Blog
Technical writing on Web3, AI, and building things. Written by Uvin Vindula.
130 articles · 6 in Blockchain Security
A security auditor's complete guide to front-running and MEV protection. Covers how MEV bots exploit transaction ordering, sandwich attacks on DEX swaps, and four battle-tested defenses: commit-reveal schemes, Flashbots Protect, slippage guards, and private mempools. Includes production Solidity code, testing strategies, and a look at the evolving MEV landscape in 2026.
A security auditor's deep dive into oracle manipulation — the most common DeFi exploit vector. Covers how spot price oracles get manipulated through flash loans, real attack case studies (Mango Markets, Cream Finance), and battle-tested defenses: Chainlink price feeds, TWAP oracles, multi-oracle strategies, and circuit breakers. Includes production Solidity code and a complete audit checklist.
A security auditor's guide to smart contract access control — from simple Ownable to role-based AccessControl, multi-sig patterns, timelocks, and emergency pauses. Includes real anonymized audit findings, vulnerable vs fixed code, and Foundry tests that catch access control bugs before attackers do.
A deep technical breakdown of flash loan attacks in DeFi — how attackers exploit atomic composability to manipulate prices, drain protocols, and hijack governance. Covers real exploits (Euler Finance, Beanstalk), oracle manipulation vectors, and battle-tested defense patterns with working Solidity code for TWAP oracles, timelocks, and circuit breakers.
A complete breakdown of reentrancy attacks in smart contracts — from the 2016 DAO hack to modern cross-function and read-only reentrancy variants. Includes working vulnerable code, a full attack contract, defense patterns (Checks-Effects-Interactions and ReentrancyGuard), and Foundry fuzz tests.
A comprehensive smart contract security checklist covering 25 critical vulnerabilities to audit before deploying to mainnet — with real vulnerable code examples, Foundry fuzz tests, and fixes. From reentrancy and access control to flash loan attacks and gas optimization.