Blog & Media
Security insights, audit findings, videos, and expert perspectives on blockchain and AI security.
PDA Seed Collision: How a Sequential Counter Affected Account Isolation on Solana
During a review of the TokenTable Solana Unlocker V2 program, we observed a scenario in which token allocations associated with cancelled accounts could be accessed in an unintended sequence, without requiring privileged permissions.
The Bug That Slipped: Stale Balance Accounting in YieldBasis (Sherlock Contest)
How a simple staleness issue in a gauge contract went unnoticed by professional auditing firms due to isolated audit scope.
Implementation and Security Pitfalls of LST on Hyperliquid
While LSTs on Hyperliquid open exciting opportunities for decentralised staking, they also introduce hidden technical and security pitfalls that can silently undermine a protocol if left unchecked.
The Bug That Could Prevent Withdrawal: Merkle Tree Corruption in a Cairo Privacy Mixer
A subtle edge condition in a Cairo-based privacy mixer caused the 1,025th deposit to silently corrupt the Merkle tree state, invalidating withdrawal proofs for earlier depositors without any on-chain error.
Zero to Hero: Hackathon Workshop at CTU Prague
CODESPECT co-hosted the first "Zero to Hero" hackathon workshop at ChainLab CTU. We helped students go from idea to MVP and start building for the Solana Colosseum Hackathon.
Security Workshop with La Familia
A hands-on security session covering how to prepare for a real audit, the most common mistakes in programs, and how to strengthen your project for Colosseum.
Talfao on Starknet Security
Watch Talfao present on Starknet security covering common vulnerabilities, audit insights, and best practices for building secure contracts on Starknet.
Ready to Secure Your Project?
Get a free 30-minute security assessment. We will review your codebase scope and flag the top 3 risk areas.
No commitment required. Typical audits start within 1–2 weeks.