CoinFabrik was asked to audit the contracts for the Money On Chain project. We will provide an executive summary of our discoveries, a short description of the project, the methodology used, the details of our findings and will finish with our conclusion of the code audited.
CoinFabrik was asked to audit the contracts for the Timvi project. Firstly, we will provide a summary of our discoveries and secondly, we will show the details of our findings.
Every month several important smart contract audits are performed by blockchain security companies like us. It is important to stay up to date with the latest findings in order to learn and improve protection processes. Following we will describe three recent and interesting findings:
Two months before the AEternity Universe One Conference, CoinFabrik was asked to build the payments application that would be used in that conference. The app would be built on top of and focused on AEternity State-Channel technologies. It should include a mobile phone application allowing users to register as merchants or customers and perform payments.
CoinFabrik was asked to audit the contracts for the Nahmii Token project. Firstly, we will provide a summary of our discoveries and secondly, we will show the details of our findings.
Æternity is a promising blockchain platform with great potential for many application scopes. One such great feature is the native support for state channels.
In this article we will explore how we built a peer-to-peer browser game to explore this Æternity capability; along examine related features of the platform such as ForgAE and companion tools and the Sophia functional contract development language
A security audit is a process in which a client subjects his or her smart contracts to a review, in which one or more auditors search and document vulnerabilities that may alter the project correct functionality. The main idea of this post is to specify the process of audits, who belongs to them and how the different individuals interact from the moment the client reaches us to the moment we end communication with them.
After our articles Smart Contract Auditing: Human vs. Machine and Auditing Solidity code with Slither we decided to test another static analysis tool from ChainSecurity called Securify.
Thanks to the invention of cryptocurrencies a new kind of financial product has been made possible, the crypto-backed loans. Following is a brief comparison of 10 platforms that providing access to it. As we can see by looking at the table the options vary greatly respect to the interest rates, platforms fees, and currencies accepted. […]
Smart contract security is a serious problem today. Security flaws, misbehavior, and inefficiency are very expensive when you deploy a Smart Contract to the Blockchain. Companies are especially concerned about their Smart Contract code because once it is run, there is no turning back (they are irreversible) and money can be stuck in the blockchain and lost forever. Thus, to make sure their code is written correctly, these enterprises usually hire well known external auditors (like Coinfabrik) because they know that a problem in their code could cost a lot more money if they skip the audit. Since Smart contracts are used to move, store, distribute funds, errors in smart contract code and design must be minimized. Furthermore, since the appearance of the ICOs in the past few years and with their boom in 2017 and 2018, the smart contract security audits have become one of the most ordered services in the blockchain industry.
In my last article, I’ve shown you how to make a Solidity ERC20 Token for the RSK Mainnet, how to import and use OpenZeppelin libraries and contracts, and how to use Truffle to deploy and interact with our contract.
Although we succeeded in our quest and accomplished our objectives using Truffle, eventually this suite might present failures when you are sending transactions, deploying or managing accounts. In our case, while following the previous article instructions, I’ve had problems managing newly created accounts in Truffle and sending transactions.
In the last article, we have seen how to build an RSK node in our computer, select the proper network for development, configure Truffle to connect and deploy our future contracts, add accounts to our node and obtain funds to use them to pay the gas.
You should have now your node in the selected network fully synced, and at least one account with funds configured in the truffle and RSK node config files for our deployments.
In this article, we’ll be discussing deployment and interaction of Smart-Contracts over the RSK network. Our contract will be an ERC20 Token, based on the OpenZeppelin libraries, and we will deploy it directly into the Mainnet.