slowmist/knowledge-base

SlowMist is a blockchain security company, and this repository is their public knowledge base. It collects research, guides, audit reports, and translated documents that the team has produced over the years. The stated goal is to act as security infrastructure for the blockchain world, and the team shares its findings openly rather than keeping them internal. The content is organized into several categories. The first covers blockchain security research across major networks including Bitcoin, Ethereum, EOS, Monero, and others. A notable focus is a class of attack called false top-up, where an attacker tricks a cryptocurrency exchange into crediting a deposit that was never actually received. The team has documented these techniques for USDT, EOS, XRP, Ethereum tokens, Bitcoin, Monero, and Solana, among others, and provides security auditing services to exchanges to help prevent them. Another section covers zero-knowledge proofs and cryptographic vulnerabilities, which are advanced topics in how modern blockchain systems prove things without revealing sensitive data. Research here includes vulnerabilities in specific proof systems and cryptographic libraries. The repository also includes a growing AI security section covering both using AI for security work and securing AI systems themselves. Linked sub-projects include security checklists for AI agent tools (called MCP servers) and tools for tracing cryptocurrency transactions. Additional sections contain open audit reports that SlowMist has published from past engagements, practical security guides for Web3 projects and smart contracts across multiple blockchain platforms (Solana, Toncoin, SUI, Aptos, AAVE, and others), and a set of mind maps visualizing attack and defense patterns for decentralized applications and exchanges. Much of the content is bilingual, with both Chinese and English text throughout.