Security Audits

Bypassing Smart Contract Timelocks

In this article, we look at a game theoretical attack against smart contract timelock systems that allows the beneficiary (i.e., the early ICO investor or the company founder)...

Exploiting Uniswap: from reentrancy to actual profit

Uniswap is a public, open-source protocol to exchange tokens in Ethereum. In Uniswap, there is a separate exchange contract for each token. While it was designed to seamlessly work with ERC20…

Technical Description of Critical Vulnerability in MakerDAO Governance

While working on an audit for the Coinbase team, we found a critical vulnerability in the DSChief contract of the DappHub library.

MakerDAO Critical Vulnerability Notice

While working on an audit for the Coinbase team, we found a critical vulnerability in one of the DappHub library contracts. This affects the MakerDAO system currently in production.

Solo Margin Protocol Audit

The dYdX team asked us to review and audit their Solo project. We looked at the code and our results are published below.

Marmo Contracts Audit

The RCN team asked us to review and audit their Marmo contracts. We looked at the code and here are the results.

Centre Token Minting Contracts Audit

The Circle and Coinbase teams asked us to review and audit the minting contracts of the Centre Token. We looked at the code and now publish our results.

Follow this quality checklist before an audit

At Zeppelin we help protect the core infrastructure of open and decentralized applications. I’m part of the Research team, which is in charge of conducting security audits.

RNDR Token Transfer Audit

The OTOY team asked us to review and audit their RNDR Token contracts. We looked at the code and now publish our results.

Solidity Compiler Audit

The Augur team and the Ethereum Foundation (through a joint grant) asked us to review and audit the Solidity compiler. We looked at the code and now publish our results. The audited project can be…