Actionable Research

Learn how we work from first principles to viable products.

Apr 16, 2026

Closed-Source Contracts Are Not Safer

A bytecode analysis pipeline for obfuscated smart contracts shows that opacity often hides exploitable vulnerabilities instead of protecting value.

TxRay: Real-Time Postmortems for Live Blockchain Attacks

An agentic postmortem system that can move from a seed transaction to an evidence-backed root cause and a runnable exploit PoC fast enough for live incident response.

Speculative DoS in Ethereum

A study of how attackers can force validators and other blockchain actors to do expensive speculative work they may never get paid for.

Execution Property Graphs for Smart Contract Security

A graph-based runtime representation for smart contract executions that improves forensic analysis, attack detection, and real-time monitoring.

Blockchain Amplification Attack

A study of how latency-optimized Ethereum nodes can amplify invalid transactions across the peer-to-peer network, turning small inputs into outsized damage.

DeFiAligner: When DeFi Docs and Code Diverge

A system that combines symbolic execution with LLM reasoning to catch mismatches between protocol documentation and deployed smart contract behavior.

Evasion Under Blockchain Sanctions

A measurement study of OFAC sanctions effectiveness on Ethereum using Tornado Cash, plus a practical scoring algorithm for tracking complex flows. If you need help tracing funds, we can help.

A1: AI Agent Smart Contract Exploit Generation

A1 turns general-purpose LLMs into tool-augmented agents that can generate and validate concrete smart contract exploits on real chain state—and what that means for defenders.

Decompiling Smart Contracts with a Large Language Model

A practical decompilation pipeline that lifts EVM bytecode to three-address code (TAC), then uses a fine-tuned LLM to recover readable Solidity—powering our public system at evmdecompiler.com.

Vicuna Finance Post Mortem: Anatomy of a $700K Oracle Attack

Post-mortem analysis of the Vicuna Finance exploit on March 28, 2025. An oracle manipulation attack resulted in a $700K loss due to mispricing of LP tokens used as collateral.

LLMs can learn how normal, and abnormal transactions look like

LLMs are wonderful at predicting the next character in a text. But they can also predict the next trace opcode of a blockchain transaction! Hence they can detect which next opcode is rather unlikely --- we use this insight to create an abnormality detection system.

One way to easy success: CTRL+C+V - Imitation Transactions

Instead of joining the monkey game of find profitable opportunities, why not simply copy them? We investigate an advanced method to imitate blockchain transactions in real-time, allowing to generate hundreds of millions of USD. This work was published in Usenix Security.

Fuzzing DeFi with SMT Solvers

How to extract revenue from DeFi protocols with the Bellman Ford algorithm or an SMT solver? Check out our IEEE Security & Privacy Paper

How dark is the forest?

Traders extract monetary value from the mesh of decentralized finance (DeFi) smart contracts through so-called blockchain/miner/maximal extractable value (BEV/MEV). We shed light into this dark forest with an IEEE Security & Privacy Paper.

Read