April 18, 2026PKI / CA constraint bypass
A widely-deployed open-source crypto library enforces an RFC 5280 CA path-length constraint only when a separate extension is present, so a CA forbidden from delegating can mint rogue sub-CAs the library still trusts. Includes an interactive proof you can run in the browser.
Read the writeup →
April 11, 2026Overview
Eight findings against the open-source Fireblocks MPC-CMP implementation, P1-P4.
Read the writeup →
April 11, 2026Crypto soundness
EdDSA commitment uses unsalted SHA-256, enabling rainbow-table-style precomputation against fixed nonce structures.
Read the writeup →
April 11, 2026Crypto soundness
Offline-ECDSA path accepts unverified signature shares.
Read the writeup →
April 11, 2026Memory safety
Unbounded alloca() on attacker-sized range-proof input stack-overflows the verifier.
Read the writeup →
April 11, 2026Memory safety / crypto
Integer overflow during quadratic-residue ZKP deserialization.
Read the writeup →
April 11, 2026Crypto soundness
Fiat-Shamir transcript truncation in MtA.
Read the writeup →
April 11, 2026Crypto soundness
MtA batch verification uses 8 bits of randomness, allowing forged batches with non-negligible probability.
Read the writeup →
April 11, 2026Memory safety
Heap overflow in destructor path.
Read the writeup →
April 11, 2026Crypto soundness
Ring-Pedersen parameter generation accepts degenerate values.
Read the writeup →