rediscovery of the starknet zklend hack How Fuzzing Could Have Prevented the zkLend Hack The recent zkLend hack has stirred up significant discussion in the community, and today we’d like to share some insights from our deep dive into the vulnerability using fuzzing techniques at FuzzingLabs. Our investigation reveals that a simple fuzzing test could…
REcon 2025 – Training Announcement Reversing Modern Binaries: Practical Rust & Go Analysis Training Dive into the world of Rust and Golang reverse engineering at ReCon 2025! Join Daniel Frederic and Mathieu Hoste for this exclusive 4-day training. You will learn how to analyze binaries, tackle obfuscation, and reverse-engineer malware written in two of the…
REcon 2025 – Training Announcement Fuzzing Windows Userland Applications Training Master the art of uncovering vulnerabilities in Windows applications with our in-depth Windows Fuzzing training at ReCon 2025! This hands-on course will guide you through the fundamentals of fuzzing, advanced techniques like grammar-based and symbolic execution, and real-world applications targeting browsers, antivirus software, and more….
REcon 2025 – Training Announcement Rust Development for Cybersecurity Training Dive into the world of cutting-edge cybersecurity tools with our exclusive Rust Development for Cybersecurity Training! Led by experts Matthieu Christophe and Tanguy Duhamel, this hands-on program will equip you with advanced Rust techniques to build defensive and offensive security tools, unlocking your potential to…
Story / Security Assessment Completed Strengthening Blockchain-Based IP Management At FuzzingLabs we recently completed a comprehensive security assessment of Story, a decentralized network that aims to revolutionize intellectual property (IP) management. This audit was undertaken to ensure the security and resilience of its blockchain-based infrastructure, smart contracts, and consensus mechanisms. Below, we provide an overview…
Denial Of Service in DeFi Liquidity Pools The Initialization Vulnerability Decentralized Exchanges (DEXs) have become a cornerstone of the DeFi ecosystem, processing billions in daily trading volume. However, during our recent security research at FuzzingLabs we uncovered a subtle yet significant vulnerability pattern that affects multiple DEX implementations. This vulnerability allows malicious actors to effectively…
OffensiveCon 2025 – Training Announcement Practical Web Browser Fuzzing Training Kickstart your journey into the intricate world of web browser fuzzing at OffensiveCon 2025! This exclusive training, led by experts Patrick Ventuzelo and Tanguy Duhamel, is your opportunity to master advanced fuzzing techniques and uncover vulnerabilities in some of the most widely used software globally….
Grehack ctf WRITEUP Casting reverse challenge into cryptanalysis challenge In mid-November, I participated in the GreHack CTF with my team (Phreaks 2600), and the challenge I will present was one of the problems featured in the competition. Interestingly, only two other teams managed to solve it, this makes it a particularly intriguing challenge, categorized under…
Poseidon Sponge Bugs in ArkWorks Avoiding Cryptographic Failures in Hashing We found two subtle yet impactful bugs in the ArkWorks library’s implementation of the Poseidon Sponge. This discovery highlights the complexity and precision required in cryptographic implementations. In this article, we’ll first explain what Poseidon Sponge is, how it works, and then delve into the…
Uncovering a Subtle Bug in Ethereum Virtual Machine (EVM) The Case of Arithmetic Negating Zero Our team at FuzzingLabs has been auditing the Ethereum Virtual Machine (EVM) implementation by LambdaClass. Throughout the audit, we’ve identified several vulnerabilities, but in this post, we’ll focus on one particularly interesting issue involving the SDIV operation and its handling…
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |