In order to request a security review, please fill out our short request form.
For a brief overview of what Spearbit is and what we have to offer click here or reach out to us via Twitter.
If you have any urgent needs or would prefer a direct contact, please reach out to our COO - [email protected]
Spearbit is a distributed network of industry-leading security researchers tackling the most complex and mission-critical protocols across web3. Our network has extensive experience on every part of the blockchain technology stack.
- Content Overview
- ZKP Education
- Report and Findings Breakdowns
- Spearbit Tips
- Researcher Spotlights
- Seminars and Breakdowns
- Protocol Diagrams
This section contains all externally available educational material from Spearbit. The goal of publicizing and creating content like this is to foster and support a community of dedicated researchers consistently motivated to take the next step in their web3 security knowledge and for that material to be just as beneficial to those with more experience in the field as it is to juniors.
Tldr; We believe in elevating the standard for security research, thus our content will reflect the same.
This section contains ZKP resources produced by Spearbit researchers or invited seminar guests in order to provide a stronger base for researchers to develop their understanding of security posture within ZKPs
| Title | Type | Media Link |
|---|---|---|
| Introduction to ZKPs | Seminar | Video |
| Demsytifying ZKPs | Write-up | Article |
| Intoduction to ZKP Security | Seminar | Video |
| Nova: ZK Bug of the Year Breakdown | Seminar | Video |
| Analyzing Polygon zkEVM: PIL State Machines | Seminar | Video |
| Polygon zkEVM Flawed Division Vulnerability Breakdown | Thread + Manim | Thread |
| Improper Rewards Calculation on Epoch Boundary | Thread + Manim | Thread |
These breakdowns are concise and guided write-ups of findings from some of Spearbit’s top researchers. Study them intently in order to extract the process and perspective of some of the best researchers in the game.
| Title | Risk | Protocol(s) | Written Breakdown | Report Link |
|---|---|---|---|---|
| Aave v3 Dependency | Critical | Morpho Labs and Aave | Breakdown | Report |
| Balancer Dependency | Critical | Aera Finance and Balancer | Breakdown | Report |
| “Clones-with-immutable-args” and improper Bytes Validation | Critical | Sudoswap | Breakdown | Report |
| Polygon zkEVM Flawed Division Remainder Check | Critical | Polygon zkEVM | Breakdown | Report |
Spearbit Tips is a weekly initiative to introduce general recommendations for security researchers and developers in order to support knowledge sharing across the web3 security ecosystem and continue raising the bar in our industry.
| # | Title | Author | Written Breakdown |
|---|---|---|---|
| 1 | Reviewing Optimized Yul | Noah Marconi | Write-up |
| 2 | Proper Code Specification | Noah Marconi | Write-up |
| 3 | Clearly Defined Natspec | Hickup | Write-up |
| 4 | Verification Patterns | Noah Marconi | Write-up |
| 5 | In-line Comments | Hickup | Write-up |
| 6 | Human Error and Test Coverage | Noah Marconi | Write-up |
| 7 | Protocol Diagramming | Jonatas | Write-up |
These spotlights serve to highlight the gems of the web3 security company working over at Spearbit. We have titans of the blockchains security community on our team that have a treasure trove of information to gain from studying their respective journeys.
| Name | Spotlight |
|---|---|
| @cmichelio | Spotlight |
| @NoahMarconi | Spotlight |
| @0xLeastwood | Spotlight |
| @0xRajeev | Spotlight |
| @HickupH | Spotlight |
| @brockjelmore | Spotlight |
These seminars and breakdowns provide deep technical content for security researchers that wish to elevate their current skillset and gain insights from a wide variety of experts in web3 security.
This section will serve to provide public visuals and diagrams of the complex systems that our researchers come across during their security reviews in order to promote knowledge sharing and pattern matching for other security researchers in the industry.
| Title | Researcher | Protocol(s) | Diagram Link |
|---|---|---|---|
| Sudoswap V2 Diagram | Gerard Persoon | Sudoswap | Diagram |
| Compound Finance Governance and Lending/Borrowing | Jonatas | Compound | Diagram |
| Metastreet State Diagram | Jonatas | Metastreet | Diagram |