Liquidation is the safety valve of DeFi lending. When it fails, protocols become insolvent. Here's how liquidation works, what goes wrong, and how to audit it.
The recurring security issues that appear in almost every DeFi protocol we audit — from price oracle manipulation to flash loan attacks.
File upload features are one of the most dangerous attack surfaces in web applications. Here's how attackers abuse them — and how to build uploads that are actually safe.
Reentrancy caused the first major DeFi hack in 2016. A decade later, it's still happening — in new and surprising forms. Here's the full story.
Authentication is the front door to your application. Here are the bypass techniques attackers use — and the mistakes that make them possible.
Cross-site scripting has been on the OWASP Top 10 for over two decades. Here's why it persists, how it's evolving, and what actually stops it.
SQL injection was supposed to be a solved problem. ORMs, parameterized queries, WAFs — yet SQLi still appears in our audits. Here's how it's evolving.