Blog
Deep dive into DeFi security research, vulnerability analysis, and best practices from the Taichi Audit team.
Morpho source code walkthroughs
Purpose-built notes for DeFi engineers: annotated flows, risk handoffs, and math behind Morpho Blue.
A deep-dive into the Morpho codebase. This is a line-by-line level walkthrough that you rarely find elsewhere.
Solana security series
Reviewer-grade walkthroughs of account creation, token program internals, and real exploit patterns.
A tactical series for protocol teams and security researchers mapping real Solana attack surfaces.
A source-level analysis of Solv's BitcoinReserveOffering showing how callback-based deposit handling and post-transfer minting combine to issue shares twice for the same underlying SFT value.
A technical comparison of SPL Token and Token2022—from mint/account layouts to ATA creation—highlighting program IDs, extensions, and real initialization flows.
In Anchor, `Account<T>` is a cached snapshot of account data. After CPI, the runtime account changes but your cached view does not—unless you `reload()`.
A deep dive into how Anchor’s #[account(init)] and #[account(init_if_needed)] are parsed and code-generated, what “needs initialization” really means at runtime, and how using init with associated token accounts can enable griefing/DoS via pre-created ATAs.
A security-focused guide for integrating with Morpho: an expanded walkthrough of the official integration checklist, with concrete pitfalls and code-level explanations for core and MetaMorpho vault flows.
How MetaMorpho wraps Morpho markets into a single ERC4626 vault with supply/withdraw queues, role-gated caps, and fee/timelock design.
A deep dive into Morpho's oracle surface area and MorphoChainlinkOracleV2: ERC4626 vault conversions, base/quote feed wiring, two-hop unit cancellation, and the 1e36 SCALE_FACTOR derivation.
A system-level Solana DoS pattern: pre-funding a predictable address (e.g., a PDA) makes `create_account` fail with AccountAlreadyInUse. Includes mitigations and how Anchor avoids it.
How Morpho Blue computes borrow rates: FixedRate warm-up and a deep dive on AdaptiveCurve with utilization-driven anchor updates.
Deep dive into Morpho Blue's core contract—market creation, supply/borrow/collateral flows, liquidation math, and interest accrual mechanics.
A deep dive into the mathematical principles behind liquidity provision in Uniswap V2 and V3, exploring how concentrated liquidity revolutionizes capital efficiency while maintaining protocol consistency.
How missing public-key validation in ECDH enables small-subgroup and invalid-curve attacks, and what robust defenses look like.