Armory
A one-stop shop for blockchain security researchers looking for educational material and alpha to level-up and get an edge on competition. This is not your standard roadmap, top 10 vulnerabilities, or find-the-bug content. This is for the real researchooors.
Install / Use
/learn @spearbit/ArmoryREADME
In order to request a security review, please fill out our short request form.
For a brief overview of what Spearbit is and what we have to offer click here or reach out to us via Twitter.
If you have any urgent needs or would prefer a direct contact, please reach out to our COO - miike@spearbit.com
<h1 class="center" style=""> Who are we? </h1>Spearbit is a distributed network of industry-leading security researchers tackling the most complex and mission-critical protocols across web3. Our network has extensive experience on every part of the blockchain technology stack.
Table of Contents
- Content Overview
- ZKP Education
- Report and Findings Breakdowns
- Spearbit Tips
- Researcher Spotlights
- Seminars and Breakdowns
- Protocol Diagrams
Content
This section contains all externally available educational material from Spearbit. The goal of publicizing and creating content like this is to foster and support a community of dedicated researchers consistently motivated to take the next step in their web3 security knowledge and for that material to be just as beneficial to those with more experience in the field as it is to juniors.
Tldr; We believe in elevating the standard for security research, thus our content will reflect the same.
ZKP Education
This section contains ZKP resources produced by Spearbit researchers or invited seminar guests in order to provide a stronger base for researchers to develop their understanding of security posture within ZKPs
| Title | Type | Media Link | | --- | --- | --- | | Introduction to ZKPs | Seminar | Video | | Demsytifying ZKPs | Write-up | Article | | Intoduction to ZKP Security | Seminar | Video | | Nova: ZK Bug of the Year Breakdown | Seminar | Video | | Analyzing Polygon zkEVM: PIL State Machines | Seminar | Video | | Polygon zkEVM Flawed Division Vulnerability Breakdown | Thread + Manim | Thread | | Improper Rewards Calculation on Epoch Boundary | Thread + Manim | Thread |
Report and Finding Breakdowns
These breakdowns are concise and guided write-ups of findings from some of Spearbit’s top researchers. Study them intently in order to extract the process and perspective of some of the best researchers in the game.
| Title | Risk | Protocol(s) | Written Breakdown | Report Link | | --- | --- | --- | --- | --- | | Morpho ↔ Aave v3 integration edge case | Critical (Morpho Labs) | Morpho Labs (primary) and Aave v3 (dependency) | Breakdown | Report | | Balancer Dependency | Critical | Aera Finance and Balancer | Breakdown | Report | | “Clones-with-immutable-args” and improper Bytes Validation | Critical | Sudoswap | Breakdown | Report | | Polygon zkEVM Flawed Division Remainder Check | Critical | Polygon zkEVM | Breakdown | Report |
Spearbit Tips
Spearbit Tips is a weekly initiative to introduce general recommendations for security researchers and developers in order to support knowledge sharing across the web3 security ecosystem and continue raising the bar in our industry.
| # | Title | Author | Written Breakdown | | --- | --- | --- | --- | | 1 | Reviewing Optimized Yul | Noah Marconi | Write-up | | 2 | Proper Code Specification | Noah Marconi | Write-up | | 3 | Clearly Defined Natspec | Hickup | Write-up | | 4 | Verification Patterns | Noah Marconi | Write-up | | 5 | In-line Comments | Hickup | Write-up | | 6 | Human Error and Test Coverage | Noah Marconi | Write-up | | 7 | Protocol Diagramming | Jonatas | Write-up |
Researcher Spotlights
These spotlights serve to highlight the gems of the web3 security company working over at Spearbit. We have titans of the blockchains security community on our team that have a treasure trove of information to gain from studying their respective journeys.
| Name | Spotlight | | --- | --- | | @cmichelio | Spotlight | | @NoahMarconi | Spotlight | | @0xLeastwood | Spotlight | | @0xRajeev | Spotlight | | @HickupH | Spotlight | | @brockjelmore | Spotlight |
Seminars and Breakdowns
These seminars and breakdowns provide deep technical content for security researchers that wish to elevate their current skillset and gain insights from a wide variety of experts in web3 security.
| Title | Author | Written Breakdown | Additional Resources | | --- | --- | --- | --- | | Agent Buttercup - running agent-based models (ABMs) in an EVM environment | Raghav Bansal | — | | | Uniswap - Hyperfragmented Liquidity and Adversarial Mempools | Xin Wan | — | | | Cairo Security (Peteris Erins) | Peteris Erins | — | | | Nova: The ZK Bug of the Year (by Wilson Nguyen) | mercysjest | — | | | Web3 Private Infrastructure with HOPR | scbuergel | — | | | ZKP Security Overview | rkm0959 | — | | | Cross-Chain Security: LayerZero Labs | Ryan Zarick | — | | | Analyzing Polygon's zkEVM PIL State Machines | Leonardo Alt | — | | | Community Workshop: Sudoswap | Rajeev, Cryptonicle1, and Deivitto | — | | | Arbiter - EVM logic simulator for security and performance testing | Jepsen & Colin | Write-up | — | | WhatsABI? with Shazow | Shazow | | — | | Circuit Safety and an Introduction to Noir (Aztec Network) | Maddiaa & Maxim | — | | Community Workshop: Clober | Hickup | | — | | Numerical Analysis for DeFi Audits | Kurt Barry | Write-up | Link | | Economic Security | fmrmf | Link | | Security Education and Assessment Lab | Rajeev | | Link | | Deep Dive Into Seaport | 0age | | Link | | Optimal Front Running Attacks & How to Stop Them | Max Resnick | | Link | | From Exploit to Recovery: Unraveling DeFi Incidents | Spreek | | [Link](https://github.com/spearbit/portfolio/blob/master/content/slides/From%20Exploit%20to%20Recovery_%20Unraveli
Security Score
Audited on Mar 6, 2026