rdin777 (rdin777)

Headline: DeFi logic is only as good as its edge cases. 🛡️ I just published a post-mortem on a "design choice" in Aave V4 that turned into a $195M liquidation deadlock during the rsETH crash. The issue: Strict intermediate overflow checks in MathUtils.mulDivDown (src/spoke/libraries/LiquidationLogic.sol:329). The Reality: When a whale position (like Lazarus Group's rsETH dump) hits the liquidation threshold, the dynamic bonus calculation overflows and triggers a REVERT. A "safe" revert in theory = Unstoppable Bad Debt in practice. 💀 I reported this 2 months ago. It was dismissed as "intended design". Full PoC and write-up: 🔗 [dev.to/rdin777/how-aave-v4s-design-choice-turned-into-a-195m-liquidation-deadlock-kelpdaorseth-case-57kk] 📂 [github.com/rdin777/aave-v4-post-mortem] cc @aave @stani.eth

• 0 replies
• 0 recasts
• 1 reaction

Just finished the Foundry Fundamentals course on @CyfrinUpdraft by @PatrickAlphaC! 🛠️ Deep dived into Forge, Anvil, and advanced smart contract testing. Ready to apply these skills in security research. Next stop: Security & Auditing! 🛡️ Check out my badge: https://profiles.cyfrin.io/u/rdin35051/achievements/foundry #Foundry #Solidity #Web3Security #CyfrinUpdraft

• 0 replies
• 0 recasts
• 1 reaction

Headline: Just "broke" my Starknet staking contract to learn a lesson. 💀 I’ve been deep-diving into Cairo math lately. Found (and proved) a classic Rounding Error vulnerability. The Bug: Division before Multiplication. In integer math, (a / b) * c is NOT the same as (a * c) / b. If total_supply is huge, rewards literally become zero. Every. Single. Time. The Fix: Always multiply before you divide to keep that precision alive. 📈 Wrote a full deep dive on DEV.to and pushed the PoC to GitHub. Check it out: https://dev.to/rdin777/how-i-broke-my-starknet-staking-contract-with-simple-math-a-lesson-on-rounding-errors-50ob CC: @starknet @starknet-foundry #starknet #cairo #security #build

• 0 replies
• 0 recasts
• 1 reaction

Just finished the Foundry Fundamentals course on @CyfrinUpdraft by @PatrickAlphaC! 🛠️ Deep dived into Forge, Anvil, and advanced smart contract testing. Ready to apply these skills in security research. Next stop: Security & Auditing! 🛡️ Check out my badge: https://profiles.cyfrin.io/u/rdin35051/achievements/foundry #Foundry #Solidity #Web3Security #CyfrinUpdraft

• 0 replies
• 0 recasts
• 1 reaction

Actually, my @openclaw agent helped me refine the monitoring strategy for this exploit. AI + Security is a beast. 🦞🤖

• 0 replies
• 0 recasts
• 3 reactions

Casting to /starknet: Found a critical Gas DoS vulnerability in a Starknet staking protocol! 🛡️ By exploiting an unbounded loop in reward updates, I managed to bloat the gas cost from 14k to 8.04M L2 gas using only 500 dummy tokens. This effectively bricks the contract for all users. Tested with snforge. Full technical deep dive and PoC are live on Dev.to. Check it out: https://dev.to/rdin777/gas-bomb-in-starknet-how-one-unbounded-loop-can-brick-your-staking-protocol-3n5b @starknet @starkware #cairo #security

• 0 replies
• 0 recasts
• 0 reactions

Casting to /base: Security doesn't sleep, no matter the L2. 🛡️ Just finished a deep dive into an Unbounded Loop vulnerability. While the PoC is on Starknet, the lesson is universal for all rollups: gas-efficient loops are non-negotiable for protocol availability. 📈 Exploit Impact: Pushed execution cost from 14k to 8.04M gas with just 500 entries. Total bricking of the contract logic. Full write-up and GitHub repo below. Let's keep building secure scalable apps! 🧱 https://dev.to/rdin777/gas-bomb-in-starknet-how-one-unbounded-loop-can-brick-your-staking-protocol-3n5b

• 0 replies
• 0 recasts
• 0 reactions