Archive - Offside Labs’ Security Insights

Token-2022 Security Best Practices - Part 2: Extensions

Without a solid understanding of tokens, projects face serious risks. This post highlights the extensions of Token-2022 that need closer security…

Nov 4, 2024 •

September 2024

Token-2022 Security Best Practices - Part 1: Mint & Token Account

This is the first article in the Token-2022 Security Best Practices series. It discusses potential security vulnerabilities in Mint and Token Accounts…

Sep 19, 2024 •

Stop Spoofing My Wallet!

Demystifying Simulation Spoofing Attacks

Sep 4, 2024 •

August 2024

Compensation for Composition

In this blog post, we reveal an issue in the Trader Joe v2 Liquidity Book. This flaw lets arbitragers perform swaps without paying fees, allowing them…

Aug 2, 2024 •

May 2024

One Key Bug in OneKey Mini

Delve into the security vulnerabilities of OneKey Mini hardware wallets. Through detailed analysis and hands-on experimentation, we discovered that…

May 30, 2024 •

December 2023

Saga of Saga – Part 2: Digging Into Solana's Smartphone Security

Explore the intricate security designs of Solana's Web3 Smartphone, 'Saga', with a deep dive into its unique features like Seed Vault and the challenges…

Dec 16, 2023 •

From Near Loss to Victory: The $2M Blockchain Rescue

The Affine DeFi crisis averted: Our whitehat team stepped in, preventing a $2M theft and ensuring user funds' safety.

Dec 12, 2023 •

November 2023

Saga of Saga - Part 1: Unlocking the Debate on True Vulnerabilities

If a victim has to give his password, erase his phone, and hand it over, is it still a vulnerability? Dive into our analysis of the Saga mobile's…

Nov 26, 2023 •

Unrolling the Scroll: Probing the Security of a Zero-Knowledge Roll-Up

Dive into our quest to uncover vulnerabilities in Scroll's zero-knowledge roll-up, exposing subtle bugs and exploring the security measures within this…

Nov 12, 2023 •

December 2022

Could Wrapped Tokens Like WETH Be (forced) Insolvent?

Uncover the fascinating journey of a budding hacker delving into Interlay's Bitcoin-Polkadot bridge, interBTC, and revealing critical security flaws in…

Dec 21, 2022 •

July 2022

The Defrauded Fraud Proof of A Bitcoin Bridge

Hanging out in the Immunefi discord leads me to new wonderlands! Last month I was notified of a new bounty program from Interlay, who claimed the…

Jul 31, 2022 •

June 2022

How to Steal $100M from Flawless Smart Contracts

Embark on an exciting journey as I expose a critical design flaw in Moonbeam's network, safeguarding over $100M and earning a $1M bug bounty reward.

Jun 28, 2022 •

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts