9/ Full post: https://t.co/1dpmobtfJQ

8/ As DeFi math gets more complex, this line of defense becomes essential. Even if an unforeseen numerical subtlety slips through, the protocol should never enter a state that violates its economic invariants.

7/ If these checks fail, the transaction simply reverts, stopping unexpected numerical behavior before it becomes exploitable. Runtime enforcement, with carefully chosen thresholds and fallback controls, becomes a powerful safety net.

6/ So what’s the missing layer? Runtime enforcement. Two forms matter most: - enforcing precision for critical division operations - enforcing economic invariants (e.g., LP token value must not decrease)

5/ This suggests a broader class of numerical vulnerabilities — ones that traditional defenses only partially address.

4/ yETH followed a different path but echoed the same theme: A numerically tiny error becomes material when an attacker can force the system into fragile regions of its math.

3/ In Balancer’s case, a tiny rounding quirk only became dangerous when liquidity was temporarily collapsed. Batch-swap mechanics effectively enabled an LP-token flashloan, making those edge conditions reachable.

2/ The Balancer exploit alone drained >$120M. What’s striking is that both systems were viewed as “battle-tested.” But adversarial conditions pushed them into precision edge cases no one expected.

1/ Two major exploits — Balancer’s Composable Stable Pools and Yearn’s yETH — landed just weeks apart. Different code paths, but same pattern: subtle numerical behavior turning into real economic vulnerabilities.

Recent Balancer + yETH exploits share a common pattern: tiny numerical edge cases becoming real vulnerabilities. We outline the mechanics and argue for a missing defense: runtime checks on precision + invariants. This needs to be a first-class design requirement in DeFi.👇

Full post: https://t.co/1wNfQgV0gb

The future of DeFi security: Not “did we catch every bug?” but “can the system block unsafe behavior by design?” Core invariants + runtime guardrails = spec is law.

We’re excited to share our 2025 State of Crypto report. This year’s story: the maturation of the crypto industry — with growing institutional adoption, the rise of stablecoins, better infrastructure, new consumer experiences, and long-awaited regulatory clarity. Read the full

1/ Phishing attacks are evolving — and most people aren't ready. From fake Google alerts to malicious job offers, here are 6 real phishing strategies hackers are using right now… and how to protect yourself.

are you old enough to remember the post by @agfviggiano about emulating invariant testing using arrays of symbolic selectors? In halmos v0.3, you can now just write `invariant_` test functions, with no boilerplate and no bounding/clamping

Just finished a detailed in-depth writeup on catching complex vulnerabilities (including reentrancy and DoS) using halmos+halmos-helpers-lib symbolic testing that are tied to a malicious external contract on a real-world example. Details in🧵

Watch me run Halmos V0.3 in less than 10 seconds with Create Chimera App! The same codebase works with other great tools like Medusa and Foundry. Halmos works with our framework and extension with zero code changes!

halmos v0.3.0 release highlights! (quick reminder: halmos is a symbolic testing tool for EVM bytecode which interfaces nicely with foundry projects and supports multiple SMT solvers) 1. we (finally) added support for stateful invariant testing

love this work! 🫡

Plausible liveness => Accountable liveness!