Parity multisig wallets. How did they break?

An overview of the recent wallet incident

Libraries on Ethereum First off, there’s 3 ways to call a function on a contract. CALL, CALLCODE, and DELEGATECALL. Libraries on Ethereum are largely implemented with DELEGATECALL. Meaning, you deploy a contract that serves as a library — it’s got some functions that anyone can call, and can even change the storage of the calling contract. Solidity has some syntactic sugar that lets you declare a library, which does all the DELEGATECALLs for you if you use the library in your contract. [Read More]

A decentralized autonomous publishing platform

Visions of a fully decentralized blogging community

Recently I’ve made a very basic proof-of-concept decentralized CMS with Ethereum blockchain and Swarm, and you can see the code + demo here. But before I go over some technical details, let’s take a look at Steem. The Steem Solution Decentralized social media platforms are not new. Steem has already set an example of what a decentralized blogging platform can be. Despite its controversial launch, I still love Steemit. It’s almost my ideal platform. [Read More]

Security Considerations when Dealing with Passphrases in Smart Contracts

Just hashing it won't be enough

A password protected remittance contract Recently I have to make a DApp for remittances. The requirements go like this There are three people: Alice (UserA), Bob (UserB) & Carol (UserC). Alice wants to send funds to Bob, but she only has ether & Bob wants to be paid in local currency. Luckily, Carol runs an exchange shop that converts ether to local currency. Therefore, to get the funds to Bob, Alice will allow the funds to be transferred through Carol’s Exchange Shop. [Read More]