The article is originally from https://ronan.eth.link/blog/ethereum-gas-dangers/
Hi, I am back with an article on Ethereum. We’ll explore the concept of gas and explain how it behaves and show what its sometimes, subtle behaviour actually implies.
It turns out that almost every Smart Contract Accounts and Meta Transaction implementations so far fail to consider the specific rules of gas when calling other contracts and are thus vulnerable to malicious relayers.
To make matter worse, with the addition of “try/catch” in solidity 0.6, it is now even easier to expose contracts to a type of attack that share similarity to the infamous…
As part of my previous article, I described 3 proposals that greatly improve the state of web3 UX. This time I’ll continue with yet another proposal that would allow web3 users to be authenticated on demand without requiring their input providing yet again an improved user experience without sacrificing security. It is in some way a variation of the non-interactive signatures described in the previous article, but this time without the need for origin checks.
Introduction
It is a common pattern for web3 applications to require their users to authenticate themselves to their back-end (if they have any) via their web3…
A.K.A. The Case For Automated Origin Checks And Non Interactive Signatures And Decryption
Security and usability are often described as being at the expense of one another. But the truth is, without security, you can’t claim to have usability: security issues will bite your users at some point.
Similarly without usability you run the risk of pushing users to make mistakes compromising their own security. A typical example is authorization fatigue where users get asked too many times to confirm actions that in some contexts have very little importance, pushing them to blindly accept any such authorizations, including the important ones.
Introduction
State channel is often described as a way to scale and speed up operations on a blockchain network without sacrificing much security. They are described as fee-less and nearly instant.
These 2 claims hold only in particular cases though. In a state channel network (as opposed to ad-hoc channel between only 2 participants), fees become required for example to ensure propagation across the network.
As for the “instant” property, it only holds true in the best case when channel participants are honest. …
Introduction
For the last 3 month I have been working on Tug Of War (http://tugofwar.io) a fully decentralised game, a game that run entirely on the ethereum blockchain. It is now running on the testnets and we describe it in more details here .
We basically wanted to build a pure blockchain game with a fun interface and we had to make sure the game experience was as smooth as possible. Since the game required several interactions (for each move) we wanted to get rid of most transaction confirmation popup as we could so players could stay engaged in the…
Ronan Sandford
Creator of Etherplay, Buidling Ethernal, Mystery Market, and Sandbox
