This article was originally published at https://diligence.consensys.net. Please read it there, where it includes code examples and has better formatting.
Those contracts will break because their fallback functions used to consume less than 2300 gas, and they’ll now consume more. Why is 2300 gas significant? It’s the hardcoded amount of gas a contract’s fallback function receives if it’s called via Solidity’s
Since its introduction,
A rather serious vulnerability was recently found in the 0x v2.0 Exchange, a smart contract system that our team audited. The bug went undiscovered for about a year and (thankfully) appears to never have been exploited. Kudos to samczsun, the security researcher who discovered the bug and reported it to 0x.
We know from our experience with them that the 0x team is highly competent and takes security extremely seriously. We’ve worked with 0x on a number of audits, including the one that covered this code, so our whole team was saddened to hear about this bug. …
In this article, I’ll attempt to persuade you to reduce your use of inheritance in smart contracts and to increase your skepticism when you see it.
The position that inheritance is to be avoided is, at least to some extent, one of personal preference. I won’t attempt to prove to you that inheritance is bad, but I will show you two examples that will hopefully nudge you in that direction.
Programs must be written for people to read, and only incidentally for machines to execute.
– Harold Abelson, Structure and Interpretation of Computer Programs
This quote from 1984 long predates…
Ransom has a trust problem. Suppose I’ve birdnapped your beloved pet parakeet and am demanding a $1,000 ransom to return the bird to you. You could pay the ransom, but how do you know I’ll actually return the parakeet? Alternatively, we could agree that you’ll pay after I return the parakeet, but then how do I know you’ll follow through?
Smart contracts are a tool for solving this sort of trust problem. In this article, I’ll show how a common security vulnerability leads to a ransom opportunity and how that ransom can be made trustless by using a smart contract.
I’d like to offer you the investment opportunity of a lifetime. If you send me 1 ether today, I will send you 2 ether tomorrow. Are you in?
Enter smart contracts. Smart contracts let us engage in all…
Every transaction sent to the Ethereum blockchain requires a nontrivial amount of work to process. Gas is how that work is measured and paid for. Users tend to think of gas as a confusing annoyance, and developers think of it in terms of optimizing their costs.
As a smart contract auditor, I often think of gas as a potential attack vector. In this post, I’ll examine three ways that gas can lead to security vulnerabilities. The third issue is one that I haven’t seen written about before.
A fundamental truth about transactions is that they’re paid for by the sender—the…