Introduction CoinFabrik was asked to audit the contracts for the Woonkly project. First we will provide a summary of our discoveries and then we will show the details of our findings. Summary The contracts audited are from the STAKESmartContractPreRelease repository and DEXsmartcontractsPreRelease repository at GitHub. The audit is based on the commit 779522de8afcf9285d660abdcc0fb10a62f6f659, and 49777cd67d0227c21437236ab9f42b501a864895 […]
Uniswap, Balancer, and Curve have achieved to construct purely peer-to-peer exchanges which do not require any intermediary, and attracted already many users. But it is important to bear in mind that things could go wrong when using these AMMs naively as a price oracles.
HEX is an ERC-20 token and fully-automated contract deployed on the Ethereum network used to recreate a traditional banking product called “Time Deposit”.
This is the second of a series of four audits we performed for MOC: Second Audit To solve Bitcoin’s volatility problem, MoC will provide a Bitcoin-collateralized stablecoin. Introduction Coinfabrik was asked to audit the contracts for the Money On Chain project. Firstly, we will provide a summary of our discoveries and secondly, we will show […]
Public blockchains allow insertion of arbitrary data. Even specific-purpose blockchains like Bitcoin already contain a lot of non-financial data. Although this data insertion can be beneficial in some use cases (e.g. proof of existence), it can also cause damage. If a blockchain contained videos with instructions on how to torture someone, there would immediately be broad consensus that this data must be deleted. But since blockchains are supposed to be immutable databases, the question is: what can be done if this happens?
A security audit is a process in which a client subjects his or her smart contracts to a review, in which one or more auditors search and document vulnerabilities that may alter the project correct functionality. The main idea of this post is to specify the process of audits, who belongs to them and how the different individuals interact from the moment the client reaches us to the moment we end communication with them.
After testing the performance of Ethereum using PoA, we tested the usability of the CardContact SmartCard-HSM USB token on an ethereum Proof of Authority network. The HSM allows to store and use multiple encryption keys, both RSA and Elliptic Curves (including secp256k1), for applications like issuing certificates as a CA, and with any application that […]
Introduction CoinFabrik has been hired to audit the contracts for the Decentraland Land Auction. In the following sections we will provide a description of the contracts and their purpose, the audit methodology, detailed information about the issues found and, to wrap up, our conclusions on the contracts. Overview The contracts audited are from the “Land […]
Following our Smart Contract Auditing: Human vs. Machine article, we now analyze Slither, which is another static analysis tool from Trail of Bits. It includes aids for contract summaries, which can be helpful for making a mental model of the contract and rechecking assumptions. Considering the ease of use, it’s a good idea to try […]
In this blog post, we present a high-level overview of the paper describing the Ouroboros Proof of Stake protocol implemented in Cardano´s blockchain. After the overview follow some comments about theoretical aspects of the protocol.
In general, Proof of Stake (PoS) consensus protocols elect the network nodes responsible to send the next block to the blockchain on the basis of the nodes’ amount of stake.
In this article we are benchmarking several auditing tools. The smart contract security audit is a critical phase in the development of smart contracts. The DAO hack was just one trip in the odyssey to secure Ethereum smart contracts and compatible blockchains like RSK and Cardano. It is important to highlight that back in 2016 […]
The second stage of the Dogethereum bridge was presented on September 5, 2018 at 10 am (PT) and live streamed. The bridge uses “superblocks” to move coins from Dogecoin to Ethereum and collateralization to move coins from Ethereum to Dogecoin. We are excited because this innovation can also be used to bridge other blockchain pairs. […]