Introduction

function getAbsolutelyRandomNumer() {
return 4; // returns absolutely random number
}

As many cryptographic concepts, “Publicly Verifiable Random Beacon” protocols (or PVRB for short) are only approaching the ideal scheme, and cannot avoid fundamental restrictions. The ideal scheme is not applicable in real networks: there should be a consensus about the only bit in a round, the number of rounds, and network messages that must be fast and always delivered. It’s not the case for real networks. …


“Random number generation is too important to be left to chance”
Robert R Coveyou, 1970

Introduction

In this article we will focus on solutions using collective random number generation scheme in an untrusted environment and their practical application. In short, how and why randomness is used in blockchains, and a few words about how to distinguish between “good” and “bad” randomness. Cryptographers have been studying generation of a truly random number for a long time and it is extremely difficult to reach it even on a separate computer. …


Warning

This article is NOT a rating of automated analyzers. I use them for my own contracts: deliberately add pseudo-errors and study the responses. It is not a “better-or-worse” type of research, such tasks require a blind review of a large number of contracts and actual results won’t be very precise, given the nature of this kind of software. A small mistake in a particular contract may knock out a large piece of analyzer logic, whereas a simple heuristic feature, such as finding a typical bug that competitors simply forgot to add, can level up the analyzer. Also, contract compiling errors…


Warning

This article is NOT a rating of automated analyzers. I use them for my own contracts: deliberately add pseudo-errors and study the responses. It is not a “better-or-worse” type of research, such tasks require a blind review of a large number of contracts and actual results won’t be very precise, given the nature of this kind of software. A small mistake in a particular contract may knock out a large piece of analyzer logic, whereas a simple heuristic feature, such as finding a typical bug that competitors simply forgot to add, can level up the analyzer. Also, contract compiling errors…


Intro

As our MixBytes team performs smart contract security audits, the use of automated tools is very relevant. Are they the most efficient means to identify possible flaws? How should we use them? What are their functions? What are the specifics of working in this field?

These questions and related issues are the main focus of the article. I will describe our attempts to work on real contracts using the most interesting tools and share some tips on how to use this diverting type of software. At first, I wanted to put everything in one article but as the amount of…


Do you know that there are miners processing their own zero-fee transactions? But how? Thanks to @nickoneill for the interesting article, which you should definitely read! In short, there are “vacuum cleaners” in the Ethereum network that monitor weak addresses (based on some simple seed phrases and passwords) and immediately transfer any tokens, or ether, that go to any of these addresses. After reading this article I got an idea of naming the utility functions in smart-contracts, similar to cron tasks and garbage collection. Entitled “janitors of Ether”, this work can be used for good :)

In complex smart-contracts that…


Introduction

In this article I’m covering the use of smart contracts for automatic execution of deals, enabling all parties to agree to predefined transaction conditions in order for them to be executed later automatically. The sum of money being transferred is not the issue here — the data surrounding the deal, defining its outcome, is more important. We don’t often think about it, but even a simple purchase of goods is in fact a complex deal depending on many parameters. You can verify this statement simply by examining a shop receipt. Even lending a sum of money to your friend implies…


With a good algorithm, you can simultaneously solve several problems associated with smart contracts that work with large lists of user addresses. You can’t add a list of several thousand addresses to a contract and allow this set of addresses to do something in that contract. The blockchain tries to save every single byte, so it would be too expensive to have so much data there.

To solve this problem, the contract code needs to be able to determine whether a given address is whitelisted. If the verification is successful, the required action can be performed. The proposed solution is…


Recently, smart contracts have been widely used in the Ethereum network, mainly for ICO and management of released tokens. Such contracts exist as long as this is necessary for maintaining projects, and thus they provide uninterrupted interaction with thousands of customers and accept thousands of transactions per months and years. We will call them “long-term” smart contracts.

However, certain tasks require a smart contract to be executed in minutes, and then it is not needed anymore. Thereby each user may need some personal contract parameters, and in some cases it’s more practical to implement such a logic with small, once-used…

Sergey Prilutskiy

Software Researcher at MixBytes.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store