...by Daniel Szego
quote
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Monday, February 12, 2018

Ethereum and smart contract security tools summarized


Some of the most important tools for testing ensuring or improving the security for your smart contract are the followings. Even if some of them are pretty much in a beta phase, it is practical to list them:

- OpenZeppelin: Solidity library for writing secure smart contracts:

- Oyente: analysis tool for smart contracts:

- SolCover: Solidity testing code coverage

- SolGraph: visualizing structure and control flow of solidity contracts

- Vyper: new experimental and more secure programming language for Ethereum smart contracts

- Securify: formal verification initiative for solidity smart contracts
https://securify.ch/

- SmartCheck: another verification tool for looking for wrongly implemented patterns
https://tool.smartdec.net/

- Ganache: more UI and user friendly testrpc



Sunday, February 11, 2018

Solidity and Truffle Tips and Tricks - default visibility


Dafault visibility in Solidity:
- for variables: private
- for functions: public

Solidity and Truffle Tips and Tricks - delete


Deleting objects and different variables are usually possible, however delete actually does not delete objects in solidity but it sets the values to the default value, like 0. As in the following examples, setMyMapping creates a new mapping element and initializes with _value. However deleteMyMapping does not actually deletes that element, instead it sets the value to zero. 


contract TetDelete{

mapping(string => uint) myMapping ;

  function getMyMapping (string _input) returns (uint){
      return myMapping[_input];
  }
  
    function setMyMapping (string _input, uint _value){
      myMapping[_input] = _value;
  }

  function deleteMyMapping(string _input){
      delete  myMapping[_input];
  }
}


Solidity and Truffle Tips and Tricks - function pointers


There is a possibility to use function pointers in solidity. Practically you can define a function and set a variable defining the type of the variable as var:

contract TetFunctionPointer{

  function myFunction (uint256 input){
  }

  function testFunction(){
      var fvPointer = this.myFunction;
      fvPointer(22);
  }
}

Saturday, February 10, 2018

Solidity and Truffle Tips and Tricks - overriding built-in functions


Some items in solidity like the type address has a couple of built in function for transferring ether or querying balance. The functions are the followings:

<address>.balance (uint256):
balance of the Address in Wei

<address>.transfer(uint256 amount):
send given amount of Wei to Address, throws on failure

<address>.send(uint256 amount) returns (bool):
send given amount of Wei to Address, returns false on failure
 
you can not make inheritance from a built in type, however what you can do is to define the same functions in a custom class, indirectly overwriting these functions. 

contract ExtAddress{

  function balance (uint256){
  }

  function transfer(uint256 amount){
  }

  function send(uint256 amount) returns (bool){
  }
}

They do not directly overwrite the address functions, however in certain situations the functions can be exchanged for the first site. 

Sunday, February 4, 2018

Solidity and Truffle Tips and Tricks - blockchash


you can use the blockchash() function to query the hash of a block from the blockchain. However, it is important to note that the hash of the latest or actually block is actually not known in execution time, because the block is still being minded. As a consequence block.blockhash(block.number) results always null.

Otherwise the blockchash might be zero for old blocks as well, as Ethereum stores only the last 256 block hashes for scalability reasons. 

Solidity and Truffle Tips and Tricks - order of modifiers


If you have several modifiers in a solidity function these modifiers might be dependent from each other, hence they might self modify the world state giving the possibility for another precondition for the next check. Anyway, the order of evaluation is from left to right as probably expected. So executing the test() function in the following code results "three"in the num variable. 

contract TestContract {
    string public num = "zero";
    
    modifier one(){
        num = "one";
        _;        
    }
    
    modifier two(){
        num = "two";
        _;        
    }

    modifier three(){
        num = "three";
        _;        
    }

    function test() one two three {
    }
}