...by Daniel Szego
quote
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Wednesday, October 28, 2020

CA backup and recovery in Hyperledger Fabric

 


Certificate Authority (CA) plays a critical role in production Hyperledger Fabric networks although this role is not always visible for the first sight. Some of the important characteristics:

- CA is not necessary to run continuously in the Hyperledger Farm

- in case CA is down no new certificate can be registered or rolled in, but the remaining of the farms works further without error. 

- If the CA database is faulty or lost, no new certificate enrollment can be done for already registered users.

- If the CA database user information is compromised, attackers might enroll new certificates for existing logins. 

   

Wednesday, October 7, 2020

Off-chain computation via Oracle


On chain computation is sometimes too expensive for critical data. One possible solution is to outsource the computation off-chain, like with the help of an external Oracle system. There might be two solutions for such an off-chain computation: 
-  with the help of a trusted external Oracle: of course the problem is that the off-chain actor has to be trusted. 
- with the help of decentralized Oracle system: here several independent off-chain actor would compute the result and they are incentivized with like game theoretical tokenization that produce the correct result. 


Friday, October 2, 2020

Ethereum solidity security tools summarized

 


Security in solidity - Ethereum has been always one of the most important topic. Some of the current most important tools are the followings:

SWC Registry /  

Smart Contract Weakness Classification and Test Cases

https://swcregistry.io/

Ethereum Smart Contract Security Best Practices 

https://consensys.github.io/smart-contract-best-practices/

MythX - a cool tool for getting information on solidity smart contract vulnerabilities 

https://mythx.io/ 

EthLint - an open source tool for analyzing Ethereum smart contracts. 

https://github.com/duaraghav8/Ethlint

Slither  - for making static code analysis on solidity contracts

https://github.com/crytic/slither

Hydra - framework for security and bug bounties

https://github.com/IC3Hydra/Hydra



How to get test DAI on Kovan

 



Getting test tokens on the test nets are not always simple. As an example on Kovan for getting test DAI for ethere, you can use the following repo: https://github.com/Daniel-Szego/DAIFaucet

The process is simply: 

Getting DAI test tokens on Kovan

Simple interface for changing ETH to DAI with the help of Uniswap

Kovan deployment: 0x786e3c83cd270414649079A758Ad92f961EDdA0A

Usage (Kovan only): 

Send ether to the DAIFaucet smart contract: 0x786e3c83cd270414649079A758Ad92f961EDdA0A
be sure that the gas limit is high enough, like 300.000 because it is a contract call

Changed DAI token will be available on your address. We use DAI token with address (on Kovan) : 0x4F96Fe3b7A6Cf9725f59d353F723c1bDb64CA6Aa

Exchange rate depends on Uniswap, it can be far from the mainnet exchange rates

Kovan DAI test tokens only, do not use it in production !