Rari capital got hacked for around $79M through a classic re-entrancy attack. Rari is a fork of compound finance which had this bug fixed earlier. It is not the first time Rari has been a victim of a hack.
BlockApex 
August 11, 2023 Alright, folks! Guess you've learned too much stuff by now, mastered the methods, and are all set to dive a little more deeper. But before we get our hands more nasty, there's a little something we've got to address. This final hurdle is an equal opportunity mischief maker - it doesn't matter whether you're a seasoned developer who types at lightning speed code, or a steadfast security engineer who wards off cyber threats with the finesse of a digital ninja. But just Strap in, wait for the speed bump to hit in, adjust your spectacles, and let's tackle this last challenge on our journey. Onwards and upwards, team!
Understanding how people think, especially in the realm of development and testing, is a complex matter. Coming from a testing background myself, I often ponder how I might have performed had I been a developer. But that's a subjective thought. What's clear, however, is the bias that can creep into auditing or testing. It's not a good sign.
Imagine receiving a lengthy codebase with no testing. It's a disaster waiting to happen. Or perhaps there are tests, but they appear to be mere formalities, lacking substance and rigor. Why would this happen? Let me elucidate.
Consider this perspective: "If I were a developer, I would have crafted something with all my heart, treating it like my own child. Having invested so much effort, how could I possibly leave any bugs or errors in it?" This bias leads to a mindset where, when writing tests, one already assumes everything is working perfectly. The tests become a mere process, a box to tick, rather than a genuine effort to ensure quality. The optimism is lost.
This story isn't unique to developers. It's a tale that resonates with SQA engineers and security engineers alike. The biases, the assumptions, and the complacency can manifest in many forms, but the underlying theme remains the same. The belief that one's work is flawless can lead to a lack of critical evaluation, and that's where the real danger lies. Whether it's development, quality assurance, or security, the challenge is to overcome these biases and approach the task with an open, critical, and unbiased mind.
Let me describe each of them by role!!
Confirmation Bias: Developers may fall into the trap of confirmation bias, where they interpret information in a way that confirms their pre-existing beliefs or hypotheses. For example, they may focus more on testing code written by a colleague or sometimes most of developers google, point is code can have a history of errors, maybe he doesn't know, thereby neglecting other potentially problematic areas.
Congruence Bias: This bias leads developers to validate only the expected behavior, ignoring potential negative or alternative outcomes. This narrow focus can lead to missed defects and vulnerabilities.
Resemblance Bias: SQA professionals may judge a situation based on the resemblance of a similar situation. For instance, they may assume that web applications will have similar kinds of errors, leading to a narrow focus and potentially missing unique or unexpected defects.
In-Attentional Blindness: This bias can cause testers to miss the most obvious defects when they are not specifically looking for them. For example, in an enhancement project, focusing solely on a newly developed feature may lead to overlooking critical integrations elsewhere.
Negativity Bias: This refers to giving more psychological weight to bad experiences than good ones. In testing, this may manifest as an unwillingness to sign off on a software for production, focusing only on uncovered defects and ignoring the overall quality and readiness of the product.
Bandwagon Effect: Security engineers may be influenced by the collective beliefs of their peers. If a group believes that a particular module or system is secure, others may unconsciously adopt the same belief, leading to a lack of scrutiny and potential security risks.
Confirmation Bias: Similar to developers, security engineers may also suffer from confirmation bias, focusing on areas that align with their preconceived notions and neglecting others that may pose significant security threats.
Congruence Bias: Auditors may fall into the trap of focusing on one feature and try to break it and not consider other threats only considering the same threat and failing to explore alternative scenarios. This can lead to a lack of comprehensive evaluation and potential oversights in compliance and risk assessment. This can also happen when they don't have enough time to finish, I guess this is why we should not consider anything 100% secure.
In-Attentional Blindness: Auditors may overlook significant issues if they are not specifically within the scope of their current focus. This can lead to incomplete audits and potential regulatory or compliance failures.
Basically!
Cognitive biases are inherent in human nature and can significantly impact everyone within the software development and testing process.
Point is how to get over this while testing, specifically formal verification. The method is very simple. Try not to be, believe me it will lead to more accurate and reliable outcomes in software development, testing, security, and auditing.
Let's forge ahead and I will explore you with this remarkable technique that promises to be a game-changer for developers and testers alike. It will help you to transcend your biases, it paves the way for a substantial enhancement in code quality. This isn't just a method; it's a revolution, a key to unlock potential. In the ever-evolving landscape of software development, this technique stands as a beacon, guiding professionals to a future where code isn't just written but written with precision. It's time to embrace this new era, where biases are left behind, and quality takes center stage.
it’s not merely a methodology; it's a paradigm shift in the software development lifecycle. By incorporating fuzz testing at the inception of development, FDD fundamentally alters the outcome, transcending conventional methodologies. It provides a solid and unyielding framework for quality assurance and security validation, establishing a new benchmark in the pursuit of excellence and resilience in software engineering.
Now the question is "How can one overcome his bias using FDD?
Objective Evaluation through Randomized Inputs: FDD employs stochastic processes to generate a plethora of test cases, ranging from the mundane to the downright bizarre. It's like throwing a party for your code and inviting guests from every corner of the input space. You never know who might show up, but that's the fun part!
Automated Continuous Testing: Automation in FDD is not just a convenience; it's a relentless pursuit of perfection. It's like having a robotic comedian that never sleeps, continually testing your code's sense of humor with an endless stream of punchlines (or in this case, edge cases).
Security-Centric Approach: FDD's focus on security is akin to a digital bodyguard for your code, always on the lookout for potential threats. It's not paranoid; it's just thorough. After all, in the world of code, trust issues are considered a virtue.
Collaborative Cross-Functional Teams: FDD fosters collaboration between developers, testers, and security experts. It's like a tech symphony where everyone plays a different instrument but follows the same score. The result? Harmonious code that sings rather than stings.
Adaptive Testing Methodologies: FDD is not set in stone; it's more like a jazz improvisation, adapting to the ever-changing rhythm of vulnerabilities and attack vectors. It's about staying one step ahead of the bad guys, even if it means dancing to a different beat.
Fuzz Driven Development is not just a buzzword; it's a hell of a technique, The methodology, or a best practice that helps developers and testers overcome their biases. It's about looking at code not just as lines on a screen but as a living, breathing entity that needs to be challenged, prodded, and occasionally tickled with unexpected inputs.
In the grand show of software development, FDD is the spotlight that shines on the hidden corners, revealing the unseen and making the improbable probable. It's a journey into the unknown, with a roadmap written in algorithms, a compass guided by randomness, and a destination defined by quality.
So, dear readers, embrace the chaos, dance with the unexpected, and let FDD be your guide to become the best. After all, in the world of Fuzz Driven Development, the only constant is surprise, and the only bias is towards excellence.
Rari capital got hacked for around $79M through a classic re-entrancy attack. Rari is a fork of compound finance which had this bug fixed earlier. It is not the first time Rari has been a victim of a hack.
BlockApex 
May 4, 2022 The Deus DAO hack had significant financial consequences, with users collectively losing around $6.5 million across Arbitrum, BSC, and Ethereum chains. Furthermore, the hack caused the DEI stablecoin to depeg by more than 80%, destabilizing its value and potentially shaking investor confidence.
BlockApex
May 24, 2023 Spin Finance is a DeFi derivative infrastructure built on NEAR Protocol, a reliable and scalable L1 solution. The on-chain order book solution offered by Spin provides a CEX-competitive experience to DeFi users.
BlockApex
January 12, 2023 The Euler Finance hack had a devastating impact on the platform and its users, with approximately $197 million worth of assets stolen, including ETH, WBTC, USDC, and DAI. This placed Euler Finance at number 6 on the leaderboard of the largest DeFi hacks. The platform's total value locked (TVL) dropped from $264 million to just $10 million.
BlockApex
March 14, 2023 The attackers exploited a reentrancy vulnerability in the Orion Protocol's core contract, ExchangeWithOrionPool, by constructing a fake token (ATK) with self-destruct capability that led to the transfer() function.
BlockApex
September 11, 2023 BlockApex (Auditor) was contracted by Sonar(Client) for the purpose of conducting a Smart Contract Audit/Code Review of Sonar bridge modeule. This document presents the findings of our analysis which took place on 8th September 2021.
BlockApex
December 15, 2021 Flower Fam is an NFT-based project, after you mint your NFT you can “harvest” them on weekly bases to get 60% royalties. It's quite simple: every flower has a 10% chance to win. The rarer the species of a flower.
BlockApex
May 24, 2022 The presale is supposed to go forward in three stages, each with fixed purchasable amounts and at a fixed cost. The cost starts off at 0.25 USD in the first phase, moves to 0.35 USD in the second phase and then to 0.45 in the last phase.
BlockApex
June 29, 2022 The article "Infiltrating The EVM IV - Echoes of the Past, Visions for Tomorrow" takes readers on a captivating journey through real-life incidents in the realm of blockchain security. Three gripping narratives stand out: the MISO rescue mission, the Dark Forest of Ethereum, and the Siren Market exploit.
BlockApex
July 28, 2023 
