3 posts tagged with "Ethereum"

Smart contract proxies enable upgradeability by separating contract logic from storage. This is powerful, but dangerously easy to get wrong. Misconfigurations or misunderstandings around storage layout, access control, or delegate calls often lead to catastrophic exploits.

Let's walk through the most common vulnerabilities in proxy contracts and practical strategies for hardening your upgradeable deployments.

You don’t need to memorize this list, only build a habit of asking the right questions when auditing any system. With proxies, for example, think about:

• Upgrade control: who can change the logic and how?
• Storage layout collisions
• Delegatecall abuse

Also look at how upgrades are monitored, tested, and deployed. So rather than memorizing vulnerabilities, Rely on a structured investigation and pattern recognition.

Auditing smart contracts isn’t just about finding bugs; it’s about cultivating paranoia—the healthy kind. You learn to ask: What assumptions is this code making? What happens if they break? Who gains if something goes wrong?

Here’s a peek into how I approached a sample audit, step-by-step, and turned raw code into a structured security review.

1114 contributions to Tornado.Cash Trusted Setup, 141,416 contributions to Ethereum's KZG ceremony! But what are these ceremonies about? Why do they matter?