Dedaub
@dedaub
Followers
9K
Following
597
Media
212
Statuses
805
Security audits, static analysis, realtime threat monitoring https://t.co/UZhGss2vbL
Joined January 2021
The Cetus AMM @SuiNetwork hack of $200M stolen is due to a flawed overflow check. The attacker added massive liquidity with just 1 token by exploiting a bit truncation vulnerability in the AMM math. Full details below β.
10
32
165
The Dedaub team has disclosed a Critical vulnerability to the Uniswap team!. Funds are safe - Uniswap addressed the issue and redeployed the Universal Router smart contracts on all its chains π. The vulnerability allows re-entertrancy to drain the user's funds, mid-tx. π§΅
24
177
865
π¨ Euler suffered an attack. Analyzing 1 tx that shows an $8.9m+ return for the attacker. 1. Flash loan.2. Deposit 20m DAI.3. Mint 200m eDAI.4. Repay 10m DAI.5. Mint 200m eDAI.6. Donate 100m eDAI to reserves.7. Liquidate yourself for 259m eDAI yields 38.9m DAI.8. Close flashloan
12
106
467
Cetus AMM on the @SuiNetwork has suffered a catastrophic ~$200M hackπ¨. Root cause: an arithmetic overflow in the liquidity calculation that allowed an attacker to withdraw astronomical amounts of tokens from a small liquidity position. How did they pull this off? π§΅
26
98
480
Following a serious vulnerability disclosed by our team, Uniswap redeployed one of the main contracts on Ethereum at Block 16075466. The contract, UniversalRouter, was also redeployed on all chains β». The vulnerability could drain user's funds between actions & led to a bounty!
16
78
442
Heads up: the Dedaub team has discovered a Solidity compiler bug impacting a *large* number of smart contracts. The bug results in up to 90% of the deployed bytecode being "dead code", significantly increasing gas costs when deploying and operating smart contracts. 𧡠π
21
75
336
π We've just released a *killer* feature for security researchers - storage browsing for smart contracts. You can now browse private variables, or navigate complex, nested, data structures using the current blockchain state.
13
61
302
Getting to the bottom of the "34 billion" Poly network hack with a technical postmortem. TL ; DR. Poly network had a simple 3 of 4 multisig arrangement over 2 years!. Looking at the final event we found that the private keys to the addresses marked were compromised.
28
68
277
We'll be releasing technical postmortem for the Multichain vulnerability, which we reported. But first, *REVOKE* YOUR APPROVALS β οΈ.
6
19
217
BREAKING: Computing students arrested for *disclosing* a vulnerability in a Web2 app. This happened in Malta, very recently. Our team reached out and helped:.- Two of them have been hired.- We're covering their legal.- Engaging in discussions with authorities
11
34
254
The Dedaub team has discovered a Solidity compiler bug that breaks equality, with functions. The bug has been confirmed and is expected to be fixed in Solidity 0.9. Let's deep-dive into the mechanics behind this bug, function compilation, and how it's being fixed. π§΅
2
56
230
π¨ BREAKING: Our team reported a *critical* issue on Bedrock protocol. The issue was exploited some hours later, but damage was contained. Vulnerability was in minting uniBTC, a ~$75m asset (on Ethereum alone, plus much more on 8+ other chains). Details below!
5
19
233
A number of Comp forks have been hacked, chiefly Hundred Finance. @compoundfinance V2 forks, satisfying conditions, e.g., cToken.totalSupply == 0, can be drained. However, no active protocols on @FantomFDN are affected. We verified this hours after the original attack w/Watchdog
9
46
204
Next version of Ethereum will "remove" SELFDESTRUCT, allowing a future transition to Verkle trees. The Ethereum team asked us to establish :-. "To what extent will this break existing protocols?". What did we find out?. Does @ethereum have a solution? Yes!. π§΅ππΏ
7
51
202
A few days ago we disclosed one of the largest vulnerabilities. Ever. The disclosure helped protect @MultichainOrg and @FantomFDN . Learn all about it in our article.
6
51
199
𧡠Clearing up misconceptions about the $260M Cetus hack on Sui Network. β NOT an oracle issue (despite what the team initially claimed). β NOT about minting fake tokens (some security firms got this wrong). β
A math bug in a "multiplication" operation. Let's explain.
10
29
210
β Developers moving from Ethereum to Solana often carry over assumptions that can mislead them. β οΈ If you're moving from Ethereum to Solana, you may miss essential security checks. We outline the most common mistakes in this article π
4
4
187
The root cause of the thirdweb vulnerability is that 2 independent OpenZeppelin libraries *ERC2771 & Multicall* interact badly, when combined. π This allows spoofing the _msgSender() with all sorts of access control issues, including LOSS of fundsβ. π§΅.
7
48
173
We found a stealth "backdoor" regularly draining ETH from staking project Tenderize. Onβchain evidence:. 7βAprβ2025 07:56Β UTC β TxΒ 0xC4CB. β proxyUpgrade(impl=<ContractWithBackdoor>). β‘ skim() β 7Β ETH . β’ proxyUpgrade(impl=<CleanContract>). Then withdraw via CeX (Kraken)
6
26
161
Future Ethereum will be using Verkle trees, which have significant cryptographic advantages. In a study (2021) we did for the Ethereum team, the changes to gas metering increase gas by 26% on average (sometimes a lot more). Why?. Is it worth it?. Can we mitigate this? π§΅ππΏ
2
23
118
Starting today, the largest projects deploying on Fantom got a powerful layer of security - Watchdog. Why is this important? Cont. ππ»
11
26
114
Watchdog analyses operate on the actual bytecode of contracts (via decompilation as seen here). As a result, compiler bugs can also be caught by these analyses. Yesterday's @CurveFinance hack could have been prevented had a cross-reentrancy analysis on this codebase been run
1
10
107
We're excited to announce that @coinbase has engaged Dedaub as a security services provider for core contracts on Base. We look forward to further secure this fast-growing ecosystem. Congrats on a successful launch and opening @BuildOnBase mainnet to everyone!
5
17
94
TL ; DR π. The @TeamUnibot hack would have been prevented, for very little effort, had they checked the analysis warnings produced by Watchdog. Vulnerability was flagged 3 full days before hack / 10 minutes after deployment. Source code not required.
2
13
98
π We've just completed an audit of @illuminexswap for @OasisProtocol.IllumineX is a privacy-preserving protocol performing cross-chain exchanges. It runs on Oasis Sapphire, a confidential EVM-based network that leverages Trusted Execution Environments.
5
15
83
π Big news! . Weβre excited to partner with @Immunefi on Magnus, the fully-integrated SecOps command center for onchain security. More on this partnership here: .#ImmunefiMagnus
2
7
79
πDecompile to Yul!. New feature on Contract Library. Why Yul?. As a standard IR of Solidity (and inline assembly language), you can reverse engineer opaque smart contracts in more ways. Here's a few more advantagesβ¬οΈ
5
17
91
β οΈ >$1B hack PoC. Last year our team discovered a novel smart contract attack vector: Phantom functions. We applied this vector to Multichain, with a PoC that enabled any 3rd party user to transfer all approved WETH to them (largest hack by $ value)!. (Permit2 fixes it). π§΅β¬οΈ
0
8
88
An theoretical but novel reentrancy attack vector is enabled by the Dencun Ethereum fork, due to EIP-1153 (Transient Storage)!. Shown πis a fictitious exchange using temp storage for orders. The low cost of TSTORE allows state-changing reentrantant calls via Solidity's transfer
3
15
84
If you work with nodes on Ethereum or other EVM networks, you may have needed to extract storage contents for a contract. We do, all the time! If youβd like to see how it can be done over 100 times faster (!), read on. Full details in our blog post:
4
7
86
A new type of MEV participant (validator) has emerged that eats MEV bots. These deconstruct bundles, replace txs with their own for profit E.g.,. 1. User's swaps WETH for STG.2. Bot π₯ͺ (1), by 1st inflating STG's price.3. Validator *replaces* (1) with opposite swap for profit β¬οΈ
1
13
78
Here at Dedaub, we aim to help DeFi projects launch without critical vulnerabilities. Weβre thrilled to establish a channel partnership with @chainlinklabs to help support the Chainlink Build program with Web3 security technologies and comprehensive audits.
1
10
78
MoonHacker, a project built on top of Moonwell on Optimism, got hacked for ~$300K. The attacker abused an Unchecked FlashLoan Callback & an Unrestricted Approve Proxy. As in previous occasions, our monitoring tools flagged these issues days before with high confidence.
4
8
78
Dedaub's transation debugger π on Contract Library is one of the most advanced debuggers for EVM chains. Originally developed to reverse-engineer complex hacks after none of the debuggers we tried worked. It still feels much faster than other mainstream debuggers on large txs
2
18
74
We are excited to be selected as @OasisProtocol Sapphire's preferred security partner. At Dedaub, we are committed to strengthening the security of projects like Sapphire's, utilizing our expertise in DeFi, privacy-preserving protocols, and advanced cryptography.
1
13
67
Couldn't agree more, @Chainlink! Security is non-negotiable in the Web3 spaceπ. We're proud to be working with projects like Chainlink that set high standards for security π€. Looking forward to meeting like-minded teams at #SmartCon 2023!.
All Web3 projects need to put security first. Meet @dedaub at #SmartCon 2023 and learn how their auditing solutions help secure some of the most reliable Web3 protocols in the industry. Sign up nowπ.
1
8
63
The Dedaub team, in a study for the EF in 2021, identified an exhaustive list of contracts that were easier to exploit with **EIP-3074**. Included in the list where development contracts in Compound, 1inch & SushiSwap. Nowadays, this is much less of a concern. Let's see why β¬οΈ
1
12
61
Five (5) lines of code in one file that would have led to the draining an entire ecosystem of protocols through the Multichain bridge. Over a USD 1B of WETH was available to be transferred due to βPhantom Functionsβ. Co-founder Yannis Smaragdakis at @TheTrustX @EFDevconnect
1
5
61
Our team previously found a Solidity compiler bug that can cause up to 90% of the code being "dead code" (bloat). It affects the majority of contracts using libraries recently deployed on all EVM chains. This has been fixed in Solc 0.8.19!
1
5
51
As part of the disclosure in their bug bounty program we advised the team to add a reentrancy lock, and redeploy. This modification was swiftly implemented before mass adoption of the UniversalRouter took place. A bug bounty was also paid out.
5
1
56
The attack sequence (simplified):. 1. Flash swap 10B+ haSUI (with max slippage).2. Open LP at "extreme" tick range .3. Add dust amount of liquidity.4. Remove liquidity β triggers overflow β receive massive tokens.5. Repay flash loan, keep profits.
1
4
57
Remember the very interesting Binance bridge hack? This led to $560m in funds lost, and BNB chain paused!. A day later we had pinpoited its root cause - an obscure issue in a Merkle proof verifier (see codeβ¬οΈ). [Other security researchers produced a PoC, which helped our
2
8
53
π¨Ongoing critical vulnerability and call to action π¨. Thousands of live smart contracts are affected!. On supported chains, check below to see whether your smart contract is affected by the recent "thirdweb" vulnerability. 1) Go to 2) Navigate to your
1
4
49
Announcing the integration of Contract Library ( with the following chains:. @arbitrum .@BuildOnBase .@FantomFDN .@ethereum . Coming soon: @optimismFND & @avax. Contract Library is a code explorer offering unique & indispensable features such as: (see π§΅)
4
7
43
~39 hours ago our security analysts got alerted of a terrible hack on Euler. We likely got alerted before the Euler team. Given the significance, we analyzed the attack in detail and posted on twitter. Below is a shot of our advanced monitoring solution: Watchdog. (w/redactions)
3
3
42
EVM log decoding is trickier than it seems! When an event is emitted, like Transfer(address from, address to, uint256 value), we can know for sure which event it was, but not for which parameters, even with the full binary data of the event!.
2
2
44
Recently, a client asked us about an observed @CurveFinance anomaly: when there is a buy order for an asset, the price *after* the buy can be *lower* than the price *before*. (And similar for sell/higher price.) How is this possible? Buying should raise the price, right? (1/15).
2
11
39
The attack wasn't complex - no logic bugs exploited.- Attacker used keys to sign proof that they're owed BNB.- The total realized gain for the attacker is ~$5.5m.- Poly was previously exploited for $600m by Lazarus group.- Post-attack, it took Poly *7 hrs* to pause the protocol.
5
2
39
A while back, Curve advertised a method to price crypto LP tokens for third party protocols. Code: We now know that this has two serious issues:.1) Internal oracle manipulation.2) Read-only reentrancy, in some variants. π§΅π
1
7
38
Poly chain hack technical postmortem explains how the signature scheme of the cross-chain bridge was used as intended in smart contract Merkle verifier. It is presumed the keeper private keys were compromised (or misused).
3
9
37
In DeFi, edge cases aren't edge cases - they're attack vectors. AMMs are particularly vulnerable as they involve complex mathematical operations across extreme ranges. Contact us if you need help securing an @Aptos or @SuiNetwork project.
1
1
41
Lessons learned:. Clearly, your protocol's security should not be dependent on 3 EOAs. Poly's response solution was too slow (7 hours). In contrast, Dedaub Watchdog can detect these kinds of malicious TXs in under 30s.
4
4
35
π¬Cut through the noise when browsing smart-contracts . At Dedaub, we spend a significant amount of time browsing and investigating Smart Contracts. Unfortunately, most verified smart contracts contain additional artifacts which don't affect the final Smart Contract π
2
6
34
We have found small functions in projects like @uniswap or @CurveFinance where the gas may increase by an order of magnitude. In our report, some recommendations are addressed to compiler engineers. There are lots of ways gas cost increases can be mitigated on future contracts.
4
3
34
Tornado Cash governance was hacked!. Summary and insights:.1. Attacker proposes seemingly legitimate proposal, but,.2. Executor has spiked "emergency stop" fn, *destroying* contract.3. Executor recreated.4. Votes pass, malicious proposal executed.5. (Next?) Pump TORN price & dump
3
6
33
Our team has successfully audited the EVM assembly implementation contract for EIP-4788. The contract stores the last few beacon block roots on #Ethereum - using ring buffers to manage data. Despite the small size, we found issues, which have now been resolved. Find out more π§΅π
2
4
35
This means that a ββ tiny amt of token is enough for the attacker to take over the entire LP. The developers did implement an "overflow check", but it merely merely checks that numerator < (2^256 - 2^192), so it doesn't work.
3
0
35
How can teams prevent this?. β
Safe arithmetic with overflow checks .β
Comprehensive testing of edge cases .β
Mathematical modeling of AMM invariants.β
Audit by teams experienced in DeFi edge cases. (Dedaub's Move team specializes in these).
4
0
35
π‘ Explore the logic of Smart Contract modifiers in our new post. Learn how a slight error in 'if (_msgSender() != owner() &&' can lead to significant system vulnerabilities. Important insights for Solidity programmers!
4
1
34
Update re: the Solidity compiler bug that's bloating deployments by including library functions only called in the constructor. Unsure if this affects your project?. We've released an update that can help you determine the bloat % on your contract β¬οΈ.
2
12
33
Let's delve into the @thestandard_io exploit that occurred on November 6th, 2023. It is an excellent opportunity to re-emphasize that protocols should use defensive checks/assertions at every point their code interacts with a DEX.
1
3
33
We independently verified the students acted responsibly before providing support. For more info:.
2
2
32
#Uniswap recently introduced the Universal Router. It unifies ERC20 and NFT swapping into a single swap router. Users can perform heterogenous actions, e.g., swapping multiple tokens and NFTs in one tx. This router embeds a scripting language for all sorts of token actions.
1
1
29
Learn how to use Dedaub's decompiled code view to analyze contracts without source code. The decompiled code offers function signatures and storage access, providing insights into contract behavior.
1
4
33
We advised the Uniswap team to add a reentrancy lock to the core execution of the new router, and redeploy. This modification was swiftly implemented, fixing the issue before the router gaining mass adoption:
1
2
28
How much of Solidity's generated code is junk?. On average, a third of the generated code can be removed, resulting in significant gas savings and increased network throughput. In some cases (esp. with π pattern) over 90% of the generated code is junk.
4
5
32
The attacker exploited arithmetic issues in the calculations of *adding* liquidity (sry). numerator = liquidity ββ * price_diff. This yields a number that exceeds 192-bits ββ, and when shifted further, overflows ββ
1
3
30
Great monitoring products can detect hacks instantly after they take place. However, static program analysis can detect bugs in the code, before deployment. The Penpie contract, hacked for $30M, was flagged by our tools with two *high-confidence* access vulnerabilities
1
2
30
We are proud to receive the generous, first-ever R bounty/Founders bounty (many thanks @RobertMCForster, @ArmorFi, and @immunefi) for the recent @PrimitiveFi vulnerability Disclosure.
0
6
26
Last November, #Uniswap introduced the Universal Router unifying all sorts of heterogenous actions & improving UX, e.g., swapping multiple tokens and NFTs atomicly. However, on some token transfers, the code can reenter the Router and claim any tokens temporarily in the contract.
4
0
28
We recently added a seemingly small but actually momentous feature to your favorite smart contract decompiler/analyzer, : βfind similarβ functionality over public functions.
1
3
25
The AzukiDAO project suffered a hack β οΈ. Root cause - there is no check in the contract to see if the request to claim funds is unique, so the message can be replayed multiple times to drain the contract. See them here: Also, checking that *signed*
1
4
27
There's more than meets the eye when it comes to the major Arbitrum outage last Friday π. Was it just a simple increase in traffic that caused a ~3h outage, or were there other contributing factors?. π Let's find out.
3
4
27
How can metamorphosis happen?. Q: Doesn't CREATE use the factory's nonce as part of entropy which determines new contract address?. A: SELFDESTRUCT instruction *resets* this nonce!. The contract factory for the malicious proposal was recreated using CREATE2 at predictable addr.
Explore Tornado Cash attacker's transactions here. Interestingly, how did attacker's contract get recreated at the same address, despite being created using the CREATE opcode?. More on that soon. .
1
0
26
This week, together with @drdr_zz and @wh01s7 of SecuRing, we tackled a backlog of warnings from the Dedaub Watchdog tool, notifying around 100 holders of vulnerable accounts, with some $80M in funds exposed. (@_trvalentine had earlier produced the PoC.).
2
7
23
Please revoke your approvals ASAP. Someone is exploiting this.
1/A critical vulnerability that affected 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) has been reported and fixed. All assets on both V2 Bridge and V3 Router are safe, and cross-chain transactions can be done safely. More infoπ.
2
12
24
β οΈ We are working hard (in collab with other researchers) to assess the impact of the new undisclosed thirdweb vulnerability to the entire ecosystem, using the Dedaub security analysis in Watchdog. Dedaub Watchdog can already scan your contract for this issue if you have access
3
3
26
π The popular Dedaub EVM bytecode decompiler now offers on-demand decompilation across any chain. Turn complex EVM bytecode into clear, Solidity-like code. Deep dive into Smart Contracts. π Get started
2
6
25
The issue (reported by Sifis), was discovered while using the Dedaub decompiler (Gigahorse). Since then, we confirmed that the bug affects tens of thousands of contracts. If your project uses Solidity (and libraries) it is likely affected.
1
1
24
@eulerfinance Root cause analysis π¬. The attacker's goal in the first 6 steps is to enter a position with a health factor as low as possible (underwater) but still escape liquidity checks. This is done 2 ways π
1
2
21
The @solidity_lang team will be disabling function pointer equality starting Solidity 0.9. We're not aware of any uses of function equality in known protocols. Fore more info:.
1
1
22
Just wrapped up an incredible team retreat in Athens Riviera! π Four days of innovation, collaboration, and strategizing for the future of DeFi security. Here's to elevating Dedaub's impact on the blockchain ecosystem! πͺ
0
1
22
π€© Honored to join SEAL 911 and excited for the opportunity to contribute to upcoming SEAL βοΈ Drills initiatives. Learn more π
1
3
22
Great news! Euler Finance Exploiter has returned a big chunk of the funds back to Euler Finance. More details soon β¬οΈ
3
6
23
Important: This is NOT a Move language issue!. Just like Solidity 0.8+, Move protects against overflows in +, -, *, / operations. But NO errors/panics when bit shifts truncate - this is expected. The issue? Devs implemented their own "safe" multiplication. unsafely π
3
1
24
(Announcement). We are working with @eigenlayer and are at advanced stages of finishing an audit covering important systems of EigenLayer, including:. - EigenDA, the first AVS (actively validated service).- EigenLayer middleware. Stay tuned for updates.
1
0
22
One part of the PoC was implemented below. The attacker also needs to implement code to reenter the router (calling execute) and sweep all token amounts. The router may contain funds mid-transaction due to other actions and transfers in a complex swap.
1
0
19
However, if third-party code is invoked at any point in the transfer (which manifests itself due to composition of protocols), the code can reenter the UniversalRouter and claim any tokens temporarily in the contract.
1
0
18
When implementing math functions, make sure it's audited (or avoid implementing custom math, lean on the programming language/battle-tested libraries). Fuzzing and/or formal methods can assist too. Deep dive:
1
1
22
We scanned the entire Ethereum chain for instances of this threat and warned other projects when applicable. Dedaub's got your back :).
0
0
20
E.g.,. 1) transfer an NFT.2) transfer the remaining funds. The receipient of the NFT can easily reenter UniversalRouter (between steps 1 & 2) by calling transfer or sweep inside its onERC721Received handler and drain the entire amount!.
1
0
18
Top tipπ‘ . Use the "simulate transaction" feature on Contract Library before running a governance proposal, or signing an important tx. E.g., Tornado Cash Proposal 20:.
2
2
20
One of the exploit txs was frontrun by a generalized frontrunner. On-chain negotiations between @CurveFinance deployer and frontrunner on the return of funds:
0
4
20
Such commands could include transfers to third party (potentially untrusted) recipients. In a correct implementation, such a transfer should send to the recipient only what the call parameters specify. And nothing more.
1
0
17
A few months ago, Curve promoted a technique for pricing crypto LP tokens for third-party protocols. Our analysis confirmed two pressing concerns:1) Internal oracle vulnerability 2) Read-only reentrancy risks, in specific casesπ Curve: Vyper_contract
1
0
17