| Token | Feature | Known Vulnerabilities | Resources | Examples |
|---|---|---|---|---|
| ERC20 | Allowance | Double withdrawal (front-running) |
maurelian
/ token_checklist.md
Created
December 8, 2020 15:24
— forked from shayanb/token_checklist.md
Token Checklist Table
maurelian
/ HiO-Panvala-Staking.md
Last active
July 2, 2020 16:26
Not sure which Gitcoin grants you want to support? We've curated a list of great projects to make it easy for you to decide AND make your donations go even further.
The Hashing it Out podcast, with support from Status.im and ConsenSys Diligence has organized a Staking Cluster, giving us access to a whole bunch of the PAN tokens allocated to this round of Gitcoin Grants. In total the HiO community has 29% of a pool of 1,424,551 PAN tokens (worth ~$50,000). (Learn more in episode 83 with Panvala Founder Niran Babalola)
When you donate with PAN tokens to any of the grants we've selected, your donation will receiving matching funds from the new Panvala issuance. The current multiplier is over 5x!
maurelian
/ immutable-check.sol
Created
May 22, 2020 13:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.6.0; | |
| contract Test { | |
| uint public immutable something = 20; | |
| constructor() public { | |
| something = block.timestamp; | |
| // TypeError: Immutable state variable already initialized. | |
| // something = block.timestamp; | |
| // ^-------^ |
The following is an informal compendium of ways you can screw up when mixing and matching smart contracts:
- Be aware of front running on changes to the
allowedvalue. - Be aware that some tokens don't return a boolean on success or failure.
- Some token balances change overtime, even without a transfer.
- Use
balanceOf(addr)over internal accounting. (https://medium.com/trustless-fund/atoken-withdrawal-vulnerability-disclosure-5d8eadc64539)
maurelian
/ NoReturnERC20Check.sol
Created
April 2, 2020 02:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pragma solidity ^0.5.0; | |
| contract Foo { | |
| ERC20 e20; | |
| ERC20NoReturn e20NoReturn; | |
| constructor() public { | |
| // deploy both tokens | |
| e20 = new ERC20(); |
maurelian
/ MinimumViableAgenda.md
Last active
March 25, 2020 01:23
Let's make sure we get the most out of this meeting!
To help us get the most from the call, could you please include a point form agenda on the invite:
- The main topic
- Objective/desired outcome
Please also include following items if they feel relevant:
- Context
- Why now? What is the impetus for this meeting?
- What information or orther background will help us achieve the outcome?
Start with these resources
- https://ethresear.ch/t/on-chain-scaling-to-potentially-500-tx-sec-through-mass-tx-validation/3477 - Vitalik
- Despite this being a ZK focused approach, and only supporting deposit/withdraw/send/receive, it’s nicely laidout as a starting point
- https://ethresear.ch/t/minimal-viable-merged-consensus/5617 - John Adler
- I think this is the first description of the optimistic model
- https://medium.com/@adlerjohn/the-why-s-of-optimistic-rollup-7c6a22cbb61a - John Adler
- This article focuses a bit less on the mechanics, and more on the beneficial properties.
maurelian
/ RustSecurity.md
Last active
November 17, 2020 12:51
- Review clippy warnings; most of the time these are benign or irrelevant, but they can help spotting red flags.
- Build and run all the unit tests, assess the code coverage and keep note of the un(der)tested component.
- Review the dependencies listed in Cargo.toml and Cargo.lock: Will the latest version be used? (preferable but not always the right choice) Are these established, trustworthy packages? You may use the subcommand cargo-audit (thanks @dues__ for the pointer).
- Look for unsafe code blocks, and evaluate the risk (can an attacker control the input used in these blocks? etc.)
- Look for risky uses of unwrap(), which can cause panics, as opposed to pattern-matched error
maurelian
/ gist:c6078a6a6e0a7bcf3fed22bc9e363330
Created
October 23, 2019 15:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This post links my 3Box profile to my Github account! Web3 social profiles by 3Box. | |
| ✅ did:muport:QmfDuJZ7fXN9PQCFEqpGdQuQhw5RePG6zBhmt75BZnpmh5 ✅ | |
| Create your profile today to start building social connection and trust online at https://3Box.io/ |
maurelian
/ delegatesToLib.asm
Created
October 6, 2019 04:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ======= /Users/primary/Projects/Audits/0x-monorepo/contracts/exchange/contracts/src/delegatesToLib.sol:Math ======= | |
| EVM assembly: | |
| /* "/Users/primary/Projects/Audits/0x-monorepo/contracts/exchange/contracts/src/delegatesToLib.sol":25:312 library Math {... */ | |
| dataSize(sub_0) | |
| dataOffset(sub_0) | |
| /* "--CODEGEN--":132:134 */ | |
| 0x0b | |
| /* "--CODEGEN--":166:173 */ | |
| dup3 |