Security Research & Vulnerability Disclosures

Original vulnerability research, responsible disclosures, and security publications from the team behind 200+ engagements and zero client exploits.

Mar 4, 2026

Tricking the Polygon bridge into withdrawals by forging transaction proofs

This is a disclosure of a vulnerability in the Polygon Plasma bridge. The vulnerability has been fixed since July 2024 and the fix has been pushed to the vulnerable library as well.

Feb 18, 2026

TSTORE Poison: The Solidity Compiler Bug That Silently Corrupts Storage

TL;DR -- A cache key collision in the Solidity compiler's via-ir code generator causes `delete` on transient variables to emit `sstore` instead of `tstore`, or conversely causes persistent `delete` to emit `tstore` instead of `sstore`. The direction depends on function selector ordering -- neither direction is safe.

The Ethereum Proximity Prize: Reed–Solomon Codes and MCA

Zero Knowledge

Sep 8, 2025

The Ethereum Proximity Prize: Reed–Solomon Codes and MCA

The Ethereum Foundation has launched a $1 million cryptography bounty to resolve the proximity gaps conjecture for Reed–Solomon codes. A bre...

One Ciphertext, Many Messages: SIMD operations in FHE

FHE

Jul 14, 2025

One Ciphertext, Many Messages: SIMD operations in FHE

Learn how modern FHE schemes achieve SIMD parallelism using cyclotomic ring structures, roots of unity, and the Chinese Remainder Theorem.

Security

Dec 3, 2025

Attacks on Threshold Schemes: Part 1

A technical guide to real-world attacks on threshold signature schemes. Explore implementation bugs like missing checks and proofs, wrong pa...