Notes on Solidity security.

Practical writing on the bugs we still catch every week — what they look like, why they happen, how to fix them, and how to scan for them in CI.

• May 26, 2026 · 3 min read

  Slither vs Mythril vs Aderyn — a 2026 benchmark on 20 real contracts

  Which open-source Solidity scanner catches more bugs in 2026? We ran all three on 20 vulnerable contracts. Honest comparison, raw numbers, no vendor bias.

  slithermythriladerynbenchmark
• May 26, 2026 · 4 min read

  Top 10 Solidity vulnerabilities in 2026 (with fix examples)

  The ten classes of bugs we still see every week in pre-audit Solidity code, with concrete fix snippets — reentrancy, unchecked transfers, weak randomness, and seven more.

  soliditysecurityauditreentrancy
• May 25, 2026 · 4 min read

  The ERC-20 audit checklist you should run before mainnet

  The 23 checks every ERC-20 token contract should pass before public sale. Centralization, supply caps, fee math, ERC-2612 permit gotchas, the works.

  erc20auditchecklisttoken
• May 25, 2026 · 3 min read

  How to read a Slither report without crying

  Slither's raw output is a wall of detector codes, severity flags, and impact ratings that doesn't tell you what to fix first. Here's the 4-column mental model every Solidity dev needs.

  slitherstatic-analysistoolingaudit
• May 24, 2026 · 3 min read

  How to fix a reentrancy bug in 5 lines — a real PR walkthrough

  We caught a reentrancy in a real staking vault. Here's the exact 5-line diff that fixed it, with explanation of why each line moves where it does.

  reentrancyfixpatchsolidity
• May 24, 2026 · 4 min read

  Reentrancy attacks: anatomy + 3 ways to fix yours

  Reentrancy is the bug that caused the DAO hack, and it's still the number-one finding on contracts we scan. Here's how it works, the three idiomatic fixes, and the trade-offs between them.

  reentrancysecuritysolidityvulnerability