How ✨I found a critical vulnerability✨ in $zora's ERC20Z contract via a little known Uniswap v3/v4 property When Zora put out this article: zora.co/writings/oncha… outlining their new protocol, I was intrigued and had to learn more From a high level, the system works by

Nice Uni v3 integration issue! I've found a similar one some months ago You can easily alter the price of a v3 pool that has no liquidity, via a swap You can then even add single-sided liquidity to prevent anyone from correcting the price github.com/code-423n4/202…

Multi-Chains Audit Smart Contracts Checklist : github.com/0xJuancito/mul…

Both deposit() functions use Solady's SafeTransferLib to handle token transfers. However, Solady's SafeTransferLib does not check if the token address is actually a contract. 🪐 If safeTransferFrom() is called on an address with no code (i.e., an address that is not a contract

Obscure auditing tool day: Pyrometer is a static analysis program that parses solidity code and builds up constraints and relationships between variables as it goes. This allows you to see what possible values variables could hold, or see how data changes code paths.

SIR (🦍^🎩) The root cause lies in the transient storage collision in the uniswapV3SwapCallback function, which uses slot 1 both for the Uniswap pool address and the minted token amount. The attacker initialized a malicious vault and manipulated the minted amount to exactly equal a