Blog
A $47.43M Loophole in THORChain
QED found two related bugs in THORChain: an authz.MsgExec ante bypass that lets any EOA inject phantom pool balances ($47.43M net profit), and a reference-read deposit that credits Asgard while Bond/Reserve/THORName handlers run unbacked.
QED x Commonware
A joint look at how QED helps Commonware fix subtle vulnerabilities before it reaches production.
Hijacking dYdX v4 oracle feeds
A string-comparison bug in dYdX v4 could let an attacker rewire perp oracles and steal against $1.2M of open interest.
Two bugs in Jolt
QED found a soundness bug and a completeness bug in a16z's zkVM, Jolt.
Tachyon: Saving $600M from a time-warp attack
A six-year-old CometBFT time-warp bug left 40+ chains exposed to consensus failure and put more than $600M in assets at risk.