Hey, I'm Igor. I'm a security-oriented smart contract engineer.

A practical definition of what “done” means for secure blockchain protocols. This post explains how mature teams move beyond “audit before launch” by embedding security into requirements, development, testing, reviews, audits, monitoring, and incident response, so protocols can scale without getting exploited.

After years of (technically) being in a public beta, Solidity is finally preparing for something it hasn’t dared to do for a decade: hit version 1.0, the first official stable version of the language. But it wouldn’t be the blockchain world if we didn’t have a fork once in a while.

On September 2nd, an attacker turned Bunni's innovative math against itself, draining two pools across Ethereum and Unichain and stealing $8.4M in under 5 minutes. No fancy vulnerabilities, just a price manipulation and 44 carefully crafted micro withdrawals that exploited a precision bug everyone missed, even after three audits...

If you’ve ever upgraded a smart contract and watched perfectly good state turn to junk, you’ve seen storage collisions. Old state gets written over and variables become corrupted, rendering the contract useless. There are examples of how simple storage collisions can cause millions of dollars in damages, which happened to Audius...