Overview Our smart contract audit team found that Short Address Attack mitigations can cause several problems with smart contracts. A Short Address Attack is when a contract receives less data than it was expecting, and Solidity fills the missing bytes with zeros. The deployed smart contract cannot prevent this and will interpret those extra zeros as […]
08-Ago-2018 Update: Removed update and queries point to CoinFabrik servers to solve quota issues in both Google and Crypto APIs. You can get the spreadsheet here. To create your own version go to ‘File’ -> ‘Make a copy’. Keep updated on my Twitter account. Thanks to the smart contract development team.
Solidity semantics are confusing for smart contract developers with experience in traditional programming languages. This semantics can lead to security issues like the one we found in a recent smart contract security audit we did. The following code caught our attention: In the above code, the create method stores the same information in two different […]
CoinFabrik smart contract audit‘s team was hired to audit contracts written by TokenMarket for the PTOY Token ICO. The result of this security review is reflected in this document. Audited Files The contracts we audited are hosted at Github repository: MintableToken.sol CrowdsaleToken.sol ReleasableToken.sol UpgradeableToken.sol Commit hash f968cffe1abf4a3d96d6705ec1befd6cfec13ae3. Vulnerabilities Found Short Address Attack The version reviewed […]