Personal accounts and the first security issue fix

The first-ever update for the Crypto Formulas smart contract has been released. The motivation for the smart contract update was newly discovered security issue, but an update with some new features has landed on our website as well. Read below.

Security Issue

A critical security issue was found in the original smart contract that has been fixed. In cases where a Formula is signed by at least two parties, the malicious party could change the order of Endpoints and their relative signatures that would cause you and them to switch roles in the Formula. Imagine you want to profitably exchange your 1 USD for counterparty’s 10 EUR, but you end up paying 10 EUR and receiving a mere 1 USD. Another condition for an attack vector to be successful is that both parties have made all required funds available to the CF smart contract (sent Ether to contract or set an allowance in the ERC20/ERC721 contract).

The issue was discovered and resolved before the attack vector could be used. No Formulas were affected. The new version of smart contract was deployed to address 0xbd29ea8ba2089070259efa58937de0353b725ea1. The website is using the new version of the smart contract now. It was discovered that the versioning mechanism described in the previous article was unfortunately not included in the original smart contract. The mistake has been fixed, and proper versioning is implemented in the new smart contract.

New feature — personal section

A little step towards Formula Market was made in a recent website update. You can now add a description to your Formulas and login into the new personal section where you can find My Formulas page with all Formulas you created and Formulas you participate in listed. There is no registration and no e-mail required. Just click the login button on the Account page, and you will be asked to cryptographically sign a login token with your Web3 wallet (e.g. Metamask). After you confirm the signing in your wallet, you are instantly logged in.

The list that can be seen in the My Formulas list will be further improved in the future. After features like searching, complex filtering, and server-side Blockchain analysis will be implemented; a brand new section Market will be released where users will be able to offer and browse trades, escrows, and Formula templates. The Crypto Formulas Market will then eventually be connected to liquidity pool providers, other DEXes, loan platforms, etc. You will be able to compose features of these Ethereum phenomena to your Formulas.

Keep in touch

If you want to know more about Crypto Formulas or want to leave very appreciated feedback, please:

• check out the website and sign up to newsletter,
• follow the blog for more insights,
• join the Discord channel to discuss the project, share Formulas, or get advice,
• and most importantly, start using it today!