Today we're shipping v4.4.0 — our biggest release yet. The Cloud App is live at app.counterscarp.io, we've introduced a 5-tier licensing model from Community (free) to Enterprise, and we've added three major new analyzers: Supply Chain Analysis, Time-Travel Git Scanner, and Protocol Fingerprinting.
A deep-dive into the March 2023 Euler Finance flash loan attack. We walk through the vulnerable donation function, the missing health check, and how Counterscarp's Heuristic Scanner would have flagged it before deployment.
Step-by-step walkthrough for integrating Counterscarp into your pull request workflow. Covers blocker-only mode for fast PR checks, full audit mode for scheduled scans, and how to store your Pro license key as a GitHub secret.
Despite being one of the oldest known smart contract vulnerabilities, reentrancy attacks accounted for 31% of all DeFi exploits in 2025. We analyze why modern codebases still get it wrong and how cross-contract reentrancy evades standard detectors.
Price oracle manipulation is behind billions in DeFi losses. This post breaks down the difference between TWAP and spot price oracles, explains flash loan manipulation vectors, and shows how Counterscarp's ORACLE_STALENESS_CHECK rule catches stale price feeds.
The $625M Ronin bridge exploit remains the largest DeFi hack in history. Three years later, cross-chain bridge security is still one of the hardest problems in the space. We examine what changed — and what hasn't.
The Attack Path Visualizer is one of Counterscarp's most powerful Pro features. This tutorial walks through a real-world example — a flash loan reentrancy chain across 4 contracts — and shows how to read the D3.js force-directed graph output.
Solana's Anchor framework has become the dominant way to write Solana programs — but it introduces its own class of vulnerabilities. We surveyed 50 live Anchor programs and found 23% had at least one missing signer check or account validation issue.
The v3.0.0 release marks Counterscarp's graduation from beta to production-stable. 667 tests passing, 21 integrated analyzers, full EVM + Solana support, and a new 5-tier licensing model. Here's everything that changed.