A security audit is a process in which a client subjects his or her smart contracts to a review, in which one or more auditors search and document vulnerabilities that may alter the project correct functionality. The main idea of this post is to specify the process of audits, who belongs to them and how the different individuals interact from the moment the client reaches us to the moment we end communication with them.
After testing the performance of Ethereum using PoA, we tested the usability of the CardContact SmartCard-HSM USB token on an ethereum Proof of Authority network. The HSM allows to store and use multiple encryption keys, both RSA and Elliptic Curves (including secp256k1), for applications like issuing certificates as a CA, and with any application that […]
Introduction CoinFabrik has been hired to audit the contracts for the Decentraland Land Auction. In the following sections we will provide a description of the contracts and their purpose, the audit methodology, detailed information about the issues found and, to wrap up, our conclusions on the contracts. Overview The contracts audited are from the “Land […]
Following our Smart Contract Auditing: Human vs. Machine article, we now analyze Slither, which is another static analysis tool from Trail of Bits. It includes aids for contract summaries, which can be helpful for making a mental model of the contract and rechecking assumptions. Considering the ease of use, it’s a good idea to try […]
In this blog post, we present a high-level overview of the paper describing the Ouroboros Proof of Stake protocol implemented in Cardano´s blockchain. After the overview follow some comments about theoretical aspects of the protocol.
In general, Proof of Stake (PoS) consensus protocols elect the network nodes responsible to send the next block to the blockchain on the basis of the nodes’ amount of stake.
In this article we are benchmarking several auditing tools. The smart contract security audit is a critical phase in the development of smart contracts. The DAO hack was just one trip in the odyssey to secure Ethereum smart contracts and compatible blockchains like RSK and Cardano. It is important to highlight that back in 2016 […]
The second stage of the Dogethereum bridge was presented on September 5, 2018 at 10 am (PT) and live streamed. The bridge uses “superblocks” to move coins from Dogecoin to Ethereum and collateralization to move coins from Ethereum to Dogecoin. We are excited because this innovation can also be used to bridge other blockchain pairs. […]
At CoinFabrik we are organizing internal presentations in response to interesting work we are doing. As we have grown, scheduling time to share our projects and ideas has become essential. Recent presentations have included: Decentralized Blockchain Bridges Last year Oscar Guindzberg, TrueBit, and CoinFabrik partnered to create a decentralized trustless bridge between Dogecoin and Ethereum […]
We are compiling a list of recent technologies developments in the blockchain sector. Our focus is mostly on projects which promise scalability, but includes also proposals which aim to overcome some deficiencies in Bitcoin´s PoW based blockchain, e.g. which aim to improve fairness, usefulness, or privacy. You can find the current state of our work […]
Overview Our smart contract audit team found that Short Address Attack mitigations can cause several problems with smart contracts. A Short Address Attack is when a contract receives less data than it was expecting, and Solidity fills the missing bytes with zeros. The deployed smart contract cannot prevent this and will interpret those extra zeros as […]
Solidity semantics are confusing for smart contract developers with experience in traditional programming languages. This semantics can lead to security issues like the one we found in a recent smart contract security audit we did. The following code caught our attention: In the above code, the create method stores the same information in two different […]
AppeCoin, Sergio D. Lerner‘s proposal for an e-cash scheme, is designed for a peer-to-peer network which does not rely on a Trusted Third Party. Like the cryptocurrencies Monero or Zcash, AppeCoin is a protocol which aims to guarantee to its users full privacy. Lerner’s e-cash scheme leverages coin shuffling. Unlike ZeroCoin, where the monetary units […]