Panther Security Research

Findings, war stories, and alpha from the trenches of smart contract security

Latest Posts

February 11, 2026

The Ghost Owner — How a Forgotten State Variable Could Resurrect Ownership from the Dead

CVE-2024-45304 Cairo OpenZeppelin StarkNet

A deceptively simple vulnerability in OpenZeppelin's Cairo contracts that could let an attacker reclaim ownership of a contract the entire world believed was ownerless.

Read the full story
February 23, 2026

Field Order Is Sort Order — How Struct Layout Silently Breaks Ordered Maps in Move

Move Aptos Security

Move compares structs lexicographically by field declaration order. If you use a struct as a key in an ordered map, the first field dominates sorting — not the field you think matters. A real bug from Decibel Exchange's perpetual futures DEX on Aptos.

Read more
February 12, 2026

How to win a public contest: Lessons from 6x Top 3 Finishes

Solidity Rust Move Contests

Zero fluff, pure trenches-tested insights from climbing to the top 50s on Cantina. This is the alpha that actually moved the needle — not theory, not vibes, just what works when you're deep in the code at 3 AM and the leaderboard is watching.

Read more
February 14, 2026

The Move Bug That Would Have Bricked AAVE on Aptos Before Day One

Move Aptos Contests Aave

A $24K finding from the AAVE Aptos V3 audit on Cantina. The bug was embarrassingly simple — data stored at one address, every getter reading from another. The entire protocol would have been dead on arrival.

Read more
February 20, 2026

ZK Journey Week 1 — Why a Move Security Researcher Is Learning Zero Knowledge Proofs from Scratch

Move ZK Contests Rare Skills

As a Move security researcher, I need to understand ZK proofs deeply — not just what they do, but how they work under the hood. This is week 1 of my ZK learning journey at the Rare Skills ZK Bootcamp.

Read more
February 22, 2026

The Silent Killer in Move: How return vs abort Silently Corrupts State on Chain

Move Aptos Sui Security

A real bug from Aptos core's trading engine that permanently deleted orders on an "error" path. The root cause? A return where there should have been an abort. This pattern applies to both Aptos and Sui Move.

Read more
March 1, 2026

Auditing a Perp Protocol on Aptos Move

Move Aptos

Learnings from auditing a fully on-chain perp DEX in Move on Aptos.

Read more
March 2, 2026

ZK Journey Week 2 — Learning Zero Knowledge Proofs from Scratch

ZK Rare Skills

As a Move security researcher, I need to understand ZK proofs deeply — not just what they do, but how they work under the hood. This is week 2 of my ZK learning journey at the Rare Skills ZK Bootcamp.

Read more
March 3, 2026

I Open-Sourced My AI Audit Workflow — Prompts, Pipelines, and Everything I Learned

AI Audit

I open-sourced my AI audit workflow — prompts, pipelines, and everything I learned.

Read more
March 4, 2026

ZK Journey Week 3 — Learning Zero Knowledge Proofs from Scratch

ZK Rare Skills

As a Move security researcher, I need to understand ZK proofs deeply — not just what they do, but how they work under the hood. This is week 3 of my ZK learning journey at the Rare Skills ZK Bootcamp.

Read more
March 5, 2026

The Move Auditor

Move Aptos Claude Skill Security

It's claude skill season, and I am introducing move-auditor skill.

Read more
March 6, 2026

How to Audit a Stablecoin Protocol

Stablecoin Solidity Diamond-Pattern

Learnings from auditing a stablecoin protocol.

Read more
March 8, 2026

How to Audit a Gold-Backed Staking Protocol on Solana

Solana Rust Staking Security

Learnings from auditing a gold-backed staking protocol on Solana.

Read more
March 9, 2026

ZK Journey Week 4 — Learning Zero Knowledge Proofs from Scratch

ZK Rare Skills

As a Move security researcher, I need to understand ZK proofs deeply — not just what they do, but how they work under the hood. This is week 4 of my ZK learning journey at the Rare Skills ZK Bootcamp.

Read more
March 12, 2026

ZK Journey Week 5 — Learning Zero Knowledge Proofs from Scratch

ZK Rare Skills

As a Move security researcher, I need to understand ZK proofs deeply — not just what they do, but how they work under the hood. This is week 5 of my ZK learning journey at the Rare Skills ZK Bootcamp.

Read more
March 13, 2026

Formal Verification of Current Sui Using Certora Sui Prover

Sui Move Certora Formal Verification

How I mathematically proved that an eMode group assignment is immutable after obligation creation in a Sui DeFi lending protocol — using Certora's Sui Prover, parametric rules, and field accessors.

Read more
March 14, 2026

Formal Verification of Current Sui Using Certora Part 2

Sui Move Certora Formal Verification

How I used Formal Verification to find bugs in current sui.

Read more
March 15, 2026

Formal Verification of Aptos Move Contracts Using Move Prover

Aptos Move Formal Verification

How to formally verify aptos move contracts using move prover.

Read more
March 16, 2026

How to Audit a Lending Protocol on Sui Move

Sui Move Lending Security

Learnings from auditing a lending protocol on Sui Move.

Read more