Public Reports
Welcome to the official public reports repository of d23e.ch. We are a company specializing in blockchain security and research, focusing on identifying vulnerabilities in both design and code.
Our Services
- Research: We conduct in-depth research on various aspects of blockchain technology, smart contracts, and decentralized finance (DeFi).
- Security: We offer comprehensive security audits and vulnerability assessments for blockchain projects and smart contracts.
Repository Contents
This repository contains our public disclosures, research papers, and audit reports. Below is a comprehensive table of our work:
| Date | Project/Topic | Type & Document | New Vulnerabilities/New Findings |
|---|---|---|---|
| Sep 2024 | Amplification Attack | Research Paper | Disclosed to bloXroute Disclosed to Eden network |
| Aug 2024 | Ethereum Mempool DoS | Research Paper | Disclosed to Ethereum foundation (bug bounty received) Disclosed to Flashbots (bug bounty received) |
| May 2024 | BX Digital | Audit Report | PVE-001 1 (Medium): AssetAddress can be variable balance token PVE-002 1 (Low): Malicious oracle can manipulate the trade order PVE-003 1 (Info): Front-running possibility when the oracle is malicious |
| Sep 2023 | Hidden 2 3 | Security Disclosure | Centralized risk to steal users' fund |
| Aug 2023 | Role Play Attacks | Research Paper | |
| Aug 2023 | Generalised Front-Running | Research Paper | MassDeposit: Vulnerability in massDeposit() risking $28.58M (ETH) and $759.54K (BSC). Unverified Stake: BSC staking flaw allowing instant profit from unverified assets. Unauthenticated Minting: BSC token flaw enabling unlimited token minting. Unauthenticated Asset Redemption: Contracts on ETH and BSC allowing unrestricted asset redemptions. Faulty Authentication: 8 contracts (ETH/BSC) enabling unauthorized asset transfers. |
| Jul 2023 | BlockWallet 3 | Security Disclosure | New attack vector: bypassing swap fee |
| Jul 2023 | Hidden 2 3 | Security Disclosure | New attack vector: bypassing swap fee |
| Jun 2023 | Huckleberry | Security Disclosure | Critical: Lend bug - A malicious user can steal all funds deposited into the protocol. Possible Loss: All TVL (highest ~$300k in history, now 50k) |
| Jun 2023 | SwissBorg | Audit Report | 3 potential security vulnerabilities that could compromise system integrity and safety. 3 informational findings to improve contract code quality. |
| May 2023 | EPG | Research Paper | Uniswap + Tokenlon, flaw in token design leads to continous arbitrage opportunities |
| Apr 2023 | SoK DeFi Attacks | Research Paper | |
| Dec 2021 | Quantifying Ethereum MEV | Research Paper | |
| Oct 2021 | Liquidation | Research Paper | Aave flaw in liquidation design leads to double liquidation |
| Jun 2021 | DeFiPoser | Research Paper | |
| Jun 2021 | A2MM | Research Paper | First on-chain aggregator design |
| Mar 2021 | Flashloan | Research Paper | |
| Mar 2021 | Confuzzius | Research Paper | |
| Dec 2019 | Sandwich attack | Research Paper | Disclosed to Uniswap |
| Oct 2018 | Securify | Research Paper | |
| Dec 2016 | Ethereum Eclipse | Research Paper | |
| Oct 2016 | PoW Security | Research Paper | |
| Oct 2015 | Bitcoin Delay Propagation | Research Paper | |
| Dec 2014 | Bloom Filters | Research Paper |
About Our Work
Our work spans various aspects of blockchain security and research. Through our security disclosures, we help improve the safety of popular blockchain wallets and platforms. Our audit reports demonstrate our commitment to enhancing the security of blockchain projects. The research papers showcase our contributions to advancing knowledge in critical areas such as MEV, front-running, DoS attacks, and DeFi protocol analysis.
For more information about our services or to engage with us, please visit our website at https://d23e.ch.