/armory

A one-stop shop for blockchain security researchers looking for educational material and alpha to level-up and get an edge on competition. This is not your standard roadmap, top 10 vulnerabilities, or find-the-bug content. This is for the real researchooors.

Spearbit Armory GitHub Banner


Requesting a Security Review

In order to request a security review, please fill out our short request form.

For a brief overview of what Spearbit is and what we have to offer click here or reach out to us via Twitter.

If you have any urgent needs or would prefer a direct contact, please reach out to our COO - miike@spearbit.com

Who are we?

Spearbit is a distributed network of industry-leading security researchers tackling the most complex and mission-critical protocols across web3. Our network has extensive experience on every part of the blockchain technology stack.

Table of Contents

Content

This section contains all externally available educational material from Spearbit. The goal of publicizing and creating content like this is to foster and support a community of dedicated researchers consistently motivated to take the next step in their web3 security knowledge and for that material to be just as beneficial to those with more experience in the field as it is to juniors.

Tldr; We believe in elevating the standard for security research, thus our content will reflect the same.

ZKP Education

This section contains ZKP resources produced by Spearbit researchers or invited seminar guests in order to provide a stronger base for researchers to develop their understanding of security posture within ZKPs

Title Type Media Link
Introduction to ZKPs Seminar Video
Demsytifying ZKPs Write-up Article
Intoduction to ZKP Security Seminar Video
Nova: ZK Bug of the Year Breakdown Seminar Video
Analyzing Polygon zkEVM: PIL State Machines Seminar Video
Polygon zkEVM Flawed Division Vulnerability Breakdown Thread + Manim Thread
Improper Rewards Calculation on Epoch Boundary Thread + Manim Thread

Report and Finding Breakdowns

These breakdowns are concise and guided write-ups of findings from some of Spearbit’s top researchers. Study them intently in order to extract the process and perspective of some of the best researchers in the game.

Title Risk Protocol(s) Written Breakdown Report Link
Aave v3 Dependency Critical Morpho Labs and Aave Breakdown Report
Balancer Dependency Critical Aera Finance and Balancer Breakdown Report
“Clones-with-immutable-args” and improper Bytes Validation Critical Sudoswap Breakdown Report
Polygon zkEVM Flawed Division Remainder Check Critical Polygon zkEVM Breakdown Report

Spearbit Tips

Spearbit Tips is a weekly initiative to introduce general recommendations for security researchers and developers in order to support knowledge sharing across the web3 security ecosystem and continue raising the bar in our industry.

# Title Author Written Breakdown
1 Reviewing Optimized Yul Noah Marconi Write-up
2 Proper Code Specification Noah Marconi Write-up
3 Clearly Defined Natspec Hickup Write-up
4 Verification Patterns Noah Marconi Write-up
5 In-line Comments Hickup Write-up
6 Human Error and Test Coverage Noah Marconi Write-up
7 Protocol Diagramming Jonatas Write-up

Researcher Spotlights

These spotlights serve to highlight the gems of the web3 security company working over at Spearbit. We have titans of the blockchains security community on our team that have a treasure trove of information to gain from studying their respective journeys.

Name Spotlight
@cmichelio Spotlight
@NoahMarconi Spotlight
@0xLeastwood Spotlight
@0xRajeev Spotlight
@HickupH Spotlight
@brockjelmore Spotlight

Seminars and Breakdowns

These seminars and breakdowns provide deep technical content for security researchers that wish to elevate their current skillset and gain insights from a wide variety of experts in web3 security.

Title Author Written Breakdown Additional Resources
Agent Buttercup - running agent-based models (ABMs) in an EVM environment Raghav Bansal
Uniswap - Hyperfragmented Liquidity and Adversarial Mempools Xin Wan
Cairo Security (Peteris Erins) Peteris Erins
Nova: The ZK Bug of the Year (by Wilson Nguyen) mercysjest
Web3 Private Infrastructure with HOPR scbuergel
ZKP Security Overview rkm0959
Cross-Chain Security: LayerZero Labs Ryan Zarick
Analyzing Polygon's zkEVM PIL State Machines Leonardo Alt
Community Workshop: Sudoswap Rajeev, Cryptonicle1, and Deivitto
Arbiter - EVM logic simulator for security and performance testing Jepsen & Colin Write-up
WhatsABI? with Shazow Shazow
Circuit Safety and an Introduction to Noir (Aztec Network) Maddiaa & Maxim
Community Workshop: Clober Hickup
Numerical Analysis for DeFi Audits Kurt Barry Write-up Link
Economic Security fmrmf Link
Security Education and Assessment Lab Rajeev Link
Deep Dive Into Seaport 0age Link
Optimal Front Running Attacks & How to Stop Them Max Resnick Link
From Exploit to Recovery: Unraveling DeFi Incidents Spreek Link
Community Workshop Zach Obront Link
How to Foundry 2.0 Brock Elmore Link
EVM Through HUFF Devtooligan Link1
ZK Series: Intro Porter Adams Write-up Slides
Community Workshop Riley Holterhus Slides
EVM Seminar: 7 things about the EVM Alex Beregszaszi Slides
OpenSeacurity with Spearbit OpenSea + Spearbit Teams Show notes
The Bridge Risk Framework Seminar Vaibhav Chellani L2 Bridge Risk Framework
Fuzzing Tools Series: Certora Prover Michael George --
Fuzzing Tools Series: Echidna Gustavo Grieco Echidna Spearbit Demo
Forta Introduction Seminar Christian Seifert and Andy Beal --
Simple Security Toolkit Walkthrough Brock Elmore Simple Security Toolkit
Spearbit at TrustX: Languages Panel --
Spearbit at TrustX: Simplify Solidity Code with Sorted Contracts and Security Risk Spencer, Gerard, and Rey --
Understanding Bridge Security Arjun Bhuptani --
How to Foundry Brock Elmore Foundry Book

Protocol Diagrams

This section will serve to provide public visuals and diagrams of the complex systems that our researchers come across during their security reviews in order to promote knowledge sharing and pattern matching for other security researchers in the industry.

Title Researcher Protocol(s) Diagram Link
Sudoswap V2 Diagram Gerard Persoon Sudoswap Diagram
Compound Finance Governance and Lending/Borrowing Jonatas Compound Diagram
Metastreet State Diagram Jonatas Metastreet Diagram