đź‘‹ Welcome to the January Edition
In this January edition of Quill Sentinel, we uncovered 22 vulnerabilities across four major chains and published new research focused on emerging DeFi and RWA ecosystems.
This month’s insights cover high-performance trading infrastructure, staking mechanics, real-world asset attack surfaces, and experimental market primitives, all analyzed through a security-first lens.
Here’s a concise roundup of our research, findings, and ecosystem observations from the past month.
From the Quill Research Desk
Our January research examines the architecture and security model of Hyperliquid, liquid staking dynamics within its ecosystem, emerging attack vectors in Real-World Assets, and the design trade-offs behind Solana-based prediction markets, highlighting the evolving risk landscape across high-performance DeFi infrastructure.
​What Is Hyperliquid? We break down Hyperliquid’s core design as an orderbook-centric, high-throughput smart contract chain (HyperEVM), explain its execution model, validator responsibilities, and the security surface unique to low-latency trading infrastructure.
​Kinetiq: Liquid Staking on Hyperliquid: Kinetiq enables users to stake HYPE on Hyperliquid’s HyperEVM and receive kHYPE, a liquid, yield-bearing token. Rewards accrue via an increasing kHYPE/HYPE exchange rate, while automated validator delegation optimizes staking efficiency and enables DeFi composability across the ecosystem.
​Top 10 RWA Attack Vectors: Tokenized real-world assets bring classic smart contract concerns and hybrid threats tied to off-chain assumptions, custody logic, oracle feeds, permit misuse, and multi-domain settlement. We distill the ten most important vectors that RWA builders and auditors must guard against to protect assets and ensure protocol robustness.
​Solana Prediction Markets: Hidden Security Trade-offs of Speed: Solana’s fast, parallel execution makes prediction markets viable at high cadence, but that performance comes with system-level risks: optimistic confirmations vs true finality, CPI depth limits, rent and state pruning hazards, and MEV ordering concerns. Our analysis lays out these trade-offs and defensive design patterns.
Hack Watch
January saw attackers capitalize primarily on protocol logic flaws, with several high-impact incidents across the ecosystem. Step Finance recorded the largest loss at $40M due to a private key compromise, underscoring persistent infrastructure risks. Logic exploits dominated elsewhere: Truebit lost $26.4M in a bonding curve attack, SwapNet suffered $16.8M from an unlimited approval vulnerability, and Saga was hit for $7M through an infinite mint and dump exploit. Additional incidents included a $4.2M flashloan driven oracle attack on Makina, a $3.73M slippage exploit on YO Protocol, a $3.2M protocol logic flaw affecting Aperture LM, and a $1.4M mint and stake loop exploit on TMX TRIBE, reinforcing that economic design and permission misconfigurations remain primary attack surfaces.
​Truebit Hack Explained​
The Truebit exploit stemmed from a flaw in its bonding curve mechanism, where attackers manipulated pricing logic to mint and redeem tokens at distorted valuations, ultimately draining $26.4M from the protocol. The incident highlighted how fragile economic assumptions and improperly guarded mint-burn dynamics can be when core invariants are not rigorously enforced.
​Makina Hack Explained​
The Makina breach was driven by a flashloan-powered oracle manipulation, allowing attackers to temporarily skew asset prices and exploit flawed valuation logic to extract $4.2M. This attack underscored the risks of relying on manipulable price feeds and the importance of robust oracle design with proper validation safeguards.
QuillAudits Stats
A quick look at our January audit activity and how we helped secure the Web3 ecosystem.
Where to Find Us Next
We’re heading into February with focused, high-impact gatherings across Hong Kong and Denver, engaging with institutional leaders, founders, and senior technical teams shaping Web3 security.
​RWA Summit, Hong Kong (Feb 12–13) During Consensus Week, we’ll be on-ground at RWA Summit, a leading forum on real-world asset tokenisation, stablecoins, PayFi, and institutional adoption. As a partner, we’ll be contributing to conversations around RWA security, compliance, and on-chain risk management.
​QuillAudits Academy Security Roundtable, Hong Kong (Feb 14) An invite-only roundtable for CTOs and security leaders, focused on exploit patterns, protocol risk, audit learnings, and secure system architecture, held in a private, off-the-record setting.
​RWA & Stablecoin Security Mixer, Hong Kong (Feb 14) A curated mixer bringing together RWA founders, investors, and infrastructure teams to discuss tokenisation security, compliance challenges, and institutional-grade DeFi design.
​Protocol Security Roundtable, ETHDenver (Feb 18) A closed-door session for senior builders and auditors in Denver, centered on real-world exploit case studies and practical defensive design strategies.
If you’re attending, let’s connect.
Community Highlights
January was all about collaboration, sharing security insights, mentoring founders, and empowering the next wave of Web3 builders to build safely and scale confidently.
Degens vs Agentic AI - Who Wins the Security Race?
Last month, we hosted a live Twitter Space examining how degen-driven market dynamics are reshaping Web3’s threat landscape and how agentic, AI-powered security systems can respond in real time.
Featuring Samridh Saluja (Guardrail AI) and Harsh Methwani (QuillAI Network), the discussion covered gaps in traditional security tooling, overlooked on-chain threat patterns, and the future of AI-native defense infrastructure.
➡️ Listen to the full Space: Here​
From Exploits to Defense - Web3 Security Outlook 2026
We hosted a focused Twitter Space examining how recurring exploit patterns are shaping defensive strategies across Web3 and what realistic security maturity could look like by 2026.
Featuring DevDacian (Cyfrin), PapaDari (21Shares), and Nihar Thummar (Areta), the session covered evolving attack trends, adaptive defense frameworks, and the future trajectory of protocol security.
➡️ Listen to the full Space: Here​
Security Partnership with XFounders & Starknet Foundation
We’ve partnered with XFounders, alongside the Starknet Foundation, as an official Security Partner for upcoming bootcamps and the $25K Pitch & Raise Challenge, introducing a $20K Security Grant to support promising teams. This collaboration embeds rigorous security guidance early in the founder journey, strengthening protocol design, audit readiness, and risk posture before launch, scale, or fundraising.
Wanna partner up w/ us or want to get your project audited? |
|
|
Have a great day,
Team QuillAudits
