Last week, we integrated WalletConnect into our application using Web3Modal. This week, we’ve added two new wallets: Fortmatic and Authereum. Let’s take a quick look at the individual wallets, and why we chose to use them.
Probably the most user friendly browser based wallet, Fortmatic allows users to manage their web3 wallets using their email and phone number. …
At Trustless Fund, we’ve been making consistent progress in further legitimizing non-custodial trust funds. Here’s a look at some recent features we’ve added to the app.
In our latest release, we added support for ENS names, but some would say it was limited.
Now, when entering an ENS name, the regular 0x address will be displayed below to prevent any mistakes from being made.
In addition to this, connected wallet’s ENS names and avatars are displayed in the top right corner of each page. …
Since Trustless Fund’s launch just over a week ago, a lot has happened. The day after inception, a minor vulnerability was discovered which affected not only Trustless Fund, but many other smart contracts accepting aTokens. Since then, the vulnerability has been resolved and we’ve pushed forward with several new features.
We’ve now added the ability to deposit social tokens into your funds. Available tokens include:
Want to see your social token added? Let us know.
It’s now possible to manage fund settings directly from the user interface. Fund owners have the capability to:
Note: If you renounce ownership of a fund, you no longer have access to any of these settings.
No more copying and pasting in the beneficiary address. Now you can simply type in their ENS address.
On April 22nd, Mick de Graaf of AuditDAO reported a minor vulnerability concerning the use of Aave aTokens in Trustless Fund contracts. In response to this, we immediately disabled aToken deposits while we worked to solve the problem.
As explained in our Vulnerability Disclosure, the nature of the aToken interest accrual mechanism and the nature of our contract’s balance tracking mechanism meant that aToken interest would be locked in the contract forever.
Most interest bearing tokens retain the same balance, but simply increase in value. Aave aTokens on the other hand actually increase in balance directly in your wallet. …
Due to the interest accrual mechanism of aTokens and the balance tracking mechanism of Trustless Fund smart contracts, the interest accrued by aTokens is permanently locked in the contract. This happens because the token balance in Trustless Funds is tracked by the amount of tokens deposited, and since the balance of aTokens is constantly increasing with interest accrual, the balance is not properly reflected by Trustless Fund contracts. …
After months of hard work, we’re happy to announce that Trustless Fund is live on the Ethereum mainnet. Starting today, you can time-lock your money in a non-custodial manner, with zero fees. Deploy a Trustless Fund.
Begin by choosing an expiration date and fund beneficiary.
Once your fund is deployed, you can deposit ETH & ERC-20 tokens at any time. After the expiration date, the beneficiary can withdraw their tokens.
At Trustless Fund, we take security very seriously, and as such, we have done everything we can to limit the attack surface and use smart contract security best practices. Regardless, we want to make it clear that Trustless Fund has not been audited, so please use at your own risk. If you want to help fund a security audit, you can support our Gitcoin grant. …
Trustless Fund is an advanced time-lock for ETH and ERC-20 assets. Using Trustless Fund, you can lock in the time-value of your money. In this article, we’ll take a look at what’s to come for Trustless Fund beta.
Though this may be subject to change, Trustless Fund does not plan to charge any fees to use the service whatsoever.
Funds are 100% held by smart contracts. We couldn’t touch them even if we tried.
Easily manage as many funds as you like with several beneficiaries.
If you decide you want to keep your funds locked for longer, you can always increase the time until expiration as much as you’d like. …
On the Ethereum blockchain, gas is an execution fee used to compensate miners for the computational resources required to power smart contracts. Network usage is progressively increasing, with current gas costs being millions of dollars per day. As the ecosystem continues to grow, so too will the value of gas optimization. The following sections will go over some common gas optimization patterns.
The following are patterns you can make use of in your code to reduce gas consumption.
Short-circuiting is a strategy we can make use of when an operation makes use of either
&&. This pattern works by ordering the lower-cost operation first so that the higher-cost operation may be skipped (short-circuited) if the first operation evaluates to
Ethereum is a public blockchain, and as such, it can be difficult to manage private data. There are several applications that require values to be hidden to properly function.
For example, in a traditional game of rock-paper-scissors, both players pick secret values, and they share their values to see who wins. The difficulty with this approach on the blockchain is that both players can’t share their values at the same time, and the player who goes first must publicly broadcast their value, meaning their opponent can act accordingly. Luckily for us, commitment schemes are an excellent solution.
A commitment scheme is a cryptographic algorithm used to allow someone to commit to a value while keeping it hidden from others with the ability to reveal it later. The values in a commitment scheme are binding, meaning that no one can change them once committed. The scheme has two phases: a commit phase in which a value is chosen and specified, and a reveal phase in which the value is revealed and checked. …
A new smart contract weakness was recently discovered by Steve Marx. As per the title of this article, the bug can result in a hash collision on functions with multiple variable-length arguments. Let’s take a look at an example to see the vulnerability in action.
As we can see in the contract, if the
addUsers function is called by an admin, arrays of admins and
regularUsers are added to mappings of
isRegularUser. If the function is not called by an admin, it can be relayed with an admins signature.
The vulnerability can be found on line 15 with the use of
abi.encodePacked(). The problem lies in the way that
abi.encodePacked() manages its parameters. The following two statements return the same value, even though the parameters are unique. …