Zero-knowledge circuits fail when constraints are incomplete. Under-constraining lets attackers generate “valid” proofs for invalid statements. This flaw has broken real systems. Here is how it happens and how to prevent it. https://t.co/1M6aRPIk6C

https://t.co/JHlvcx56V0

Not sure if your smart contract is prone to randomness vulnerability? Our team at NethermindSecurity can help you with smart contract audits and real-time monitoring. Book a consultation and let’s discuss your security needs:

How can we solve weak randomness? The typical solution is to use an oracle network. You can use trusted oracles like the Chainlink VRF to get verifiable random numbers.

Take the case of the Ethernaut coin flip contract. If the contract uses blockhash(block.number - 1) to generate a random outcome, an attacker can simply see that hash, compute the result in advance, and always “guess” correctly.

The problem with these parameters is that blockchain data like block hashes and timestamps are deterministic. This means they can be known in advance. And for any system that relies on true randomness, predictability is the enemy.

What can cause weak randomness? - Using blockhash for randomness - Using block timestamp for randomness - Using block number for randomness - Using parameters like block difficulty or gas

Weak randomness becomes a problem when developers assume that using public blockchain data like blockhash or timestamp is sufficient for randomness. It’s easy, right? But here’s the catch: it’s also easy for an attacker to predict. Once they know your “random” value, they

What happens if the randomness in your smart contract isn’t so…random? In blockchain, randomness is essential for outcomes that need to be unpredictable like minting NFTs from a new collection or guessing a bet. Let’s talk about weak randomness and how it can leave your smart

TYPED was insane. Thanks to everyone who made it happen. 💥

https://t.co/dX2ozm39En

Excited to have this partnership

We are proud to support Origin Protocol and $OETH through security services 🔥

Security is the foundation of every reliable system. We've partnered with @gateway_eth to bring our full-stack audits and formal verification directly into Gateway Apps - the same services used across leading rollups, ZK systems, and L1/L2 protocols. Learn more 👇

🌟 @Nethermind has just passed the RPC compatibility tests! We’re happy to help if you’re considering Nethermind for RPC. Shortly after Fusaka, we’re planning a bigger release for RPC. Regarding the remaining three tests, we believe our responses are correct, and it seems the

https://t.co/tiXT1vMnJb is partnering with @NethermindSec to bring advanced audits and formal verification services directly into Gateway Apps. Nethermind Security covers smart contracts, rollups, ZK systems, and the full off-chain stack (relayers, oracles, sequencers, provers)

DevConnect 🇦🇷 wrapped last week, and Buenos Aires absolutely delivered. Infra by day. Side-events by night. Ideas everywhere. Coffee never enough ☕️ 💥Huge shout-out to the friends, partners, and absolute legends we crossed paths withb at @EFDevcon: @SmarDex @ethereum

At ZKConnect, @JulekSU spoke about why formally verified zkVMs will be critical as L1 proving secures more of Ethereum. Around the event our team met with many zkVM projects to dig into correctness. If you want to talk formal verification after Devconnect, get in touch.

Thanks for the invite @HypernativeLabs @NethermindSec. Very relevant topics, and one clear takeaway: smart contracts and on-chain protocols are getting safer with on-chain proactive monitoring, bug bounties and multi-round audits, but most hacks still hit the infra around them.