Skip to content

Instantly share code, notes, and snippets.

Maurelian maurelian

Block or report user

Report or block maurelian

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@maurelian
maurelian / or.md
Created Feb 10, 2020
Some optimistic rollups resources I found helpful
View or.md

Start with these resources

View RustSecurity.md

About rust security and auditing

  • Review clippy warnings; most of the time these are benign or irrelevant, but they can help spotting red flags.
  • Build and run all the unit tests, assess the code coverage and keep note of the un(der)tested component.
  • Review the dependencies listed in Cargo.toml and Cargo.lock: Will the latest version be used? (preferable but not always the right choice) Are these established, trustworthy packages? You may use the subcommand cargo-audit (thanks @dues__ for the pointer).
  • Look for unsafe code blocks, and evaluate the risk (can an attacker control the input used in these blocks? etc.)
  • Look for risky uses of unwrap(), which can cause panics, as opposed to pattern-matched error
View gist:c6078a6a6e0a7bcf3fed22bc9e363330
This post links my 3Box profile to my Github account! Web3 social profiles by 3Box.
✅ did:muport:QmfDuJZ7fXN9PQCFEqpGdQuQhw5RePG6zBhmt75BZnpmh5 ✅
Create your profile today to start building social connection and trust online at https://3Box.io/
View delegatesToLib.asm
======= /Users/primary/Projects/Audits/0x-monorepo/contracts/exchange/contracts/src/delegatesToLib.sol:Math =======
EVM assembly:
/* "/Users/primary/Projects/Audits/0x-monorepo/contracts/exchange/contracts/src/delegatesToLib.sol":25:312 library Math {... */
dataSize(sub_0)
dataOffset(sub_0)
/* "--CODEGEN--":132:134 */
0x0b
/* "--CODEGEN--":166:173 */
dup3
View delegatesToLib.sol
pragma solidity ^0.5.9;
library Math {
function add(uint a, uint b) public returns (uint){
return a + b;
}
}
contract UsesMath {
using Math for uint;
View audit_prep_checklist.md

Feel free to copy and paste this list into a README, issue or elsewhere in your project.

Audit prep checklist (reference)

  • Documentation (A plain english description of what you are building, and why you are building it. Should indicate the actions and states that should and should not be possible)
    • For the overall system
    • For each unique contract within the system
  • Clean code
    • Run a linter (like EthLint)
    • Fix compiler warnings
View nsloc.md

NSLOC stands for 'Normalized Source Code', which is a custom measurement we use (among others) when evaluating the complexity of a codebase.

To get the NSLOC count of a file:

  1. For all functions, reduce any multiline function declarations to a single line.
  2. Remove all comments
  3. Remove all empty lines
  4. Count the remaining lines

Example:

@maurelian
maurelian / SpankChainHack.sol
Last active Oct 12, 2018
ctrl+f for 'Hack Note' for a few annotations of red flags
View SpankChainHack.sol
// Taken from https://etherscan.io/address/0xf91546835f756da0c10cfa0cda95b15577b84aa7#code
// Story: https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe
// Newsletter: https://tinyletter.com/smart-contract-security/archive
pragma solidity ^0.4.23;
// produced by the Solididy File Flattener (c) David Appleton 2018
// contact : dave@akomba.com
// released under Apache 2.0 licence
contract Token {
/* This is a slight change to the ERC20 base standard.
View typechecking.sol
pragma solidity ^0.4.0;
contract ISomething {
function fooSomething() returns(uint);
}
contract BarGuy {
// This internal function use the type system for additional safety guarantees onthe input addres.
function barThing (ISomething _iSomething) internal returns(uint){
uint x = _iSomething.fooSomething();
View gist:6c6ee72b2d63efc5d17db5d07cc04a85
pragma solidity ^0.4.24;
contract Delegator {
bytes32 controllerLookupName = 0xabba;
function() external payable {
// Do nothing if we haven't properly set up the delegator to delegate calls
// if (controllerLookupName == 0) {
// return;
You can’t perform that action at this time.