Field notes from CredShields
Security research,
decoded.
Practical AppSec, pentesting, compliance, and engineering notes from the team securing modern applications.
Recently Posted
CredShields Blog
Latest articles
What Makes Daml Different: A Security Perspective
If you work in web3 security, your mental model of smart contract risk was almost certainly built on...
Incident Report: Kelp DAO rsETH Bridge Exploit
Incident: Kelp DAO rsETH bridge, April 18 2026, 17:35 UTC An attacker pulled 116,500 rsETH roughly $292M, about...
5 Common Daml Authorization Mistakes
Daml’s authorization model is genuinely one of the better things about it. Solidity makes you bolt onaccess control...
CredShields Joins the Canton Network as an Official Audit Partner
CredShields has officially joined the Canton Network as an Audit Partner, bringing smart contract security, AI-powered risk detection,...
CredShields Partners with NayaOne to Bring Smart Contract Security to Financial Institutions
We are proud to announced a strategic partnership with NayaOne, the financial technology sandbox platform used by banks...
Drift Protocol: Incident Post-Mortem
On April 1, 2026, attackers drained approximately $285 million in user assets from Drift Protocol, the largest decentralized...
Axios 1.14.1 Security Alert: Supply Chain Attack & Remediation Guide
⚠️ Critical Alert: axios 1.14.1 is a maliciously compromised package. It’s an active supply chain attack. Here’s everything...
The Resolv Labs Hack: One Key | $25 Million Gone
By the numbers: $80M USR minted (unbacked) · ~$25M extracted (11,408 ETH) · USR price low: ~$0.02–$0.05 ·...
Security Best Practices for Deploying on Aurora Cloud
As blockchain infrastructure evolves, deployment environments are becoming more customizable. Platforms like Aurora Cloud enable teams to launch...
CredShields Completes SOC 2 Type II Audit: What It Means for Our Customers and Partners
CredShields has completed an independent SOC 2® Type II audit, conducted by KEN & CO. CPA, LLC. The...