A security analysis API and service for Ethereum smart contracts.
An automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.
In previous posts, we introduced Harvey , a fuzzer for Ethereum smart contracts, and presented a novel input prediction technique to improve its effectiveness. Harvey is being developed by ConsenSys Diligence in collaboration with Maria Christakis from MPI-SWS. It is one of the tools that powers the MythX analysis platform . Most real-world contracts transition through many different states (e.g., one for each user bidding during an auction or betting in a game) during their lifetime and it is c
In the previous post , we discussed several approaches for automatically finding vulnerabilities in smart contracts and we introduced Harvey: a fuzzer for Ethereum smart contracts being developed by ConsenSys Diligence: Smart contract auditing , in collaboration with Maria Christakis from MPI-SWS and that will be one of the tools powering our MythX analysis platform . Grey-box fuzzers are able to achieve high code coverage even for complex code without using more expensive techniques, such as au
ConsenSys Diligence is a ConsenSys service providing audits of smart contracts and programs built off the Ethereum network. Periodically, ConsenSys Diligence will publish a summary of an audit, including weaknesses and recommendations for clients. Recently, the Diligence team completed an audit for the 0x protocol v2 upgrade. Read a recap of the team’s conclusions below. Scope The in-scope items can be divided into the following three distinct parts: Exchange: contains the bulk of the business l
Ethereum is in a dire situation. No, I’m not talking about the price of ETH. I’m talking about the prevalence of high-profile hacks that are harming trust towards decentralized applications and providing talking points for Bitcoin maximalists and blockchain skeptics. What’s especially frustrating is that most, if not all, of the recent hacks that have impeded the growth of the Ethereum ecosystem could have been prevented. Security analyzers like Mythril Classic — an open-source tool for bug hunt
Smart contracts are increasingly complex programs that often hold and manage large amounts of assets. Getting their business logic right is challenging and developers should use tools to analyze their smart contracts before deploying them. Starting with the mother of all smart contract hacks — the infamous DAO attack — we have seen a number of high-profile hacks over the last years that resulted in tens of millions of dollars in damages. The majority of these hacks were pulled off by locating ho
myth: n: a popular belief or tradition that has grown up around something or someone, especially: one embodying the ideals and institutions of a society or segment of society ( Source ) The world of Ethereum is full of myths. Decentralization. Autonomy. Code is law. These are all tenets that we as an ecosystem have chosen to put top-of-mind in our work. There is one tenet that hasn’t had as much success: security. Smart Contracts and dApps offer countless new possibilities. With the responsibili