Latest news

  • Formally Verifying the Ethereum 2.0 Phase 0 Specifications

    An update from ConsenSys R&D on their effort to bring trustworthiness to the Beacon Chain and the core foundations of Eth2.The Automated Verification team on ConsenSys R&D have been working on a formal specification and verification of the Beacon Chain for a few months. We are happy to report that lots of progress has been made and although not complete yet, we have managed to develop a solid and formally verified kernel of the Beacon Chain. For the first time, our work provides an unmat… … More

  • Teku Ethereum 2.0 Client: Request for Proposals

    In preparation for launch, PegaSys Teku is now seeking an external security assessment of the Teku Ethereum 2.0 codebase.View our security assessment RFP for Teku→PegaSys has been a huge supporter of Ethereum 2.0 development since its early days. On the one hand, we have R&D teams pushing back the boundaries on several fronts. On the other, we have created one of the leading Ethereum 2.0 client implementations, Teku.Teku is written in Java, with an Apache 2 license, and is a full implementat… … More

  • Ethereum Smart Contract Security Recommendations

    10+ smart contract security patterns to follow when you’re building on Ethereum.As we covered in the Smart Contract Security Mindset, a vigilant Ethereum developer always keeps five principles top of mind:Prepare for failureRollout carefullyKeep contracts simpleStay up-to-dateBe aware of the EVM’s idiosyncrasiesIn this post, we’ll dive into the EVM’s idiosyncrasies and walk through a list of patterns you should follow when developing any smart contract system on Ethereum. This piece is primarily… … More

  • Legions: A Tool for Ethereum Security Researchers

    Legions is a handy toolkit for researchers poking around EVM nodes and smart contracts.By Shayan Eskandari, Security Engineer at ConsenSys DiligenceHave ever thought about doing one of the following things from your terminal?Poke around a public Ethereum node JSON RPC endpoints?See if an Ethereum node is mining or not?Read the storage of a smart contract? And maybe see how the storage changed between different block numbers?Get the bytecode of a smart contract without going to etherscan?List all… … More

  • Bug Bounty Up To $250.000 USD

    We’re back with a quick security update for Aave Protocol. Last week we introduced a new money market to Aave Protocol: The Uniswap Market…Continue reading on Aave Blog » … More

  • Thoughts on DeFi Security

    A deep dive into the Uniswap and Lendf.me incidents and what they mean for Ethereum’s DeFi ecosystem.The Question of Security in DeFi Applications2020 has proven a critical year for the Ethereum DeFi ecosystem. In addition to celebrating over $1B USD locked in DeFi and significant platform milestones, the industry has been subject to frequent occurrences of minor and major security incidents across both new and established DeFi applications. The bZx and Maker events of February and March have be… … More

  • Smart Contract Security Newsletter #38

    (This newsletter was sent out on May 21st, Sign up to receive them on the first day)ConsenSys Diligence VSCode guru, Martin Ortner, has some interesting updates on his VSCode extensions:Updated Solidity Metrics: Generate Solidity Source Code Metrics, Complexity and Risk profile reports for your project.Dabble in good old InfoSec tools by Decompiler extension, which enables users to decompile Binary files, Java Jar, and Android APK right from VSCode.MythX also recently shipped some major upgrades… … More

  • Smart Contract Security Newsletter #37

    (This newsletter was sent out on May 7th, Sign up to receive them on the first day)More virtual conferences are happening these days, here are some of the talks we did in the past two weeks:Visualization of large codebases with the Solidity Visualizer extension for VSCode — Solidity Summit 2020Mutation Testing with Vertigo — Solidity Summit 2020Live Auditing & Security Best Practices with ConsenSys Diligence — DeFi Discussionsbody[data-twttr-rendered=”true”] {background-color: transparent;}…. … More

  • Smart Contract Security #37

    Smart Contract Security Newsletter #37(This newsletter was sent out on May 7th, Sign up to receive them on the first day)More virtual conferences are happening these days, here are some of the talks we did in the past two weeks:Visualization of large codebases with the Solidity Visualizer extension for VSCode — Solidity Summit 2020Mutation Testing with Vertigo — Solidity Summit 2020Live Auditing & Security Best Practices with ConsenSys Diligence — DeFi Discussionsbody[data-twttr-rendered=”tr… … More

  • Questions DeFi users should be asking DeFi Developers

    Photo by Evan Dennis on UnsplashOriginally published at https://diligence.consensys.net on March 2, 2020, republished here because holy crap this stuff just keeps happening.The DeFi space has had a tumultuous couple months, with a number of attacks as well as unexploited vulnerabilities being reported.Bugs are unavoidable, but there are many things that can be done to reduce their frequency, and mitigate their negative effects.As auditors, we want to help, but in order to really get developers t… … More

  • 1-Day Security Reviews

    This new offering from our smart contract security team is an inexpensive alternative to a full audit for discovering fundamental issues early in your development lifecycle.Interested in a 1-day security review? Contact the Diligence teamOver the past few months, we have been conducting short “security reviews”, typically one or two days in duration. In some ways, these are similar to audits, but in other ways they’re quite different. In this post, I’ll share what these engagements are like and … … More

  • Ethereum Security Analysis Tools: An Introduction and Comparison

    MythX vs Slither vs SecurifyThe three tools we’ll look at in this articleSecurity is hard. And it’s harder when you have user’s money at stake. Fortunately, the Ethereum ecosystem has matured over the last few years, and there are now various high-quality tools that will scan your Ethereum smart contracts for security vulnerabilities. (Spoiler: None of them can replace a real audit).In this article, we’ll introduce three of the more popular security analysis tools—Slither, MythX, and Securify—an… … More

Load More
Congratulations. You've reached the end of the internet.