team’s seminar delivered at Spearbit on Arbiter - a tool designed to execute EVM logic with full parity as quickly as possible. It is able to do this by interfacing with the Rust implementation of EVM called revm and can simulate price processes and price action with smart contracts under a DeFi Context.

This article is a written breakdown of Porter Adam’s seminar delivered at Spearbit, an experienced blockchain security researcher. He delved into the topic of Zero-Knowledge Proofs (ZKP) and their potential applications within the sphere of verifiable computation.