TOSC Smart Contract Audit
Reading Time: 5 minutes
CoinFabrik was asked to audit the contracts for the TOSC project. Firstly, we will provide a summary of our discoveries and secondly, we will show the details of our findings.
Tag: solidity
Auditing Solidity Code with Slither
Reading Time: 2 minutes
Following our Smart Contract Auditing: Human vs. Machine article, we now analyze Slither, which is another static analysis tool from Trail of Bits. It includes aids for contract summaries, which can be helpful for making a mental model of the contract and rechecking assumptions. Considering the ease of use, it’s a good idea to try […]
ERC20 Token Development on RSK with OpenZeppelin and Web3.py
Reading Time: 7 minutes
In my last article, I’ve shown you how to make a Solidity ERC20 Token for the RSK Mainnet, how to import and use OpenZeppelin libraries and contracts, and how to use Truffle to deploy and interact with our contract.
Although we succeeded in our quest and accomplished our objectives using Truffle, eventually this suite might present failures when you are sending transactions, deploying or managing accounts. In our case, while following the previous article instructions, I’ve had problems managing newly created accounts in Truffle and sending transactions.
ERC20 Token Development on RSK with OpenZeppelin
Reading Time: 8 minutes
In the last article, we have seen how to build an RSK node in our computer, select the proper network for development, configure Truffle to connect and deploy our future contracts, add accounts to our node and obtain funds to use them to pay the gas.
You should have now your node in the selected network fully synced, and at least one account with funds configured in the truffle and RSK node config files for our deployments.
In this article, we’ll be discussing deployment and interaction of Smart-Contracts over the RSK network. Our contract will be an ERC20 Token, based on the OpenZeppelin libraries, and we will deploy it directly into the Mainnet.
Test Solidity Smart Contracts Using Travis CI
Reading Time: 2 minutes
Our smart contract development team is using Travis CI to integrate automated testing into GitHub repositories. This guide for this great tool will not go into detail about Travis CI itself, but rather explain how to automate tests for Solidity smart contracts. We will be using Truffle for running and building tests and Ganache to set up the network since Travis has built-in support for JavaScript and Node.js.
Smart Contract Short Address Attack Mitigation Failure
Reading Time: 3 minutes
Overview Our smart contract audit team found that Short Address Attack mitigations can cause several problems with smart contracts. A Short Address Attack is when a contract receives less data than it was expecting, and Solidity fills the missing bytes with zeros. The deployed smart contract cannot prevent this and will interpret those extra zeros as […]
Security Auditing: Beware of Duplicated Storage in Solidity Smart Contract Development
Reading Time: 2 minutes
Solidity semantics are confusing for smart contract developers with experience in traditional programming languages. This semantics can lead to security issues like the one we found in a recent smart contract security audit we did. The following code caught our attention: In the above code, the create method stores the same information in two different […]
Fast Smart Contracts Execution in an Ethereum Private Blockchain Development Environment
Reading Time: < 1
We describe a geth source code change which enables faster block mining. We hope this option will be included in Ethereum command lines. Private Ethereum blockchains may be deployed by private entities to use in production or in the software development process. There are different ways of speeding the development environment. Some developers choose an […]