This article was originally published at Please read it there, where it includes code examples and has better formatting.

It looks like EIP 1884 is headed our way in the Istanbul hard fork. This change increases the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.

Those contracts will break because their fallback functions used to consume less than 2300 gas, and they’ll now consume more. Why is 2300 gas significant? It’s the hardcoded amount of gas a contract’s fallback function receives if it’s called via Solidity’s transfer() or send() methods.

Since its introduction, transfer()

Photo by patricia serna on Unsplash

A rather serious vulnerability was recently found in the 0x v2.0 Exchange, a smart contract system that our team audited. The bug went undiscovered for about a year and (thankfully) appears to never have been exploited. Kudos to samczsun, the security researcher who discovered the bug and reported it to 0x.

We know from our experience with them that the 0x team is highly competent and takes security extremely seriously. We’ve worked with 0x on a number of audits, including the one that covered this code, so our whole team was saddened to hear about this bug. …

Photo by Matteo Grando on Unsplash

In this article, I’ll attempt to persuade you to reduce your use of inheritance in smart contracts and to increase your skepticism when you see it.

The position that inheritance is to be avoided is, at least to some extent, one of personal preference. I won’t attempt to prove to you that inheritance is bad, but I will show you two examples that will hopefully nudge you in that direction.

Clarity is paramount

Programs must be written for people to read, and only incidentally for machines to execute.
Harold Abelson, Structure and Interpretation of Computer Programs

This quote from 1984 long predates…

image courtesy of

Ransom has a trust problem. Suppose I’ve birdnapped your beloved pet parakeet and am demanding a $1,000 ransom to return the bird to you. You could pay the ransom, but how do you know I’ll actually return the parakeet? Alternatively, we could agree that you’ll pay after I return the parakeet, but then how do I know you’ll follow through?

Smart contracts are a tool for solving this sort of trust problem. In this article, I’ll show how a common security vulnerability leads to a ransom opportunity and how that ransom can be made trustless by using a smart contract.

Failed Transfers


  1. Smart contracts are useful because they’re trustless.
  2. Immutability is a critical feature to achieve trustlessness.
  3. Upgradeability undermines a contract’s immutability.
  4. Therefore, upgradeability is a bug. (But there are mitigations!)

Why do we need smart contracts?

I’d like to offer you the investment opportunity of a lifetime. If you send me 1 ether today, I will send you 2 ether tomorrow. Are you in?

Although there’s some evidence that people will take such an offer, I hope that you will refuse. You simply have no reason to trust me to hold up my end of the bargain.

Enter smart contracts. Smart contracts let us engage in all…

Photo by Mahkeo on Unsplash

Every transaction sent to the Ethereum blockchain requires a nontrivial amount of work to process. Gas is how that work is measured and paid for. Users tend to think of gas as a confusing annoyance, and developers think of it in terms of optimizing their costs.

As a smart contract auditor, I often think of gas as a potential attack vector. In this post, I’ll examine three ways that gas can lead to security vulnerabilities. The third issue is one that I haven’t seen written about before.

He who sent it spent it

A fundamental truth about transactions is that they’re paid for by the sender—the…

Steve Marx

Working on Ethereum smart contract security at @ConsenSys. Co-creator of and .

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store