Contact

Maxwell Dulin

Latest

Research · Apr 23, 2025

Invocation Security: Navigating Vulnerabilities in Solana CPIs

Maxwell Dulin

Cross-program invocation (CPI) is the mechanism on Solana through which one program calls another. It's used for system instruction calls, SPL token transfers, custom program execution, and even event emissions, making it a core part of writing functional programs in Solana.

Research · Apr 16, 2024

Cosmos IBC Reentrancy Infinite Mint

Maxwell Dulin

This post discusses a vulnerability in ibc-go, a reference implementation of the Cosmos Inter-Blockchain Communication (IBC) protocol. A reentrancy vulnerability during the handling of timeout messages could have allowed an attacker to mint an infinite amount of IBC tokens on affected Cosmos chains.

Get The Latest

Subscribe to be notified whenever we publish new security research.