blockchain

Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze: Why is blockchain voting a dumb idea? Glad you asked. For starters: It ...

TL;DR: We audited an implementation of the Diamond standard proposal for contract upgradeability and can’t recommend it in its current form—but see our recommendations and upgrade strategy guidance. We recently audited an ...

Voting on paper is best. Letting computers help is bound to lead to trouble, experts say. And using a blockchain is dumb idea, too ...

Blockchain? I'm not sure what it is, but I know that bitcoin used to be worthless and now is worth a lot. HODL! (hold on for dear life) Bitcoin can be forked, ...

In this post, we’ll show you how to test your smart contracts with the Echidna fuzzer. In particular, you’ll see how to: Find a bug we discovered during the Set Protocol audit ...

The initial release of yVault contained logic for computing the price of yUSDC that could be manipulated by an attacker to drain most (if not all) of the pool’s assets. Fortunately, Andre, ...

Everyone knows that Bitcoin is an anonymous currency. Except when it isn’t. Bitcoin and other cryptocurrencies attempt to achieve the incompatible goals of providing strong accountability for transactions through blockchain and strong ...

Smart contract authors can now express security properties in the same language they use to write their code (Solidity) and our new tool, manticore-verifier, will automatically verify those invariants. Even better, Echidna ...

Upgradeable contracts are not as safe as you think. Architectures for upgradeability can be flawed, locking contracts, losing data, or sabotaging your ability to recover from an incident. Every contract upgrade must ...

Over the last few months, we’ve been fuzzing solc, the standard Solidity smart contract compiler, and we’ve racked up almost 20 (now mostly fixed) new bugs. A few of these are duplicates ...