Balancer ComposableStablePool was drained in a series of batchSwaps almost a week ago. Plenty of short writeups popped up — most miss the root cause or lack details. We wanted to figure it out and we wrote a full deep-dive along the way: https://t.co/YI0Wqy3qsN

Just posted my latest and biggest web3 scam investigation: Scam Telegram. Together with @__noided, @blackbigswan from @_SEAL_Org and @unvariant_io, I revealed a massive scam scheme targeting users of every single DeFi protocol out there. https://t.co/zID2EDI6EX

Run the tests and simulations yourself:

We traced the exact swap that killed the pool - amountOut = 17. That tiny number broke the invariant and dropped virtual_price by ~98%. One line in _swapGivenOut() made all the difference.

Most posts stop at “math issue in StableMath.” That’s not it. The real bug hid in how Balancer handled rate-based tokens (osETH, wstETH) — one rounding direction flipped the invariant upside down.

Fix pushed by @meter_io ⚡️ https://t.co/3EgE2YgAbc

Impact: Relayers do not receive their intended fee, while recipients receive more MTR than they should. Since relayers spend MTR to execute transactions and may be operated via automated scripts without per-transaction validation, this vulnerability could lead to a complete

Reentrancy in fee handling lets recipient steal relayer’s fee Found in the https://t.co/MxTpNRNJfm repository. In the PermitRouterV2._handleFee() and PermitRouter._handleFee() functions, there is a reentrancy vulnerability that allows malicious recipients to steal relayer’s

How we discovered a reentrancy vulnerability in @meter_io About two months ago, our automated scanner tool discovered a reentrancy in Meter’s fee handling that lets recipients steal relayer’s fees. The scanner combines static analysis with a set of reviews by llms,

You do realize that the stated goal of Worldcoin is to create a digital identity, a definition of humanity, through which they will gate-keep technological and financial services. You do realize that they control the keys to create said human definitions and that there is no

Here’s how we trained LLM to find reentrancy vulnerabilities in smart contracts: https://t.co/zCOa2vEeHe Our model outperformed major static analysis tools like Slither and Mythril and even helped find a couple of real-world cases🥩