Understanding Agents: Code Coverage for Coding Agents
When an agent audits your codebase, a common question is: what did it actually read and with what intent? Current tools don't answer that. We built a prototype and open-sourced it.
Blog
Security research and insights from the Asymmetric Research team.
Featured
Introducing STRIDE: A Security Program for the Solana Ecosystem
With support from Solana Foundation, we're launching STRIDE, a comprehensive security program that sets clear standards for ecosystem projects.
Featured
Solana Vulnerabilities That Aren’t: Unpacking Common Misreports
The most persistent security misinformation doesn't come from obscure corners of the internet, but from official docs, learning resources, and popular LLMs. Learn about the Solana vulnerabilities that aren't, and why they keep spreading.
Latest
Understanding Agents: Code Coverage for Coding Agents
When an agent audits your codebase, a common question is: what did it actually read and with what intent? Current tools don't answer that. We built a prototype and open-sourced it.
Introducing STRIDE: A Security Program for the Solana Ecosystem
With support from Solana Foundation, we're launching STRIDE, a comprehensive security program that sets clear standards for ecosystem projects.
Featured
Solana Vulnerabilities That Aren’t: Unpacking Common Misreports
The most persistent security misinformation doesn't come from obscure corners of the internet, but from official docs, learning resources, and popular LLMs. Learn about the Solana vulnerabilities that aren't, and why they keep spreading.
DoubleZero Mainnet Launch
With the launch of DoubleZero’s mainnet, we’re grateful to celebrate alongside our Cohort 0 partners. This milestone strengthens
Research
·
Wrong Offset: Bypassing Signature Verification in Relay
Relay Protocol's contracts trusted Ed25519 verification without validating offsets, opening the door to forged allocator signatures and potential double-spends. Learn about the bug, the risks it posed to cross-chain liquidity, and how the issue was addressed.
Research
·
Threat Contained: marginfi Flash Loan Vulnerability
A new instruction broke the flash loan logic, creating a way to borrow without repaying and putting $160M at risk. We explain the vulnerability, potential impact, and how it was fixed.
Behind the Scenes of a Blocked Phishing Attempt
An attacker posing as a well-known web3 founder messaged one of our engineers via Telegram. Rather than ignoring the attempt, we isolated and analyzed the payload in a controlled environment, turning a live phishing attempt into a learning opportunity.
Boredom Over Beauty: Why Code Quality is Code Security
Some of the most devastating vulnerabilities stem from complexity, inconsistency, and chaos. This post explains why predictable, well-formed code is the foundation of security.
Research
·
Finding Fractures: An Intro to Differential Fuzzing in Rust
In the year 2050, a malformed JSON input lead to the complete shutdown of the Replicant P2P network. Today, we'll reproduce this bug class in ~100 lines of code.
Research
·
Invocation Security: Navigating Vulnerabilities in Solana CPIs
Cross-program invocation (CPI) is the mechanism on Solana through which one program calls another. It's used for system instruction calls, SPL token transfers, custom program execution, and even event emissions, making it a core part of writing functional programs in Solana.
Research
·
Corrupt Commitments: Proposer Equivocation Bug in Helix MEV Relay
This blogpost details a vulnerability identified in Titan's Helix MEV Relay which could be abused by trusted proposers to perform equivocation attacks, during which private transaction information is prematurely revealed, leading to potential transaction reordering.
Research
·
Ghost in the Block: Ethereum Consensus Vulnerability
In this blog post, we will show how a small difference in SSZ deserialization between the Prysm and Lighthouse clients could have allowed an attacker to severely degrade Ethereum consensus.