Finally got around to doing a write-up: Breaking GitHub Private Pages for $35k
This was my first and biggest bounty. Found with @ginkoid on @Hacker0x01 :) #togetherwehitharder
in light of the recent Bybit hack, what can Solana teams do to be more secure? Solana has a unique signature model, that is arguably safer for multisigs.
I wrote a quick post exploring this model, proposing a procedure for safe signing.
I helped with the @vyperlang whitehat and recovery. Here's a timeline and postmortem for what happened. In both cases, we lost the race to the hacker(s) by less than 10 minutes.
How can you trust a program without understanding it?
We (.@GSfilatino) upgraded our Solana reverse engineering framework for this month's [REDACTED] hackathon.
We integrated an MCP client into our decompiler plugin, automating parts of the reverse engineering process like type
Coming to Solana Accelerate? I'll be speaking at the Scale or Die conference on May 19-20. Shoot me a DM if you're interested in talking about decompiling Solana programs :)
We’ve been doing a ton of cool Solana research lately, and I’ll be sharing some of it at #breakpoint2023!
Will be giving a talk on "Fuzzing, Formal Verification, and a Loss of Funds". Hope to see you in Amsterdam :)
How do we make smart contracts structurally safer?
An exploration into some of Move's key features: Type safety and formal verification.
osec.io/blog/tutorials…
Closed source @Solana programs used to be safe. We’ve changed that.
Learn how to hack Solana programs with our open-source #BinaryNinja plugin 👇
osec.io/blog/tutorials…