NanoLab

Research & Guides

Web3 Security Blog

Expert articles on smart contract auditing, DeFi security, Solidity vulnerabilities, and Web3 application security from the NanoLab team.

·13 min read

How to Read a Smart Contract Audit Report (Even If You're Not a Developer)

Learn how to read a smart contract audit report, evaluate severity, understand remediation status, and perform stronger DeFi security due diligence.

Audit Report ExplainedDeFi Due DiligenceSmart Contract Findings Severity
·12 min read

The Ultimate Smart Contract Audit Checklist for DeFi Teams

Use this smart contract audit checklist to review access control, reentrancy, oracle risk, upgradability, and deployment readiness before mainnet.

Smart Contract Audit ChecklistSolidity Security AuditAudit Before Deployment
·11 min read

Should Auditors Fix the Code They Audit? Smart Contract Audit Independence and Remediation Guidance

A smart contract audit guide to auditor independence, remediation guidance, legal risk, and when audit teams should stop short of patch-level fixes.

Auditor IndependenceAudit vs RemediationSmart Contract Audit
·10 min read

The Compound V2 Exploit Explained: A Smart Contract Audit Post-Mortem

A smart contract audit post-mortem of the Compound V2 exploit, covering reentrancy, ERC-777 callbacks, CEI failures, and audit lessons for DeFi teams.

Compound V2 ExploitReentrancy AttackDeFi Exploit Breakdown
·12 min read

OWASP Top 10 for Web3: Smart Contract Security Risks Every DeFi Builder Must Know

A smart contract security and OWASP audit guide to the top Web3 risks, including reentrancy, flash loans, oracle manipulation, and access control.

OWASP Web3Smart Contract SecurityDeFi Security