security
verified-smart-contra
security | verified-smart-contra | |
---|---|---|
3 | 1 | |
198 | - | |
0.5% | - | |
4.5 | - | |
1 day ago | - | |
Solidity | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
security
-
📢 Cyberscope x Origin Protocol 📢
You can read our comprehensive report here (https://github.com/OriginProtocol/security/tree/master/audits/community).
- Cryptocurrency Loan Platform Implodes in $130M Hack
- Merlin Finance Hack
verified-smart-contra
-
Cryptocurrency Loan Platform Implodes in $130M Hack
https://github.com/runtimeverification/verified-smart-contra...
or this (Djed):
https://eprint.iacr.org/2021/1069.pdf
The first just describes the system and then asserts preconditions hold which works well enough for verifying that the code matches the spec but the other actually verify that the spec is doing what the user & developer expect it to by formalising the system and analysing the properties of that system.
Compound's project wouldn't have been vulnerable to any of the attacks executed on CreamFi however they are vulnerable to the class of spec errors. Uniswap and Djed on the other hand would be protected from the majority of that class of issue that Compound experienced. This isn't to say that they are invulnerable but I'd be willing to say that they are approaching "cryptography-grade" security where you can trust these protocols just like you can trust AES, RSA, and ECC encryption & signing.
---
This of course isn't to say that what Compound does is bad but as that incident shows, there is still room for their improvement in the security space. Cryptocurrency and "Decentralised Finance" are finally starting to grow up into proper subsets of the cryptocurrency and game theory communities. Now this might be a bit of general commentary on the SW space but hopefully long term this trend causes some of this security minded design to bleed over into the greater software engineering community.
What are some alternatives?
publications - Publications from Trail of Bits
compound-protocol - The Compound On-Chain Protocol
verified-smart-contracts - Smart contracts which are formally verified
Publications - Misc. publications, conference slides, etc. For more, go to http://BartoszMilewski.com