Research

Field notes

Occasional write-ups on what we see in crypto codebases: patterns worth naming and the discipline that keeps a finding honest. Always generalized, never tied to a client engagement.

DR-NOTE-003 · 2026-05-28 · smart contracts

Rounding direction is a security property

A half-wei here, a truncation there. Why share-based vaults must always round against the user, and how to test that they do.

Read note → DR-NOTE-002 · 2026-04-15 · process

We gate disclosure on a working proof

Why the bar for a finding is a reproducible PoC rather than a plausible argument, and what that discipline saves everyone.

Read note → DR-NOTE-001 · 2026-03-02 · lineage

Patched upstream, still live in the fork

A fork is a snapshot. Fixes that land in the parent afterwards never reach it on their own, and published patches tell attackers where to look.

Read note →

:: more notes as we publish them ::

We publish sparingly and only when a note is useful on its own. If you'd like to be told when something new goes up, say so when you reach out.