<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>OtterSec</title><description>Blockchain security audits and research.</description><link>https://osec.io/</link><item><title>Introducing rCTF v2</title><link>https://osec.io/blog/rctf-v2/</link><guid isPermaLink="true">https://osec.io/blog/rctf-v2/</guid><description>We’re releasing rCTF v2, an open-source platform for hosting cybersecurity capture-the-flag competitions.</description><pubDate>Tue, 14 Jul 2026 00:00:00 GMT</pubDate></item><item><title>Announcing the Save CTFs Fund</title><link>https://osec.io/blog/save-ctfs-fund/</link><guid isPermaLink="true">https://osec.io/blog/save-ctfs-fund/</guid><description>OtterSec is committing $100,000 to keep CTFs competitive in the age of AI. We break down why Jeopardy scoring is breaking down, what better formats might look like, and how to apply for sponsorship.</description><pubDate>Tue, 07 Jul 2026 12:00:00 GMT</pubDate></item><item><title>Auto reverse-engineering the Hyperliquid risk engine, with some agentic help</title><link>https://osec.io/blog/hyperliquid-risk-engine/</link><guid isPermaLink="true">https://osec.io/blog/hyperliquid-risk-engine/</guid><description>Perps allow traders to leverage beyond their collateral, until the market turns abruptly and losses are clawed back. We auto-reverse engineer Hyperliquid’s risk engine to show how it ranks and deleverages winning users under the solvency–fairness–revenue trilemma.</description><pubDate>Mon, 22 Jun 2026 12:00:00 GMT</pubDate></item><item><title>The goldmine of insecure WebView integrations</title><link>https://osec.io/blog/goldmine-of-insecure-webview-integrations/</link><guid isPermaLink="true">https://osec.io/blog/goldmine-of-insecure-webview-integrations/</guid><description>WebViews in mobile web3 wallets can quietly inherit the permissions granted to the wallet app itself. We found 20+ major wallets where a malicious dApp could access core permissions without authorization.</description><pubDate>Thu, 18 Jun 2026 12:00:00 GMT</pubDate></item><item><title>Pwning Minecraft: 4-byte heap overflow to RCE</title><link>https://osec.io/blog/minecraft-heap-overflow-to-rce/</link><guid isPermaLink="true">https://osec.io/blog/minecraft-heap-overflow-to-rce/</guid><description>We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise. Learn how a universal, Bedrock-specific technique is used to bypass ASLR and achieve arbitrary read/write primitives.</description><pubDate>Tue, 02 Jun 2026 12:00:00 GMT</pubDate></item><item><title>Unverified evaluations in Dusk’s PLONK</title><link>https://osec.io/blog/unverified-evaluations-dusk-plonk/</link><guid isPermaLink="true">https://osec.io/blog/unverified-evaluations-dusk-plonk/</guid><description>Dusk’s privacy layer protects ~$60M of DUSK and hinges on one proof check. dusk-plonk’s verifier never validated four of the prover’s polynomial commitments, enough to mint DUSK from nothing and forge shielded spends the network confirmed as real.</description><pubDate>Thu, 30 Apr 2026 12:00:00 GMT</pubDate></item><item><title>Patch gap to mobile renderer RCE: pwning Samsung Internet’s V8 on the Galaxy S25</title><link>https://osec.io/blog/patch-gap-to-mobile-renderer-rce/</link><guid isPermaLink="true">https://osec.io/blog/patch-gap-to-mobile-renderer-rce/</guid><description>Samsung Internet on the Galaxy S25 shipped a six-month-old version of V8, exposing it to publicly known bugs. Learn how we exploited a bytecode interpreter vulnerability to achieve renderer RCE and universal XSS in the browser.</description><pubDate>Wed, 01 Apr 2026 12:00:00 GMT</pubDate></item><item><title>From virtio-snd 0-day to hypervisor escape: exploiting QEMU with an uncontrolled heap overflow</title><link>https://osec.io/blog/virtio-snd-qemu-hypervisor-escape/</link><guid isPermaLink="true">https://osec.io/blog/virtio-snd-qemu-hypervisor-escape/</guid><description>Turning an uncontrolled heap overflow into a reliable QEMU guest-to-host escape using new glibc allocator behavior and QEMU-specific heap spray techniques.</description><pubDate>Tue, 17 Mar 2026 12:00:00 GMT</pubDate></item><item><title>Unfaithful claims: breaking 6 zkVMs</title><link>https://osec.io/blog/zkvms-unfaithful-claims/</link><guid isPermaLink="true">https://osec.io/blog/zkvms-unfaithful-claims/</guid><description>A zkVM verifier should be faithful to one thing above all else: its public claims. Yet we found six systems where this guarantee breaks. Learn how a subtle ordering bug lets an attacker bypass the cryptography entirely and prove mathematically impossible statements.</description><pubDate>Tue, 03 Mar 2026 12:00:00 GMT</pubDate></item><item><title>ERC-4337 paymasters: better UX, hidden risks</title><link>https://osec.io/blog/paymasters-evm/</link><guid isPermaLink="true">https://osec.io/blog/paymasters-evm/</guid><description>ERC-4337 paymasters unlock powerful UX by abstracting gas costs, but they also add complexity and subtle bugs. Explore some common pitfalls in real-world implementations and learn how to design production-ready paymasters.</description><pubDate>Tue, 02 Dec 2025 12:00:00 GMT</pubDate></item><item><title>How we broke exchanges: a deep dive into authentication and client-side bugs</title><link>https://osec.io/blog/how-we-broke-exchanges-oauth-misconfigurations/</link><guid isPermaLink="true">https://osec.io/blog/how-we-broke-exchanges-oauth-misconfigurations/</guid><description>OAuth misconfigurations show how common dev settings can lead to account takeovers. Explore real cases where failing to account for differences between desktop and mobile environments left SDKs, exchanges, and wallets vulnerable to exploits.</description><pubDate>Thu, 16 Oct 2025 12:00:00 GMT</pubDate></item><item><title>How to survive supply-chain attacks</title><link>https://osec.io/blog/how-to-survive-supply-chain-attacks/</link><guid isPermaLink="true">https://osec.io/blog/how-to-survive-supply-chain-attacks/</guid><description>The recent supply-chain attack on NPM showed how easily trusted dependencies can become delivery vectors for malware. Learn how the attack worked and practical defenses developers can implement to stay safe.</description><pubDate>Sat, 13 Sep 2025 12:00:00 GMT</pubDate></item><item><title>PoRv2: a fast, transparent ZK-based proof of reserves</title><link>https://osec.io/blog/how-proof-of-reserves-uses-zk-to-protect-your-funds/</link><guid isPermaLink="true">https://osec.io/blog/how-proof-of-reserves-uses-zk-to-protect-your-funds/</guid><description>Here, we explore zk-proofs, Merkle trees, and our new open-source implementation, PoRv2. Our proof of reserves enables users to verify exchange liabilities without relying on external auditors, setting a new standard for trust.</description><pubDate>Wed, 27 Aug 2025 00:00:00 GMT</pubDate></item><item><title>Compiler bug causes compiler bug: how a 12-year-old g++ bug took down Solidity</title><link>https://osec.io/blog/compiler-bug-causes-compiler-bug/</link><guid isPermaLink="true">https://osec.io/blog/compiler-bug-causes-compiler-bug/</guid><description>A subtle G++ bug from 2012, C++20’s new comparison rules, and legacy Boost code can collide to crash Solidity’s compiler on valid code. We unpack the surprising chain reaction and how to fix it.</description><pubDate>Mon, 11 Aug 2025 00:00:00 GMT</pubDate></item><item><title>Cosmos security: an otter’s guide</title><link>https://osec.io/blog/cosmos-security/</link><guid isPermaLink="true">https://osec.io/blog/cosmos-security/</guid><description>From infinite loops and map determinism to AnteHandler missteps and storage key collisions, we highlight real-world vulnerabilities and actionable advice for building safer Cosmos-based projects.</description><pubDate>Tue, 10 Jun 2025 00:00:00 GMT</pubDate></item><item><title>Solana: the hidden dangers of lamport transfers</title><link>https://osec.io/blog/king-of-the-sol/</link><guid isPermaLink="true">https://osec.io/blog/king-of-the-sol/</guid><description>Solana’s lamport transfer logic hides dangerous edge cases — from rent-exemption quirks to write-demotion traps. We dissect a deceptively simple smart contract game to expose how transfers to arbitrary accounts can silently fail, brick your program, or crown an eternal king.</description><pubDate>Wed, 14 May 2025 00:00:00 GMT</pubDate></item><item><title>Subverting Web2 authentication in Web3</title><link>https://osec.io/blog/subverting-web2-authentication-in-web3/</link><guid isPermaLink="true">https://osec.io/blog/subverting-web2-authentication-in-web3/</guid><description>Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. We explore vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups.</description><pubDate>Fri, 07 Mar 2025 00:00:00 GMT</pubDate></item><item><title>Solana multisig security</title><link>https://osec.io/blog/multisig-security/</link><guid isPermaLink="true">https://osec.io/blog/multisig-security/</guid><description>What can teams do if their multisig signers are compromised? We explore Solana’s transaction signing model and present a procedure for safe signing in the presence of malicious signers on Solana.</description><pubDate>Sat, 22 Feb 2025 00:00:00 GMT</pubDate></item><item><title>Hitchhiker’s guide to Aptos fungible assets</title><link>https://osec.io/blog/hitchhikers-guide-to-aptos-fungible-assets/</link><guid isPermaLink="true">https://osec.io/blog/hitchhikers-guide-to-aptos-fungible-assets/</guid><description>We take a deep dive into Aptos’ implementation of fungible assets, exploring the intricacies hidden within its functions, objects, and interactions. While the Fungible Asset model was designed to address the limitations and security flaws of the legacy Coin standard, it also introduced new challenges and vulnerabilities that developers should be aware of.</description><pubDate>Mon, 10 Feb 2025 00:00:00 GMT</pubDate></item><item><title>OtterRoot: Netfilter universal root 1-day</title><link>https://osec.io/blog/netfilter-universal-root-1-day/</link><guid isPermaLink="true">https://osec.io/blog/netfilter-universal-root-1-day/</guid><description>A peek into the state of Linux kernel security and the open-source patch-gap. We explore how we monitored commits to find new bug fixes and achieved 0day-like capabilities by exploiting a 1-day vulnerability.</description><pubDate>Mon, 25 Nov 2024 00:00:00 GMT</pubDate></item><item><title>Supply chain attacks: a new era</title><link>https://osec.io/blog/supply-chain-attacks-a-new-era/</link><guid isPermaLink="true">https://osec.io/blog/supply-chain-attacks-a-new-era/</guid><description>Unpacking Lavamoat and how it fights supply chain attacks in Web3. We spill the beans on some sneaky bypasses, illustrating just how tricky it is to lock down JavaScript ecosystems.</description><pubDate>Mon, 10 Jun 2024 00:00:00 GMT</pubDate></item><item><title>Rounding bugs: an analysis</title><link>https://osec.io/blog/rounding-bugs/</link><guid isPermaLink="true">https://osec.io/blog/rounding-bugs/</guid><description>Rounding-related hacks are having a moment in the spotlight. We explore these exploits, correct some popular misunderstandings, and provide mitigations.</description><pubDate>Thu, 18 Jan 2024 00:00:00 GMT</pubDate></item><item><title>Solana: jumping around in the VM</title><link>https://osec.io/blog/jumping-around-in-the-vm/</link><guid isPermaLink="true">https://osec.io/blog/jumping-around-in-the-vm/</guid><description>An exploration of low-level Solana VM behavior. How to escalate from a powerful memory corruption primitive to full program control.</description><pubDate>Mon, 11 Dec 2023 00:00:00 GMT</pubDate></item><item><title>MetaMask Snaps: playing in the sand</title><link>https://osec.io/blog/metamask-snaps/</link><guid isPermaLink="true">https://osec.io/blog/metamask-snaps/</guid><description>A deep dig into MetaMask Snaps. We explore safety considerations, environment design, and break down a property spoofing vulnerability in the Snaps sandboxing layer.</description><pubDate>Wed, 01 Nov 2023 00:00:00 GMT</pubDate></item><item><title>Web2 bug repellant instructions</title><link>https://osec.io/blog/web2-bug-repellant-instructions/</link><guid isPermaLink="true">https://osec.io/blog/web2-bug-repellant-instructions/</guid><description>An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.</description><pubDate>Fri, 11 Aug 2023 00:00:00 GMT</pubDate></item><item><title>Vyper hack timeline</title><link>https://osec.io/blog/vyper-timeline/</link><guid isPermaLink="true">https://osec.io/blog/vyper-timeline/</guid><description>A timeline and postmortem for the Vyper compiler bug. Thoughts on trust assumptions, vulnerability disclosures, and whitehat recoveries.</description><pubDate>Tue, 01 Aug 2023 00:00:00 GMT</pubDate></item><item><title>Solidity compilers: memory safety</title><link>https://osec.io/blog/solidity-compilers-memory-safety/</link><guid isPermaLink="true">https://osec.io/blog/solidity-compilers-memory-safety/</guid><description>An exploration into the Solidity compilation pipeline, optimization assumptions, and how it all relates back to memory-safe assembly.</description><pubDate>Fri, 28 Jul 2023 00:00:00 GMT</pubDate></item><item><title>Solana formal verification: a case study</title><link>https://osec.io/blog/formally-verifying-solana-programs/</link><guid isPermaLink="true">https://osec.io/blog/formally-verifying-solana-programs/</guid><description>We present a novel framework for formal verification of Solana Anchor programs — and a case study application to the Squads multisig.</description><pubDate>Thu, 26 Jan 2023 00:00:00 GMT</pubDate></item><item><title>Rust, realloc, and references</title><link>https://osec.io/blog/rust-realloc-and-references/</link><guid isPermaLink="true">https://osec.io/blog/rust-realloc-and-references/</guid><description>Rust is safe… right? Not if your dependencies are unsafe… A deep dive into a subtle Solana SDK bug, Rust internals, and how we found it all.</description><pubDate>Fri, 09 Dec 2022 00:00:00 GMT</pubDate></item><item><title>The Move Prover: a guide</title><link>https://osec.io/blog/move-prover/</link><guid isPermaLink="true">https://osec.io/blog/move-prover/</guid><description>A practical guide to the Move Prover — tutorial, case study, and specifications.</description><pubDate>Fri, 16 Sep 2022 00:00:00 GMT</pubDate></item><item><title>Move: an auditor’s introduction</title><link>https://osec.io/blog/move-introduction/</link><guid isPermaLink="true">https://osec.io/blog/move-introduction/</guid><description>What actually makes Move secure? A discussion of Move’s typing system and formal verification.</description><pubDate>Tue, 06 Sep 2022 00:00:00 GMT</pubDate></item><item><title>Reverse engineering Solana with Binary Ninja</title><link>https://osec.io/blog/reverse-engineering-solana/</link><guid isPermaLink="true">https://osec.io/blog/reverse-engineering-solana/</guid><description>An introduction to our open-source Binary Ninja plugin for blackbox Solana program analysis along with an executive reference to the Solana runtime.</description><pubDate>Sat, 27 Aug 2022 00:00:00 GMT</pubDate></item><item><title>The story of the curious rent thief</title><link>https://osec.io/blog/solend-rent-thief/</link><guid isPermaLink="true">https://osec.io/blog/solend-rent-thief/</guid><description>A tale of pickpockets preying on the Solana ecosystem. Read our investigation into the persistent theft of rent from uninitialized accounts. This is the story of the Solend rent thief.</description><pubDate>Fri, 19 Aug 2022 00:00:00 GMT</pubDate></item><item><title>Becoming a millionaire, 0.000150 BTC at a time</title><link>https://osec.io/blog/spl-swap-rounding/</link><guid isPermaLink="true">https://osec.io/blog/spl-swap-rounding/</guid><description>How we discovered a critical issue in Solana’s stable swap implementation. A story about arbitrage and rounding.</description><pubDate>Tue, 26 Apr 2022 00:00:00 GMT</pubDate></item><item><title>Solana: an auditor’s introduction</title><link>https://osec.io/blog/solana-security-intro/</link><guid isPermaLink="true">https://osec.io/blog/solana-security-intro/</guid><description>A security-focused introduction to Solana, exploring the underlying runtime environment, security boundaries, and implications. An important resource for all developers who want to write more secure code.</description><pubDate>Mon, 14 Mar 2022 00:00:00 GMT</pubDate></item><item><title>The $200m bluff: cheating oracles on Solana</title><link>https://osec.io/blog/lp-token-oracle-manipulation/</link><guid isPermaLink="true">https://osec.io/blog/lp-token-oracle-manipulation/</guid><description>How we fooled oracles to beat the house. An exploration into liquidity tokens and oracle price manipulation.</description><pubDate>Wed, 16 Feb 2022 00:00:00 GMT</pubDate></item></channel></rss>