CoinFabrik was asked to audit the contracts for the TOSC project. Firstly, we will provide a summary of our discoveries and secondly, we will show the details of our findings.
Following our Smart Contract Auditing: Human vs. Machine article, we now analyze Slither, which is another static analysis tool from Trail of Bits. It includes aids for contract summaries, which can be helpful for making a mental model of the contract and rechecking assumptions. Considering the ease of use, it’s a good idea to try […]
In my last article, I’ve shown you how to make a Solidity ERC20 Token for the RSK Mainnet, how to import and use OpenZeppelin libraries and contracts, and how to use Truffle to deploy and interact with our contract.
Although we succeeded in our quest and accomplished our objectives using Truffle, eventually this suite might present failures when you are sending transactions, deploying or managing accounts. In our case, while following the previous article instructions, I’ve had problems managing newly created accounts in Truffle and sending transactions.
In the last article, we have seen how to build an RSK node in our computer, select the proper network for development, configure Truffle to connect and deploy our future contracts, add accounts to our node and obtain funds to use them to pay the gas.
You should have now your node in the selected network fully synced, and at least one account with funds configured in the truffle and RSK node config files for our deployments.
In this article, we’ll be discussing deployment and interaction of Smart-Contracts over the RSK network. Our contract will be an ERC20 Token, based on the OpenZeppelin libraries, and we will deploy it directly into the Mainnet.
Overview Our smart contract audit team found that Short Address Attack mitigations can cause several problems with smart contracts. A Short Address Attack is when a contract receives less data than it was expecting, and Solidity fills the missing bytes with zeros. The deployed smart contract cannot prevent this and will interpret those extra zeros as […]
Solidity semantics are confusing for smart contract developers with experience in traditional programming languages. This semantics can lead to security issues like the one we found in a recent smart contract security audit we did. The following code caught our attention: In the above code, the create method stores the same information in two different […]
We describe a geth source code change which enables faster block mining. We hope this option will be included in Ethereum command lines. Private Ethereum blockchains may be deployed by private entities to use in production or in the software development process. There are different ways of speeding the development environment. Some developers choose an […]