Zellic

Move developers: do you know what Move binaries look like on the inside? With the recent popularity of Move-based chains, it’s useful for smart contract auditors to be familiar with the nitty-gritty of the Move binary format and assembly. In our latest blog, we cover the Move binary format, Move assembly, and our tool that makes writing Move assembly easier. Link to blog here: https://lnkd.in/g9EmSMwd

🔒 How secure is Lorenzo? Read our audit from Zellic 👇 https://lnkd.in/gkxMb3qX

What happens when actions intended for fungible assets are done on non-fungible assets? Type confusion isn’t just for C . This month, we examine how a type confusion issue could have led to stolen Uniswap liquidity positions from a dark pool (The issue has since been fixed): https://lnkd.in/gqut33RM

What would you do if your medical records were leaked, or your confidential financial transactions were exposed? FHE is a branch of cryptography that allows computations to be performed on encrypted data. To the party performing the computation, FHE is like a black box. They only see the encrypted input and output. FHE enables applications like running ML models in the cloud for identifying tumors, without revealing sensitive input data like medical scans to third parties. Another application of FHE is private on-chain data and private smart contracts. However, two recently published papers demonstrate how new key-recovery attacks against FHE can be constructed to break confidentiality by decrypting data if the decryption results are given to the attacker. In our latest blog, we cover these attacks and how they also apply to established libraries like SEAL and OpenFHE: https://lnkd.in/gFkaZj3H

In this Zellic Security Roundup, we explain how a Cosmos SDK review and POC led to the discovery of a possible scenario of tokens being stuck in contracts and users being unable to withdraw funds (fixed). This is a look at that finding: https://lnkd.in/gyCa8Yy7

We have been diligently working behind the scenes to maximize the security of our protocol. A big thank you to Zellic for their support in our mission and for completing a technical audit with us this past week. This marks the completion of our second audit, underscoring our commitment to prioritizing security. Audits here: https://lnkd.in/gQ8wekZM

Zellic is proud to announce the release of SOLP, our internal Solidity analysis library written in Python! The library is fast and easy to use, aimed at both developers and auditors. Read more to find out what SOLP can do and how to use it. https://lnkd.in/dsPCrTxk

How is Groq so fast? In our latest blog, we did a deep dive into Groq’s whitepaper (surprisingly easy to read!) to find out. https://lnkd.in/g6z28Z-K

Signal has rolled out usernames, meaning users can now use the app while keeping their phone numbers private. This enhanced level of privacy was achieved through the use of Ristretto hashes and zero-knowledge proofs. We wanted to take a deeper look into how these two cryptographic primitives can provide another privacy protection for Signal’s users; fortunately, the source code is open-source, so check out our latest blog to see how it all works. https://lnkd.in/gr4e-arc

The April edition of the Zellic Security Roundup is now live! This month we focus on a bug found in our recent security assessment of Beefy Finance, our recent research including a look into two critical issues discovered in certain forks of Gains Network, and the latest news in Web3 security. Subscribe to the Zellic Security Roundup for monthly updates on Zellic's research and writing, top news in Web3 security, and which conferences and events we'll be heading to that month. https://lnkd.in/grhtvEBU