All our latest Blogpost and News about Ethereum & EVM Security!
EVM Security Insights from Zer0Con 2025 At Zer0Con 2025, the FuzzingLabs team, Mathieu Hoste and Bryton Bernard, delivered an engaging and insightful presentation on one of the most critical aspects of Ethereum’s security: the vulnerabilities within the Ethereum Virtual Machine (EVM). In our session, titled “Ethereum’s Achilles’ Heel: Attacking and Fuzzing EVMs for Fun (and…
HTB UNIVERSITY Writeup Solidity Shenanigans: Hacking StarGazer in HTB CTF In mid-December, our school team, Phreaks 2600, participated in the HTB University CTF. Among the challenges featured in the competition was one titled “StarGazer,” classified as the Hard challenge of the Blockchain category. This challenge focused on Solidity and explored the concepts of UUPSUpgradeable and…
Story / Security Assessment Completed Strengthening Blockchain-Based IP Management At FuzzingLabs we recently completed a comprehensive security assessment of Story, a decentralized network that aims to revolutionize intellectual property (IP) management. This audit was undertaken to ensure the security and resilience of its blockchain-based infrastructure, smart contracts, and consensus mechanisms. Below, we provide an overview…
Uncovering a Subtle Bug in Ethereum Virtual Machine (EVM) The Case of Arithmetic Negating Zero Our team at FuzzingLabs has been auditing the Ethereum Virtual Machine (EVM) implementation by LambdaClass. Throughout the audit, we’ve identified several vulnerabilities, but in this post, we’ll focus on one particularly interesting issue involving the SDIV operation and its handling…
$100,000 in Bug Bounty 💸 by learning Smart Contract Auditing from CODE4RENA Reports! How to become an Ethereum/Solidity smart contract auditor? Where to start? How to improve your smart contract auditing process? Which tool to use? The paper analyzed in this video: “Demystifying Exploitable Bugs in Smart Contracts” is a compilation of all the findings…
Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge – Blockchain Security In this video, I will show the basis of running and customizing Foundry/Forge to fuzz an Ethereum smart contract in Solidity. I will also mention “Invariant testing” implementation in Foundry fuzzing compare to Echidna.https://youtu.be/2bTmB3cwhxs You will get access of the complete tutorial with source code, cheat sheet…
State of the Art of Ethereum Smart Contract Fuzzing in 2022 [EthCC5] Fuzzing is known as one of the most efficient techniques to find bugs in software. Sadly, when dealing with Ethereum smart contracts, the number of fuzzers and documentation available is really limited. During this talk, we will explain why fuzz testing EVM smart…
Solidity/Ethereum Smart Contract Audit using SlitherBlockchain Security In this video, I will show how to audit and find vulnerabilities inside an Ethereum smart contract written in Solidity using Slither, one of the best EVM smart contract analysis tools. https://youtu.be/s3FL5caAy5w You will get access of the complete tutorial with source code, cheat sheet and or complete…
Ethereum Smart Contract Reverse Engineering &EVM Disassembly Today I’m showing how EVM disassembly works and how to reconstruct the control flow graph (CFG) of an Ethereum smart contract when you only have access to the bytecode (closed-source). It’s really useful when you’re looking to analyze in-depth a contract at the EVM bytecode level. https://youtu.be/I6VDBvX9Pkw You…
Beaconfuzz – A Journey into Ethereum 2.0 Blockchain Fuzzing and Vulnerability Discovery @ OffensiveCon 2022 Abstract This talk is about our journey and step-by-step process into fuzzing Ethereum 2.0 implementations software. We will start with a brief introduction to Ethereum 2.0 specification and ecosystem. Then, we will explain the architecture of this type of software…
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |