The Valves Blog

How abi.encodePacked, missing context fields, and incomplete EIP-712 implementations create hash collisions that break authorization systems - before the cryptography even gets involved.

How inserting a parent contract with state variables silently shifts every storage slot in an upgradeable proxy - and why the EVM executes the corruption without a single revert.

Everybody is so concerned about the current state of audit contests. A clear-eyed look at why the format remains one of the most powerful security tools in Web3 - and what bear markets actually do to it.