Image for post
Image for post


On Saturday February 20th 2021, as many as 50 smart contract developers let hackers into their computers. These were sophisticated computer users who were using their skills to build secure smart contracts for others. These weren’t the first victims of this type of attack. By becoming more informed and with a new tool from MetaMask called @lavamoat/allow-scripts, this attack may soon be the last of its kind.

This attack was possible because NomicLabs’ HardHat, a library used for Ethereum smart contract development was hit with a targeted phishing attack. The attack was a type of phishing known as ‘typo…

By their nature, smart contracts are SELF-CONTAINED scripts of code, meaning they don’t intrinsically have access to external information such as web APIs or filesystems. There’s a good reason for this: In the case of Ethereum, it’s all about determinism and verifiable data.

When someone successfully publishes a smart contract, It gets executed on every machine that maintains a full copy of the blockchain. It’s important that this execution remains consistent across all machines so that the same result is generated every time.

Otherwise, each Ethereum node would fail to reach consensus over the current state. The internet is non-deterministic…

Image for post
Image for post

Let’s say I want to authorize my friend to withdraw a pre-determined amount of money from my bank account at some point in the future. We accomplish this by the use of a cheque. I simply write down the amount, the receiver, the date and I sign it before handing it to my friend, who then deposits it at the bank in exchange for the funds. In practice, the cheque is considered an IOU, which acts as a more versatile form of payment, instead of handing over money directly. Cheques also come pre-etched with elements such as holographic gold foil…

Okay wait, slow down… What exactly is solidity and what makes these contracts so “smart”?

Image for post
Image for post

**ATTENTION** → UPDATED April 14th 2019 for Solidity 0.5.7

Solidity is a brand new programming language native to Ethereum, the second largest cryptocurrency by market capitalization, initially released in 2015. Ethereum is not only a cryptocurrency capable of storing value or making payments, but a fully fledged platform for creating what’s known as a smart contract.

For all intents and purposes, a smart contract is a programmable escrow of sorts, an independent middleman or a fair judge capable of managing a financial transaction between various parties and autonomously arbitrating a dispute.

Discover and review best Ethereum development tools

What does…

Etienne Dusseault

Dev at @MetaMask — LavaMoat Security Kernel

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store