Publications

Filter





















18 Publications found

Solidity Storage Array Bugs

Found: 6/27/2019
Finder: Blockchaindex robot
This blog post is about two bugs connected to storage arrays which are otherwise unrelated. Both have been present in the compiler for a long time and have only been discovered now even though a contract containing them should very likely show malfunctions in tests. Daenam Kim discovered an issue where invalid data is stored in connection with arrays of signed integers. This bug has been present since Solidity 0.4.7 and we consider it the more serious of the two. If these arrays use negative integers in a certain situation, it will cause data corruption and thus the bug should be easy to detect. Through the Ethereum bug bounty program, we received a report about a flaw within the new experimental ABI encoder (referred to as ABIEncoderV2). The new ABI encoder is still marked as experimental, but we nevertheless think that this deserves a prominent announcement since it is already used on mainnet. Credits to Ming Chuan Lin (of https://www.secondstate.io) for both discovering and fixing the bug!
Rating: 0 Views: 0 Comments: 0 Continue reading >

Solidity 102 #1: Keeping Gas Cost under Control

Found: 6/25/2019
Finder: Blockchaindex robot
Welcome to Band Protocol’s Solidity 102. In this introductory article, we discuss important points you should be aware when writing performant smart contracts in Solidity. While Solidity’s syntax looks somewhat similar to that of JavaScript or C , its EVM runtime is totally different. Knowing the limitation of EVM and the techniques to workaround those constraints will help you write better Solidity. The article will focus on high level ideas, and we will cover concrete implementations in the subsequent articles of the series.
Rating: 0 Views: 0 Comments: 0 Continue reading >

Converting a Java Implementation of Quicksort to Solidity

Found: 6/5/2019
Finder: Blockchaindex robot
Citation: "This article will help you convert a simple Java program to Solidity to solve a simple integer sorting problem, highlighting many of the perils and pitfalls to avoid in optimizing gas usage?—?especially pre-mature optimization and algorithm validation."
Rating: 0 Views: 0 Comments: 0 Continue reading >

Trustless Upgrades in Solidity

Found: 6/4/2019
Finder: Blockchaindex robot
Citation: "A few weeks ago, we published Selfdestruct is a Bug, itself inspired by Upgradeability is a Bug by Steve Marx of Consensys Diligence. The gist of both pieces is that changing contracts undermines immutability. One might well ask?—?what is so special about blockchain if the code can be changed at the whim of a privileged user?"
Rating: 0 Views: 0 Comments: 0 Continue reading >

Fixed point math in Solidity

Found: 6/2/2019
Finder: Blockchaindex robot
Citation: "Any financial application with a minimum of complexity will need some decimal support and multiplications to calculate things like interest. In the case of CementDAO we needed logarithms to implement the transaction fee curve that steers its cryptocurrency basket towards the desired configuration. Solidity supports integers but no decimals, so we coded a fixed point arithmetic contract, made it safe against overflow, and tested it extensively."
Rating: 0 Views: 0 Comments: 0 Continue reading >

16 Solidity Hacks/Vulnerabilities, their Fixes and Real World Examples

Found: 5/30/2019
Finder: Blockchaindex robot
Citation: "Although in its infancy, Solidity has had widespread adoption and is used to compile the byte-code in many Ethereum smart contracts we see today. There have been a number of harsh lessons learned by developers and users alike in discovering the nuances of the language and the EVM. This post aims to be a relatively in-depth and up-to-date introductory post detailing the past mistakes that have been made by Solidity developers in an effort to prevent future devs from repeating history."
Rating: 0 Views: 1 Comments: 0 Continue reading >

Jumping into Solidity —The ERC721 Standard

Found: 5/30/2019
Finder: Blockchaindex robot
Citation: "This article isn’t an intro to Solidity, so I’m going to assume you know what a blockchain is, what Ethereum is, and the very basics of Solidity. Over the next few posts, I’ll be exploring the ERC721 Standard, how it works, its variants, and writing a scalable implementation which you are free to use. In this post we won’t be starting any coding. I’ll be introducing you to Non-Fungible Tokens, and ERC Standards in general to begin with." Part 2: https://medium.com/coinmonks/jumping-into-solidity-the-erc721-standard-part-2-383438734de5 Part 3: https://medium.com/coinmonks/jumping-into-solidity-the-erc721-standard-part-3-5f38e012248b Part 4: https://medium.com/coinmonks/jumping-into-solidity-the-erc721-standard-part-4-ad21e3a5d9c Part 5: https://medium.com/coinmonks/jumping-into-solidity-the-erc721-standard-part-5-3b91f39fc1ee Part 6: https://medium.com/coinmonks/jumping-into-solidity-the-erc721-standard-part-6-7ea4af3366fd Part 7: https://medium.com/coinmonks/jumping-into-solidity-the-erc721-standard-part-7-9aca1411375a Part 8: https://medium.com/coinmonks/jumping-into-solidity-the-erc721-standard-part-8-aa734e017078
Rating: 0 Views: 1 Comments: 0 Continue reading >

Getting Loopy with Solidity

Found: 5/30/2019
Finder: Blockchaindex robot
Citation: "Imagine you and your users are in an airplane. The further you want to go, the more gas you will burn. There is a maximum limit to the fuel you can carry and therefore a maximum distance you can fly. If you aim too far away, you will run out of gas before you get there and then bad things will happen ... The gasLimit adjusts over time (the miners vote on it) so you can never be too sure how much is too much, but you can be certain that there is a hard stop when you reach that point. You need to plan your journeys so you complete each step before that happens."
Rating: 0 Views: 0 Comments: 0 Continue reading >

Working with Strings in Solidity

Found: 5/30/2019
Finder: Blockchaindex robot
Citation: "This is the first in a series of blogs we’re going to bring to you directly from the trenches, going into some of the nitty-gritty technical detail of some of the things we’re doing with the Protocol at the moment. Today’s article comes from Alex Pinto, a recent addition to our blockchain engineering team who’s been spending the past few weeks getting up to speed on using Solidity, and will take us through some of the challenges and particularities of the language."
Rating: 0 Views: 0 Comments: 0 Continue reading >

Zeppelin OS Tutorial 101

Found: 5/30/2019
Finder: Blockchaindex robot
Citation: "Zeppelin is all about Smart Contract development. The team has helped many developers build Smart Contracts with openzeppelin-solidity, one most downloaded web3 libraries on NPM (with over 10k downloads every week!). According to Zeppelin’s website: “ZeppelinOS is a development platform designed specifically for smart contract projects. It allows for seamless upgrades and provides economic incentives to create a healthy ecosystem of secure applications.”"
Rating: 0 Views: 0 Comments: 0 Continue reading >