Notes from the field.

Florian Amette

Smart Contract Audit Cost: A 2026 Pricing Guide

What a smart contract audit costs in 2026, by scope, by code complexity, by chain, and the tradeoffs...

Florian Amette

MiCA Pentest Requirements: A Compliance Guide for CASPs

What MiCA, DORA Articles 24–27, and the local PSAN regime actually require in terms of penetration t...

Florian Amette

DORA TLPT: What Threat-Led Penetration Testing Actually Looks Like

DORA Article 26 mandates threat-led penetration testing for significant financial entities, includin...

Florian Amette

Rug Pull Detection: A Guide to On-Chain Red Flags

How to spot a rug pull before it happens: owner-only mint functions, concentrated liquidity, malicio...

Florian Amette

Smart Contract Audit Checklist for DeFi Protocols

What a credible DeFi audit actually covers, manual review, invariant testing, threat modeling, and t...

Florian Amette

How Approval Phishing Drains Wallets, and How to Stop It

Approval phishing is the dominant wallet-drain pattern on EVM chains. Here is how it works, why it w...

Florian Amette

Multi-Sig vs MPC: Choosing a Treasury Wallet Architecture

Multi-sig and MPC are not interchangeable. Here is how each fails in practice, what each is good for...

Florian Amette

The Anatomy of a DeFi Oracle Manipulation Attack

Oracle manipulation is the most successful attack pattern in DeFi history. Here is how it works, why...

Florian Amette

NFT Mint Security: 12 Things to Check Before Launch

A pre-launch security checklist for NFT mints, contract bugs, mod-account hardening, deployer hygien...

Florian Amette

Incident Response for DeFi: The First Hour

When a contract is exploited or a wallet is drained, the first hour decides what the next year looks...

Florian Amette

Bridge Security: Why Cross-Chain Bridges Get Exploited

Bridges are the most exploited category of DeFi protocol. Here is why the architecture is hard, how ...

Florian Amette

DAO Treasury Security: A Practical Playbook

DAO treasuries combine hedge-fund balance sheets with Discord-server operations. Here is the playboo...

Florian Amette

How to Read a Smart Contract Audit Report

Audit reports look reassuring at first glance. The signal lives in the parts most readers skip: the ...

Florian Amette

MEV and Sandwich Attacks: What Your Users Lose on Every Trade

MEV is not a single phenomenon. Some of it is structurally necessary; a large share is a regressive ...

Florian Amette

Crypto Exchange Security: From MiCA Readiness to Hot-Wallet Hardening

What MiCA and modern threat actors expect from a crypto exchange's security posture, custody archite...

Florian Amette

Web3 Game Security: When Your Players Are Your Threat Model

Web3 games combine fintech, smart-contract, and game security in one threat model. Here is how to bu...

Florian Amette

Broker Defense Partnership

Announcing our partnership with Broker Defense, a firm specialised in helping crypto victims of frau...