Audits that protect blockchain ideas.

Joined February 2022
220 Photos and videos
Pinned Post
When Hyperliquid has to clear bad debt, who covers it? We reverse-engineered the closed-source risk engine, verified some core properties & compared it to other perps. It's not neutral: the more leveraged and profitable your position, the sooner it's closed. Full breakdown ↓
9
27
202
42,377
OtterSec is happy to sign the OPSeC pledge and keep pushing for strong security practices across the teams we work with 🤝
The Open Protocol Security Coalition (OPSeC) is a new initiative by @fund_defi, in partnership with @_SEAL_Org and Asymmetric Research. What it does: → Curates existing, free cybersecurity resources → Hosts educational events → Engages with policymakers and regulators
18
3,050
When Hyperliquid has to clear bad debt, who covers it? We reverse-engineered the closed-source risk engine, verified some core properties & compared it to other perps. It's not neutral: the more leveraged and profitable your position, the sooner it's closed. Full breakdown ↓
9
27
202
42,377
New research: We were able to access camera permissions and obtain user GPS coordinates across 20 major mobile wallets by exploiting WebView misconfigurations. Here's how ↓
2
24
112
14,556
Anchor v2 docs are live!
4
6
45
3,879
OtterSec reposted
The writeup is here. We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise. @ryaagard details a universal, Bedrock-specific technique for bypassing ASLR and achieving arbitrary read / write primitives.
7
47
314
18,464
The writeup is here. We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise. @ryaagard details a universal, Bedrock-specific technique for bypassing ASLR and achieving arbitrary read / write primitives.
7
47
314
18,464
We're a day late, but happy World Otter Day 🦦
2
1
17
999
OtterSec reposted
how to save 38.2% of Solana CUs:
9
9
93
19,467
OtterSec reposted
rCTF v2 Coming soon to a CTF near you
5
17
292
18,948
OtterSec reposted
Great work by our web team! We also got RCE on LiteLLM and Oracle AI DB. Blog soon!
Dialed in! Nikolaos Mourousias (@deltaclock), Caue Obici (@caueobici) & Bruno Halltari (@BrunoModificato) of OtterSec used a Code Injection bug to exploit LM Studio in the second round, earning $20,000 and 4 Master of Pwn points. Full win! #Pwn2Own #P2OBerlin
2
7
72
5,916
OtterSec reposted
More good news for Ethereum security 🔥 @osec_io has joined the final push, contributing $7K across 40 projects through their ETHSecurity badgeholder. With badgeholder donations carrying boosted influence in matching, this contribution goes even further. Huge thank you to OtterSec! 💜
2
6
36
2,281
Anchor is moving to a permanent home at otter-sec/anchor as we take over its stewardship. Solana's ecosystem has been core to our work for years. Anchor has always been security-forward, and we're committed to keeping it that way for the developers who build on it.
4
29
147
14,422
OtterSec reposted
Anchor v2 has the same syntax, but is powered by completely new types under the hood. Here's how it works 🧵
1
8
51
4,885
We found a critical soundness bug in dusk-plonk that let a malicious prover forge proofs for arbitrary false statements. The result: an attacker could mint arbitrary amounts of DUSK out of thin air and bypass every check protecting Dusk's shielded transactions.
8
13
119
15,476