Skip to Content
All memories

Security

Security-critical design notes across the stack: threat models, hardening, secure defaults, and resilience under active adversaries.

View tag listing

Best starting points

  1. The KelpDAO Exploit Was Not a Bug

    April 19, 2026 · 22 min

    Incident memo (April 2026): the 116,500 rsETH release via LayerZero EndpointV2 was a semantic guard failure. Signatures are not truth unless they bind to a unique, finalized source-chain debit.

  2. Termination Is a Security Boundary: HotStuff Under UC, Delay Attacks, and the Uncomfortable Gap to Rust

    March 28, 2026 · 13 min

    Paper note (March 2026): a UC-style termination proof for HotStuff, the real invariant it relies on, and what changes when you ship it as a low-level Rust system under adversarial latency.

  3. Designing for Catastrophic Failure: Compartmentalization and Recovery

    December 1, 2024 · 4 min

    Spec-driven research note (December 2024): Designing for Catastrophic Failure: Compartmentalization and Recovery.

  4. ZKP Systems Engineering: Provers, Verifiers, and Operational Cost

    November 1, 2024 · 4 min

    Threat-model-first analysis (November 2024): ZKP Systems Engineering: Provers, Verifiers, and Operational Cost.

  5. Formal Verification of Crypto Protocols: Models, Gaps, and Pain

    October 1, 2024 · 4 min

    Spec-driven research note (October 2024): Formal Verification of Crypto Protocols: Models, Gaps, and Pain.

Roadmap

  • Assumptions/non-goals made explicit
  • Attack surface enumeration + mitigations
  • Failure containment + blast radius
  • Monitoring + incident response as part of the spec

Browse topics