DOS in DeFi Liquidity Pools: The Initialization Vulnerability
| | |

DOS in DeFi Liquidity Pools: The Initialization Vulnerability

ByNabih Benazzouz

Denial Of Service in DeFi Liquidity Pools The Initialization Vulnerability Decentralized Exchanges (DEXs) have become a cornerstone of the DeFi ecosystem, processing billions in daily trading volume. However, during our recent security research at FuzzingLabs we uncovered a subtle yet significant vulnerability pattern that affects multiple DEX implementations. This vulnerability allows malicious actors to effectively…

Sponge Trouble: When Poseidon Gets Absorbed in Its Own Bugs
| | | | |

Sponge Trouble: When Poseidon Gets Absorbed in Its Own Bugs

ByNabih Benazzouz

Poseidon Sponge Bugs in ArkWorks Avoiding Cryptographic Failures in Hashing We found two subtle yet impactful bugs in the ArkWorks library’s implementation of the Poseidon Sponge. This discovery highlights the complexity and precision required in cryptographic implementations. In this article, we’ll first explain what Poseidon Sponge is, how it works, and then delve into the…

Uncovering a Subtle Bug in EVM Arithmetic: The Case of Negating Zero
| | | |

Uncovering a Subtle Bug in EVM Arithmetic: The Case of Negating Zero

ByNabih Benazzouz

Uncovering a Subtle Bug in Ethereum Virtual Machine (EVM) The Case of Arithmetic Negating Zero Our team at FuzzingLabs has been auditing the Ethereum Virtual Machine (EVM) implementation by LambdaClass. Throughout the audit, we’ve identified several vulnerabilities, but in this post, we’ll focus on one particularly interesting issue involving the SDIV operation and its handling…

revival attacks solana programs vulnerability smart contarct
| | | | |

Revival Attacks on Solana Programs Explained

ByPatrick Ventuzelo

Solana Vulnerability Explained Revival attacks on Solana programs As the blockchain world expands, Solana has stepped into the spotlight as a compelling alternative to Ethereum. But behind its lightning-fast transactions and low fees lies a hidden world of unique security challenges. One such vulnerability that we frequently encounter during our security audits on the Solana…

fuzzing fuzz testing rust rustlang library patrick ventuzelo libfuzzer cargofuzz fuzzinglabs honggfuzz libafl cargo-libafl
| |

Rust Fuzzing using cargo-libafl (LibAFL-based fuzzer)

ByPatrick Ventuzelo

Fuzzing Rust using cargo-libafl (LibAFL-based fuzzer) In this video, we are testing cargo-libafl, the new LibAFL-based fuzzer for Rust fuzzing. This new cargo utility is a replacement for (and a fork of) cargo-fuzz to use a LibAFL-based fuzzer instead of libfuzzer. Let’s see how it performs compare to libfuzzer. https://youtu.be/0gpGA80DA0s NOTES You will get access…

rust rustlang security books rustaceans rust programming language cargo cargo fuzz clippy
|

Top 6 Books to learn the Rust Programming Language in 2022

ByPatrick Ventuzelo

Top 6 Books to learn RustThe Rust Programming Language in 2022 In this video, I’m sharing with you my favorite books to learn Rust whatever if you’re a beginner or an advanced/experimented user! Some of those resources are fully available online for free and are real game-changers in your journey to learn the rust programming…