👋 Welcome to the February Edition
In this February edition of Quill Sentinel, we expanded our research across Layer 2 security models, intent-based DeFi architectures, zk-proof misconfigurations, and AI-assisted auditing frameworks, while also launching our new Security Hub and introducing three major security services: Formal Verification & Fuzzing, On-Chain Monitoring, and QuillAudits Verified.
This month’s insights examine rollup-specific threat models, oracle manipulation dynamics, solver-layer risks, cross-chain validation flaws, and the growing intersection of AI and smart contract security, while our expanded service stack moves us beyond point-in-time audits toward continuous, lifecycle-based protection.
Beyond research and exploit investigations, we’re also taking these conversations offline through curated security roundtables and institutional gatherings across New York, Cannes, and Dubai.
Here’s a concise roundup of our research, security launches, ecosystem observations, and upcoming engagements from the past month.
Expanding the Security Stack: From Proof to Production
This month, we introduced three new services designed to strengthen protocol security beyond traditional audits, combining mathematical assurance, live threat detection, and institutional-grade verification.
Formal Verification & Fuzzing
We now offer formal methods and advanced fuzz testing to mathematically validate core invariants and aggressively stress-test smart contracts against edge cases. By combining SMT-based verification with large-scale input mutation and scenario testing, this service helps eliminate hidden logic flaws before deployment.
On-Chain Monitoring Service
Security doesn’t stop at launch. Our on-chain monitoring provides real-time transaction surveillance, invariant tracking, and automated threat alerts to detect oracle deviations, abnormal fund flows, governance attacks, and exploit patterns as they emerge, enabling rapid incident response.
QuillAudits Verified - Project-Level Verification
Beyond code security, QuillAudits Verified introduces structured project-level verification, including team identity validation and public credibility signaling. Designed to strengthen trust with users, exchanges, and institutional partners, this service bridges technical assurance with reputational transparency.
Together, these additions move our security approach from point-in-time auditing to continuous, lifecycle-based protection.
If you’re serious about making your protocol resilient against exploits from Solidity logic bugs to cross-chain threats, reach out to the QuillAudits team and let’s build it securely from day one.
From the Quill Research Desk
Our February research expanded across ecosystem-specific security frameworks, Layer 2 threat modeling, emerging DeFi primitives, and AI-assisted auditing. This month also marked the launch of a new Security Hub, where we publish structured audit checklists for different Web3 systems, beginning with Solana.
Solana Audit Checklist - Launch of the Security Hub
We introduced a comprehensive security checklist for Solana programs, systematizing audit methodology across account validation, signer checks, PDA derivation risks, CPI trust boundaries, rent mechanics, upgrade authority controls, and common logic flaws. The goal is to transform fragmented audit knowledge into a structured, ecosystem-specific framework that builders can proactively apply.
Stop Auditing Base Like Ethereum
Although Base is EVM-compatible, its OP Stack rollup architecture introduces distinct risks around sequencer trust assumptions, cross-domain messaging, dispute windows, bridge composability, and account abstraction edge cases. This piece argues that L2 environments require tailored threat models rather than reused Ethereum checklists.
Intent-Based Lending: Rethinking DeFi Risk Surfaces
Intent-driven architectures shift complexity from pooled on-chain logic to off-chain solver coordination. We analyzed emerging risks including solver manipulation, replay vulnerabilities, signature misuse, oracle timing mismatches, settlement failures, and intent-layer MEV, outlining how abstraction changes, but does not remove, systemic risk.
First Version of Claude Skills - AI Augmented Auditing
We released the first iteration of QuillAudits Claude Skills, enabling semantic contract analysis beyond pattern matching. These modular skills focus on invariant reasoning, guard analysis, upgrade risks, reentrancy surfaces, oracle dependencies, and structured severity classification, demonstrating how AI can assist, not replace, rigorous human-led audits.
February’s work reflects a consistent theme, as Web3 systems evolve toward abstraction and modularity, security models must evolve with equal precision and structure.
Hack Watch
February saw a concentration of exploits rooted in oracle weaknesses, protocol logic flaws, and compromised key infrastructure across multiple ecosystems. The largest protocol loss came from YeildBlox Blend v2 on Stellar, where a $10M oracle manipulation attack targeted its lending architecture. Infrastructure risks persisted with an $8M private key compromise affecting Iotex systems on Ethereum. Logic and validation issues continued elsewhere, FoomCash lost $1.6M due to protocol design flaws on Ethereum and Base, Moonwell suffered a $1.4M oracle issue on Base, and Cross Curve was exploited for $1.3M on Arbitrum through improper input validation in its bridge logic.
However, these protocol losses were overshadowed by what may be the largest social engineering breach on record. In a deceptive tech support scam targeting a Trezor user, attackers gained access to an exposed root key and drained $282 million in Bitcoin and Litecoin a stark reminder that human-layer failures can exceed smart contract exploits.
Cross Curve $1.4M Exploit Explained
Cross Curve suffered a $1.4M loss due to an implementation bug in its cross-chain execution logic. The contract’s expressExecute function allowed public, unauthenticated cross-chain calls with only trivial checks on execution IDs. Attackers supplied crafted parameters, bypassed validation, and caused unauthorized payload execution, resulting in unexpected minting/transfer flows and a substantial drain of assets from the protocol.
YeildBlox $10M Hack Explained
YieldBlox Blend pool on Stellar was exploited through a classic oracle manipulation against the illiquid USTRY/USDC trading pair. A single abnormal trade inflated the price over 100× within the VWAP window, which the protocol trusted as legitimate, enabling the attacker to supply USTRY as collateral and borrow excessive amounts of USDC and XLM against the inflated valuation, ultimately extracting over $10M from the pool.
FoomCash $1.6M Exploit Explained
FoomCash was exploited due to a critical misconfiguration in its Groth16 zk-SNARK verifier contract, where constants required for proof soundness were incorrectly set. This flaw allowed attackers to forge valid proofs and systematically drain approximately $1.3M in FOOM on Ethereum and an additional $316K on Base, without reliance on flash loans, reentrancy, or oracle manipulation highlighting the importance of correct cryptographic configuration and dedicated zk audits.
QuillAudits Stats
A quick look at our February audit activity and how we helped secure the Web3 ecosystem.
Where to Find Us Next
We’re continuing our closed-door security roundtables and curated gatherings across major global hubs, bringing together institutional builders, senior engineers, auditors, and protocol architects shaping digital asset infrastructure at scale.
Security Roundtable – Digital Assets Summit, New York (March 24)
Hosted alongside Digital Assets Summit NYC at Javits Center, this invite-only roundtable focuses on institutional-grade protocol security, real exploit case studies, audit readiness, and defensive architecture across DeFi, custody systems, bridges, and L2 infrastructure. Designed for peer-level, off-the-record dialogue among senior technical leaders.
Security Roundtable – ETHCC, Cannes (April 1)
During the Ethereum Community Conference, we’re convening auditors, researchers, and protocol architects for a focused discussion on recent exploit patterns, smart contract failure modes, and secure scaling strategies. A structured, closed-door session centered on candid technical exchange.
Security Roundtable – TOKEN2049 Dubai (April 29)
At TOKEN2049, we’re hosting another private gathering for senior builders and security leaders. The discussion will explore protocol architecture risks, cross-chain threat surfaces, audit preparedness, and infrastructure resilience in high-growth ecosystems.
RWA Security Mixer – TOKEN2049 Dubai (April 30)
Also during TOKEN2049 week, we’re hosting a curated RWA Security Mixer focused on tokenisation frameworks, institutional compliance alignment, oracle dependencies, custody risks, and operational resilience. Built on insights from our latest RWA security research, this session is designed for founders, investors, infrastructure teams, and risk leaders operating in real-world asset ecosystems.
If you’re building, auditing, or investing in digital asset infrastructure and will be attending any of these, let’s connect.
Community Highlights
February was centered around deeper conversations on tokenization infrastructure and the evolving intersection of AI and Web3 security. From RWA system design to agentic audit workflows, we brought builders, researchers, and infrastructure leaders together to explore what comes after issuance and how security must evolve alongside innovation.
Full-Cycle Tokenization: Beyond Minting to Real Liquidity
We hosted a live session exploring what truly happens after an asset is tokenized. Full-cycle tokenization goes beyond minting into primary distribution, secondary market liquidity, compliance integration, and seamless DeFi composability.
Featuring @reason8eth, @rwa_ideth, and @rachit, the discussion focused on how end-to-end RWA infrastructure unlocks sustainable on-chain utility, regulatory alignment, and cross-ecosystem liquidity.
We expanded the conversation further with @Diego, diving into how RWA-native chains are being architected specifically for distribution, compliance, and market liquidity, not just token issuance. The key takeaway: issuance is step one; resilient markets are the real test.
➡️ Listen to the full conversation: Here
Agentic Revolution <> Hybrid Auditing Workflows
We also hosted a live discussion on how agentic AI systems are reshaping smart contract audits. Joined by @Simon and @lcce01, we explored hybrid audit workflows where AI augments, not replaces, human expertise.
The session examined real limitations of traditional static tooling, how AI-driven semantic analysis improves invariant detection, and why human oversight remains essential for contextual reasoning and economic threat modeling.
➡️ Listen to the full conversation: Here
Across both discussions, one theme stood out, as infrastructure matures, whether in RWAs or AI-native security abstraction increases, but so does responsibility.
Wanna partner up w/ us or want to get your project audited? |
|
|
Have a great day,
Team QuillAudits
