Pavel KondrinPessimistic SecurityConfession about fuzzingI am Pavel, a senior auditor from Pessimistic Security and I want to make a confession: I really like fuzzing and invariant testing, but I…Dec 19, 2023Dec 19, 2023
Pavel KondrinSmartDec Cybersecurity BlogHow to Define Smart Contract Address Before the Deploy: CREATE2 Use Case for Crypto ExchangeCREATE2 opcode was introduced in the Constantinople hard fork on February, 28th, this year.Jun 18, 20191Jun 18, 20191
Pavel KondrinSmartDec Cybersecurity BlogSmartDec ERC20 Test Suite: Towards Decentralized SecurityA lot of services interact with ERC20 tokens (exchanges, DApps, etc.). The problem is that one cannot simply verify that some token is an…Mar 4, 2019Mar 4, 2019
Pavel KondrinSmartDec Cybersecurity BlogOverpowered Smart Contract Owner: Decentralized TotalitarianismOverpowered owner is the project design where contract owner can manually invoke critical functions of the system.Oct 26, 2018Oct 26, 2018
Pavel KondrinSmartDec Cybersecurity BlogHow to Audit Your Smart Contract (Or How Not to Make Third-Party Audit a Waste of Money)Security analysis is vital for DAPP development. Fortunately, it is already an industry standard to order a third-party audit. However…Oct 3, 20181Oct 3, 20181
Pavel KondrinSmartDec Cybersecurity BlogSONM Smart Contracts Security AnalysisIn this report, we consider the security of the SONM project. Our task is to find and describe security issues in the smart contracts of…Aug 21, 2018Aug 21, 2018
Pavel KondrinSmartDec Cybersecurity BlogERC20 approve issue in simple wordsIf you have used ERC20 tokens, then you have probably heard about the ERC20 approve issue. It is frequently mentioned in the audits of the…Jun 28, 20182Jun 28, 20182