Each week since launch, we’ve made incremental updates to Trustless Fund, and this week is no different. Let’s look at some of the changes we’ve made since our latest release.

Image for post
Image for post

New Wallets

Image for post
Image for post
Our currently supported wallets.

Last week, we integrated WalletConnect into our application using Web3Modal. This week, we’ve added two new wallets: Fortmatic and Authereum. Let’s take a quick look at the individual wallets, and why we chose to use them.

Fortmatic

Image for post
Image for post

Probably the most user friendly browser based wallet, Fortmatic allows users to manage their web3 wallets using their email and phone number. …


Image for post
Image for post

At Trustless Fund, we’ve been making consistent progress in further legitimizing non-custodial trust funds. Here’s a look at some recent features we’ve added to the app.

WalletConnect Support

It’s now possible for users to interact with Trustless Fund via WalletConnect enabled mobile wallets. Thanks to Web3Modal, connecting your web3 wallet is now a smooth, seamless process.

Image for post
Image for post
We now support WalletConnect!

Improved ENS Support

In our latest release, we added support for ENS names, but some would say it was limited.

Now, when entering an ENS name, the regular 0x address will be displayed below to prevent any mistakes from being made.

Image for post
Image for post
0x address displayed under ENS name.

In addition to this, connected wallet’s ENS names and avatars are displayed in the top right corner of each page. …


Image for post
Image for post

Since Trustless Fund’s launch just over a week ago, a lot has happened. The day after inception, a minor vulnerability was discovered which affected not only Trustless Fund, but many other smart contracts accepting aTokens. Since then, the vulnerability has been resolved and we’ve pushed forward with several new features.

Social Tokens

We’ve now added the ability to deposit social tokens into your funds. Available tokens include:

  • $ALEX
  • $CALVIN
  • $STANI
  • $CAMI
  • $PAUL
  • $PETER
  • $DUDE
  • $JULIEN
  • $JULES
  • $MARC

Want to see your social token added? Let us know.

Fund Management

It’s now possible to manage fund settings directly from the user interface. Fund owners have the capability to:

  • Update the beneficiary address
  • Increase the expiration date
  • Renounce ownership

Note: If you renounce ownership of a fund, you no longer have access to any of these settings.

Image for post
Image for post
Fund management settings

ENS Addresses Enabled

No more copying and pasting in the beneficiary address. Now you can simply type in their ENS address.

Image for post
Image for post
ENS addresses enabled!

Image for post
Image for post

On April 22nd, Mick de Graaf of AuditDAO reported a minor vulnerability concerning the use of Aave aTokens in Trustless Fund contracts. In response to this, we immediately disabled aToken deposits while we worked to solve the problem.

As explained in our Vulnerability Disclosure, the nature of the aToken interest accrual mechanism and the nature of our contract’s balance tracking mechanism meant that aToken interest would be locked in the contract forever.

The Vulnerability Explained

Most interest bearing tokens retain the same balance, but simply increase in value. Aave aTokens on the other hand actually increase in balance directly in your wallet. …


Image for post
Image for post

Summary

  • Interest accrued from aTokens deposited into current Trustless Fund contracts would be permanently locked in the contracts.
  • aToken deposits have been disabled from the user interface.
  • All existing funds are safe and no users have been affected by this.
  • We are currently working on upgrading the contracts to resolve this bug.

The Vulnerability

Due to the interest accrual mechanism of aTokens and the balance tracking mechanism of Trustless Fund smart contracts, the interest accrued by aTokens is permanently locked in the contract. This happens because the token balance in Trustless Funds is tracked by the amount of tokens deposited, and since the balance of aTokens is constantly increasing with interest accrual, the balance is not properly reflected by Trustless Fund contracts. …


After months of hard work, we’re happy to announce that Trustless Fund is live on the Ethereum mainnet. Starting today, you can time-lock your money in a non-custodial manner, with zero fees. Deploy a Trustless Fund.

Image for post
Image for post

Getting Started

Begin by choosing an expiration date and fund beneficiary.

Image for post
Image for post
Trustless Fund factory page.

Once your fund is deployed, you can deposit ETH & ERC-20 tokens at any time. After the expiration date, the beneficiary can withdraw their tokens.

Image for post
Image for post
Trustless Fund fund page.

Security

At Trustless Fund, we take security very seriously, and as such, we have done everything we can to limit the attack surface and use smart contract security best practices. Regardless, we want to make it clear that Trustless Fund has not been audited, so please use at your own risk. If you want to help fund a security audit, you can support our Gitcoin grant. …


Trustless Fund is an advanced time-lock for ETH and ERC-20 assets. Using Trustless Fund, you can lock in the time-value of your money. In this article, we’ll take a look at what’s to come for Trustless Fund beta.

Image for post
Image for post

Features

0% Fees

Though this may be subject to change, Trustless Fund does not plan to charge any fees to use the service whatsoever.

Non-Custodial

Funds are 100% held by smart contracts. We couldn’t touch them even if we tried.

Unlimited Funds

Easily manage as many funds as you like with several beneficiaries.

Lock Period Increases

If you decide you want to keep your funds locked for longer, you can always increase the time until expiration as much as you’d like. …


Writing cheaper contracts in Solidity

Image for post
Image for post
Image source: Kaden Zipfel

On the Ethereum blockchain, gas is an execution fee used to compensate miners for the computational resources required to power smart contracts. Network usage is progressively increasing, with current gas costs being millions of dollars per day. As the ecosystem continues to grow, so too will the value of gas optimization. The following sections will go over some common gas optimization patterns.

Gas-Saving Patterns

The following are patterns you can make use of in your code to reduce gas consumption.

Short-circuiting

Short-circuiting is a strategy we can make use of when an operation makes use of either || or &&. This pattern works by ordering the lower-cost operation first so that the higher-cost operation may be skipped (short-circuited) if the first operation evaluates to true. …


Image for post
Image for post

Ethereum is a public blockchain, and as such, it can be difficult to manage private data. There are several applications that require values to be hidden to properly function.

For example, in a traditional game of rock-paper-scissors, both players pick secret values, and they share their values to see who wins. The difficulty with this approach on the blockchain is that both players can’t share their values at the same time, and the player who goes first must publicly broadcast their value, meaning their opponent can act accordingly. Luckily for us, commitment schemes are an excellent solution.

What is a Commitment Scheme?

A commitment scheme is a cryptographic algorithm used to allow someone to commit to a value while keeping it hidden from others with the ability to reveal it later. The values in a commitment scheme are binding, meaning that no one can change them once committed. The scheme has two phases: a commit phase in which a value is chosen and specified, and a reveal phase in which the value is revealed and checked. …


Image for post
Image for post

Introduction

A new smart contract weakness was recently discovered by Steve Marx. As per the title of this article, the bug can result in a hash collision on functions with multiple variable-length arguments. Let’s take a look at an example to see the vulnerability in action.

Created by Steve Marx.

As we can see in the contract, if the addUsers function is called by an admin, arrays of admins and regularUsers are added to mappings of isAdmin and isRegularUser. If the function is not called by an admin, it can be relayed with an admins signature.

Problem

The vulnerability can be found on line 15 with the use of abi.encodePacked(). The problem lies in the way that abi.encodePacked() manages its parameters. The following two statements return the same value, even though the parameters are unique. …

About

Kaden Zipfel

Founder of Trustless Fund

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store