the-dao-hack-simulation
A simulation of the infamous DAO hack from 2016 (by ssteiger)
reentrancy-attacks
A chronological and (hopefully) complete list of reentrancy attacks to date. (by pcaversaccio)
SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
the-dao-hack-simulation | reentrancy-attacks | |
---|---|---|
2 | 1 | |
5 | 1,229 | |
- | - | |
2.5 | 7.5 | |
2 months ago | 5 days ago | |
JavaScript | ||
MIT License | GNU Affero General Public License v3.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
the-dao-hack-simulation
Posts with mentions or reviews of the-dao-hack-simulation.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-18.
reentrancy-attacks
Posts with mentions or reviews of reentrancy-attacks.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-02.
-
A look into formal verification of smart contracts using Certora
The main challenge is dealing with non-view functions. The default behavior of the prover is to assume that an external call can alter all state on every contract but the caller, noted as HAVOC_ECF. This can lead to state changes in external contracts that are unreachable, making verification more difficult. Furthermore, it assumes that the call is non-reentrant, which in reality is a frequent source of attacks. This last issue can be avoided by indicating that calls can re-enter, noted as HAVOC_ALL, but this means that an external call can mutate any state in any contract, caller included. This leaves the contract being verified in a state where we don't know anything about it after an external call is made. This severely limits what we can prove.
What are some alternatives?
When comparing the-dao-hack-simulation and reentrancy-attacks you can also consider the following projects:
smart-contract-best-practices - A guide to smart contract security best practices
LiquidityPoolExample - Example Certora verification for a simple multi-contract system
ethereumbook - Mastering Ethereum, by Andreas M. Antonopoulos, Gavin Wood
openzeppelin-solidity - OpenZeppelin Contracts is a library for secure smart contract development. [Moved to: https://github.com/OpenZeppelin/openzeppelin-contracts]