Story Security Assessment Completed
| | | | |

Story Security Assessment Completed

Story / Security Assessment Completed Strengthening Blockchain-Based IP Management At FuzzingLabs we recently completed a comprehensive security assessment of Story, a decentralized network that aims to revolutionize intellectual property (IP) management. This audit was undertaken to ensure the security and resilience of its blockchain-based infrastructure, smart contracts, and consensus mechanisms. Below, we provide an overview…

DOS in DeFi Liquidity Pools: The Initialization Vulnerability
| | |

DOS in DeFi Liquidity Pools: The Initialization Vulnerability

Denial Of Service in DeFi Liquidity Pools The Initialization Vulnerability Decentralized Exchanges (DEXs) have become a cornerstone of the DeFi ecosystem, processing billions in daily trading volume. However, during our recent security research at FuzzingLabs we uncovered a subtle yet significant vulnerability pattern that affects multiple DEX implementations. This vulnerability allows malicious actors to effectively…

offensivecon 2025 browser fuzzing binary gecko
| | | | |

OffensiveCon 2025 – Practical Browser Fuzzing On-site Training

OffensiveCon 2025 – Training Announcement Practical Web Browser Fuzzing Training Kickstart your journey into the intricate world of web browser fuzzing at OffensiveCon 2025! This exclusive training, led by experts Patrick Ventuzelo and Tanguy Duhamel, is your opportunity to master advanced fuzzing techniques and uncover vulnerabilities in some of the most widely used software globally….

GreHack CTF – Casting reverse challenge into cryptanalysis challenge​
| |

GreHack CTF – Casting reverse challenge into cryptanalysis challenge​

Grehack ctf WRITEUP Casting reverse challenge into cryptanalysis challenge In mid-November, I participated in the GreHack CTF with my team (Phreaks 2600), and the challenge I will present was one of the problems featured in the competition. Interestingly, only two other teams managed to solve it, this makes it a particularly intriguing challenge, categorized under…

Sponge Trouble: When Poseidon Gets Absorbed in Its Own Bugs
| | | | |

Sponge Trouble: When Poseidon Gets Absorbed in Its Own Bugs

Poseidon Sponge Bugs in ArkWorks Avoiding Cryptographic Failures in Hashing We found two subtle yet impactful bugs in the ArkWorks library’s implementation of the Poseidon Sponge. This discovery highlights the complexity and precision required in cryptographic implementations. In this article, we’ll first explain what Poseidon Sponge is, how it works, and then delve into the…

Uncovering a Subtle Bug in EVM Arithmetic: The Case of Negating Zero
| | | |

Uncovering a Subtle Bug in EVM Arithmetic: The Case of Negating Zero

Uncovering a Subtle Bug in Ethereum Virtual Machine (EVM) The Case of Arithmetic Negating Zero Our team at FuzzingLabs has been auditing the Ethereum Virtual Machine (EVM) implementation by LambdaClass. Throughout the audit, we’ve identified several vulnerabilities, but in this post, we’ll focus on one particularly interesting issue involving the SDIV operation and its handling…

cairo smart contract vulnerability starknet sierra starkware l1 l2 thoth
| |

Top Vulnerabilities in Cairo Smart Contracts: Detection and Remediation

Top 4 Vulnerabilities in Cairo/Starknet Smart Contracts Detection and Remediation What is Cairo ? In 2021, StarkWare introduced Cairo, a programming language designed for creating provable programs using zero-knowledge proofs. It serves as the smart contract language for Starknet, a layer-2 blockchain built on top of Ethereum. This article explores some of the most common…

revival attacks solana programs vulnerability smart contarct
| | | | |

Revival Attacks on Solana Programs Explained

Solana Vulnerability Explained Revival attacks on Solana programs As the blockchain world expands, Solana has stepped into the spotlight as a compelling alternative to Ethereum. But behind its lightning-fast transactions and low fees lies a hidden world of unique security challenges. One such vulnerability that we frequently encounter during our security audits on the Solana…

gnark zkp consensus OOM cryptography
| | | |

Uncovering an Out of Memory Vulnerability in Gnark: How We Discovered CVE-2024-50354

Uncovering an Out of Memory Vulnerability in Gnark How We Discovered CVE-2024-50354 Last month (october 2024), LambdaClass and Fuzzinglabs teams discovered an Out of Memory (OOM) vulnerability within the Gnark library, one of the most popular Go library for zk-SNARKS. During the deserialization of Verifying Keys, we can trigger a fatal error that can lead…

aligned layer fuzzinglabs security audit bugs vulnerability eigen layer assessment
| | |

Aligned Layer Security Assessment Completed

SECURING THE FUTURE OF ZK PROOFS & ETHEREUM SCALABILITY In-Depth Audit of Aligned Layer’s Smart Contracts and Batch Processing At FuzzingLabs, we recently completed a comprehensive security audit of Aligned Layer, a decentralized network designed to provide fast, efficient, and low-cost verification of zero-knowledge (ZK) and validity proofs on the Ethereum blockchain. This post summarizes the key…