Publications
verified-smart-contra
Our great sponsors
Publications | verified-smart-contra | |
---|---|---|
5 | 1 | |
1,213 | - | |
- | - | |
5.5 | - | |
8 days ago | - | |
TeX | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Publications
verified-smart-contra
-
Cryptocurrency Loan Platform Implodes in $130M Hack
https://github.com/runtimeverification/verified-smart-contra...
or this (Djed):
https://eprint.iacr.org/2021/1069.pdf
The first just describes the system and then asserts preconditions hold which works well enough for verifying that the code matches the spec but the other actually verify that the spec is doing what the user & developer expect it to by formalising the system and analysing the properties of that system.
Compound's project wouldn't have been vulnerable to any of the attacks executed on CreamFi however they are vulnerable to the class of spec errors. Uniswap and Djed on the other hand would be protected from the majority of that class of issue that Compound experienced. This isn't to say that they are invulnerable but I'd be willing to say that they are approaching "cryptography-grade" security where you can trust these protocols just like you can trust AES, RSA, and ECC encryption & signing.
---
This of course isn't to say that what Compound does is bad but as that incident shows, there is still room for their improvement in the security space. Cryptocurrency and "Decentralised Finance" are finally starting to grow up into proper subsets of the cryptocurrency and game theory communities. Now this might be a bit of general commentary on the SW space but hopefully long term this trend causes some of this security minded design to bleed over into the greater software engineering community.
What are some alternatives?
milewski-ctfp-pdf - Bartosz Milewski's 'Category Theory for Programmers' unofficial PDF and LaTeX source
publications - Publications from Trail of Bits
slither - Static Analyzer for Solidity and Vyper
verified-smart-contracts - Smart contracts which are formally verified
manticore - Symbolic execution tool
compound-protocol - The Compound On-Chain Protocol
security - Materials related to security: docs, checklists, processes, etc...
echidna - Ethereum smart contract fuzzer