​

GM anon!

Welcome to this month’s QuillAudits roundup, where we discuss everything we’ve been doing in Web3 security.

Month In Review

This month, attacks on various protocols resulted in a loss of over $127.7 million. Reasons for the attack varied from Access Control, Improper Input Validation, and Donation Attack. The largest hack witnessed was on Nobitex due to a problem with Access Control, which led to the loss of $100m. All of these funds were directed to burner addresses, which are unretrievable. The other major attacks include Resupply ($9.8m), Alex Labs ($8.37m), and Force Bridge ($3.76m).

​

Auditing Stats from June

Featured Research & Blogs

• ​Bonding Curves:​ Understanding AMMs, price discovery, and token economics​
• ​Account Abstraction:​ Deep dive into ERC-4337 and the future of smart wallets​
• ​Cross-Chain Infrastructure:​ LayerZero, bridging risks, and modular interoperability​
• ​Vault Design:​ Comparative analysis of ERC4626 implementations​
• ​RWA (Real-World Assets):​ Tokenization frameworks, legal risks, and on-chain integration models​

Read about Major Hacks from Last Month

​Meta Pool: Meta pool, a LST provider on multiple blockchains, got hit with an exploit that led to the minting of $27m worth of mpETH tokens, but the only loss taken was $130k due to the low liquidity of the pool. The protocol's mint function lacked access control and didn’t verify the deposit first. Though the protocol was able to retrieve $117k worth of assets as the attack was frontrun by a whitehat, Yoink.

​Resupply Hack: Resupply, a CDP protocol, got hit with a donation attack which led to the loss of $9.8m. The attack failed the solvency check for the attacker, marking the address solvent, and gave a loan of 10m reUSD with almost no upfront collateral.

​Silo Finance: Silo Finance, a lending and borrowing protocol, got hit by an attack that led to the loss of $550k. The flaw was in the new feature testing contracts, which didn’t verify the calldata provided by the attacker and what had to be a swap transaction converted to a borrow transaction, taking collateral from the victim.

Read detailed blogs on different verticals across the ecosystem

​Guide to HyperEVM and its Ecosystem: Learn about how HyperEVM and HyperCore work in parallel to provide a great experience to users and the growing HyperEVM ecosystem.

​Guide to Oracle Manipulation Attacks: Learn about how oracle manipulation attacks occur and their remediation.

​
Partnerships & Collaborations

We have partnered with Haven1 to secure DApps building on top of its core modules. This would ensure security is embedded directly into their ecosystem.

Haven1 🧑‍🚀 @Haven1official 🛡️ Securing the next wave of Web3 Haven1 is proud to name @QuillAudits_AI as our official audit partner. From DeFi protocols to consumer apps, every core module on Haven1 now benefits from QuillAudits’ industry-leading security. 💪 3:50 PM • Jul 1, 2025 36 Retweets 136 Likes Read 24 replies

​

​
Partnered with Yardhub for their Web3 Growth Camp 4, adding to our earlier partnerships from Camp 2.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Back again with @yardhub for Web3 Growth Camp 4 🔥 From Camp 2 to Camp 4, we’ve been here to secure what matters. This time, we’re levelling up with extra perks to all the amazing teams Let's build safer protocols together🚀 https://twitter.com/yardhub/status/1937474787103629385 yardhub @yardhub We’re excited to welcome @QuillAudits_AI as the official Security Partner of web3 Growth Camp 4. With 7 years of expertise & 1400+ audits, QuillAudits secures blockchain projects through multi-layered audit framework, combining manual & AI-driven technique. Security is 5:9 PM • Jun 24, 2025 1 Retweets 10 Likes Read 3 replies

​

​
Collaborated with BNB Chain for their Kickstarter program to provide audit services to all the projects involved with perks, including a 20% discount on auditing services, on-chain monitoring, post-audit marketing boost, and more.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Teaming up with the OGs! We’re proud to join @BNBChain’s Kickstart Program as an official service provider. Offering discounted audits, monitoring & growth support to help you launch right💥 Security. Speed. Support. 🧵👇 6:47 PM • Jun 13, 2025 5 Retweets 21 Likes Read 1 replies

​

​
​Joined the Soneium marketplace on Areta as a whitelisted auditor. Builders can request quotes from multiple audit providers, including us, to get the best prices according to their budget and faster services.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI 🚨 We’re LIVE on @areta_io marketplace for @soneium! QuillAudits is proud to be a pilot launch provider on the Soneium audit marketplace. Fast audits. Real transparency. Big ups to the Areta x Soneium teams for leveling up security! ️🔥️ https://twitter.com/bernard_xyz/status/1932092132925252001 Bernard ⚡️⚡️⚡️ @bernard_xyz 1/ @soneium is now live on Areta Market! Starting today, Soneium builders can access fast and streamlined audits —> http://areta.market/soneium 8:13 PM • Jun 12, 2025 2 Retweets 9 Likes Read 1 replies

​

​
Partnered with CV Labs to provide benefits like audit grants to builders in their past and present accelerator.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI GM fam! We’ve partnered with @CV_Labs to support the next generation of Web3 builders. If you're in their accelerator (past or present), you just unlocked WAGSI audit grants 🔥 Build safer. Ship faster. Win user trust. Apply below 👇 1:35 PM • Jun 10, 2025 3 Retweets 12 Likes Read 2 replies

​

​
Joined the Uniswap marketplace on Areta as a whitelisted auditor. Builders can request quotes from multiple audit providers, including us, to get the best prices according to their budget and faster services.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Officially whitelisted ✅ We're now an approved auditor for the @UniswapFND security fund on http://areta.market This brings fast and cost-effective audits to Uniswap builders without compromising on quality. Kudos to @bernard_xyz and team for this! 🔥 https://twitter.com/bernard_xyz/status/1929557073206853984 Bernard ⚡️⚡️⚡️ @bernard_xyz 1/ Together with @UniswapFND, we're introducing Areta Market -> http://areta.market > Marketplace to connect builders to whitelisted auditors > Gives builders 10-12 service quotes per request and full price transparency > Reduces audit costs by 20–30% and shortens service 1:59 PM • Jun 5, 2025 4 Retweets 27 Likes Read 3 replies

​

​
Partnered with Cointelegraph Accelerator for the pitch day in ETHCC. It is a curated networking event where teams can pitch their product and get validated faster. Moreover, winning teams get audit grants up to $50k from us.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI @EthCC founders roll call!! We are teaming up with @CointelegraphAc for the top-tier VC <> Start Up Connect side event in Cannes 🔥 Pitch in front of top VCs & ecosystem leaders IRL and get a chance to win up to $50,000 in audit grants from us ;) Building something cool? 7:34 PM • Jul 1, 2025 4 Retweets 10 Likes Read 1 replies

​

Have a great day,

Team QuillAudits

​Unsubscribe​ ​Update your profile​ QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard , Downtown Dubai, 416654

​​​​

Copyright (C) 2025 QuillAudits. All rights reserved.

​