SecLat Blog
Insights on security and trust in Web3
Explore articles about audits, mitigation strategies, and lessons from our smart contract security team.
Recent posts
Mariano SalazarJune 16, 2026
Delegatecall does not move money: the subtle detail that triggered a critical *Infinite Spend* bug in Aurora Bridge
> How a misinterpretation of `msg.value`, combined with `delegatecall`, put the Aurora bridge's economic invariant at risk, and how an auditor's early discovery prevented a multi-million-dollar exploit.
Read article→
Mike B. - SecLat SecurityJune 8, 2026
Ethernaut Level 10 Walkthrough: Exploiting Reentrancy in Solidity
In this article, we will analyze and solve Ethernaut Level 10: Reentrancy
Read article→
Mike B. - SecLat SecurityMay 13, 2026
Ethernaut Level 9 Walkthrough: Breaking the King Contract using transfer()
In this article, we will analyze and solve Ethernaut Level 9: King.
Read article→
Mariano Salazar - SecLat SecurityApril 15, 2026
Silent attacks on VS Code tasks.json: the new vector impacting Web2 and Web3
How attackers manipulate tasks.json to execute malicious code and compromise Web2 and Web3 environments.
Read article→