This is a series of blog posts in which I’ll cover some common EOSIO smart contract vulnerabilities and then explain how we can use our EOSIO vulnerability scanner, Inspect, to perform static analysis to uncover these vulnerabilities.
This week, I look at Missing Authorisations.
In EOSIO, a developer can use two functions to control authorisation of smart contract actions by checking whether the declared authorisation of the action equals the account that should be able to run the action. These are:
Due to missing authorisation controls, a vulnerable smart contract grants authorisation to untrusted accounts such…
The growth of blockchain applications has resulted in increasing amounts of value being controlled by smart contracts. Making smart contracts very lucrative targets for bad actors looking to exploit any vulnerabilities for quick profit. A successful smart contract exploit can have a disastrous effect on the value of the application’s token.
To help developers catch smart contract bugs early in the development cycle, we are pleased to announce the open availability of Inspect, our automated smart contract analysis tool. …
At Klevoya we already provide a free version of our Hydra EOSIO smart contract test environment. Hydra allows you to quickly run unit tests, without requiring a local development node and easily integrate your tests within a CI/CD environment. Developers using Hydra have seen a significant improvement in the time they need to develop their smart contract test suites.
But what if your current Hydra test suite takes too long to execute?
To solve that we now offer a premium service; Hydra Advanced which (depending on your location) can give you a 3–5x speed-up in the time to execute your…
You’ve just finished the development of your smart contract and you’re ready to release it for the whole world to use. But before you do, take a step back and make sure you have all the bases covered. Deploying your contract to production is a big step with (literally) a lot at stake and can be a scary and daunting task. Especially in the blockchain world, where one regularly reads about smart contract hacks involving millions of stolen funds.
That’s why we’ve put together a checklist on things you should do before releasing your smart-contracts.
Make sure that your contract…
You’ve sat down at your terminal, opened up a terminal and are ready to start debugging your new smart contract.
You type in
nodeos, hit Enter and then see those cryptic words every EOSIO smart contract developer who has ever played around regularly with nodeos dreads:
nodeos replay required
Or, my personal favourite:
nodeos database dirty flag set
What in the….? You think. Why is the database dirty?
You start Googling and going through EOSIO Dev Telegram posts for a solution, all the while wondering how it suddenly became your job to be a part-time BP!
You figure out how…
EOSIO software developer Block.one announced today that it has awarded Klevoya with a $50k grant to further develop it’s smart contract verification system and foster the adoption of blockchain technology.
“At Klevoya we know that building quality dApps is complicated. So we made it our mission to help EOSIO dApp developers ship bug free, secure code. With the support from the EOS.VC grants program, we will increase the number of vulnerabilities that our Inspect smart contract analysis tool can detect,” said Moti Tabulo, Founder of Klevoya. “Developers who are using Inspect and Hydra, our smart contract execution environment, have found that checking for bugs in their smart contracts is not the painful experience it used to be,” he added.
Originally published at https://klevoya.com on May 28, 2020.
At Klevoya our goal is to help EOSIO developers ship bug free, secure software. When we started talking to potential users, a common theme we heard was that developers spent too much time on verifying their smart contracts. This led us to explore an idea — what if testing just worked? What if instead of fiddling around with nodeos installs, running your own blockchain and multiple test scripts with cleos commands you could just open your IDE and start running tests. What if developers who want to test their smart contracts didn’t have to also work as block producer administrators…
Smart contracts are programs that, once deployed, execute autonomously on blockchains. Depending on the blockchain being used (and the method of smart contract deployment), these smart contracts can be to a smaller or larger extent immutable. Immutable in the sense that once deployed they may not be modifiable by their creator.
If you’ve ever developed a significant piece of software then you know that deploying SW that is right the first time is extremely difficult as the SW you develop may contain a variety of bugs:
EOSIO programs are typically written in C++ and then compiled into a smart contract for execution on an EOSIO blockchain.
But did you know that C++ is not the only programming language that EOSIO programs can be written in? Some projects are working on Python and even Solidity based programs. These are all compiled down into platform independent code that can be run on the EOSIO WASM Virtual Machine (WAVM).
So the WAVM does not need to know anything at all about the high level programming language (C++, Python, Solidity etc). …
Joel Spolsky wrote that line more than a decade ago and it still rings true now.
To succeed with your blockchain project through the current crypto winter you are going to have to excel at finding the mythical 10x developers. You’ll have to out-recruit those well funded projects that used the last crypto boom to amass a warchest of funds.
Here are 4 ways that will help you rise above the rest — to recruit the best smart contract developers for your crypto startup.
In his TED talk Simon Sinek explains how leaders inspire action by focusing on why.