Author: Michael Johnson
Solidity was started in October 2014 when neither the Ethereum network nor the virtual machine had any real-world testing, the gas costs at that time were even drastically different from what they are now. Furthermore, some of the early design decisions were taken over from Serpent. During the last couple of months, examples and patterns that were initially considered best-practice were exposed to reality and some of them actually turned out to be anti-patterns. Due to that, we recently updated some of the Solidity documentation, but as most people probably do not follow the stream of github commits to that…
London, United Kingdom, June 14, 2016 – The Ethereum Foundation is pleased to announce Microsoft as the Premiere Sponsor of Devcon2, the Ethereum developer conference in Shanghai, 19-21 September, 2016. Devcon2, which will showcase the most up-to-date research and development work supported by the Foundation, also represents the most comprehensive Ethereum-focused developer’s conference to date. The Ethereum Foundation’s Chief Scientist, Vitalik Buterin, notes that “We are very happy to have Microsoft’s sponsorship for Devcon2 and highly appreciate their continued support and collaboration with the Ethereum Foundation and the Ethereum ecosystem. We look forward to continuing to work together in the…
An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the “split” function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction. The leaked ether is in a child DAO at https://etherchain.org/account/0x304a554a310c7e546dfe434669c62820b7d83490; even if no action is taken, the attacker will not be able to withdraw any ether at least for another ~27 days (the creation window for…
Over the last day with the community’s help we have crowdsourced a list of all of the major bugs with smart contracts on Ethereum so far, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts. This list (original source here) is as follows: We can categorize the list by categories of bugs: Variable/function naming mixups: FirePonzi, RubixiPublic data that should not have been public: the public RNG seed casino, cheatable RPSRe-entrancy (A calling B calling A): the DAO, Maker’s ETH-backed tokenSends failing due to 2300 gas limit: King of the EtherArrays/loops and…
Ryuta Aoki Ryuta is an artist, artistic director, conceptual designer, system architect, software engineer, entrepreneur, and social sculptor based in Tokyo. Ryuta describes his Learning Artifact, SOTOROJI, as part of a series of spatial devices that lead from the ordinary to the extraordinary, utilizing the modern social affordance of “seeing a QR code and scanning it with a camera,” just as soto-roji (the outer garden) in the Japanese tea ceremony serves as a space leading to a world of profound subtlety. SOTOROJI was featured as an art piece at the Devcon venue, viewed by thousands of attendees. Source link
Today, we’re excited to announce the Pectra Audit Competition, kicking off on Cantina! This month-long event will run from February 21 to March 24, and we’re excited to see what issues the security community can find. Why Pectra Matters Some of the key EIPs for Pectra are listed below From EOAs to Smart Accounts (EIP-7702) Enhances Externally Owned Accounts (EOAs) with smart contract features. Key Benefits Transaction Batching: Combine multiple operations into a single transaction.Gas Sponsorship: Others can pay fees for the account.Alternative Authentication: Use hardware security modules or passkeys for authorization.Spending Controls: Limit token usage/outflows for improved security.Recovery Mechanisms:…
My dear Ethereum community, Today, I’m excited to turn the page and share that I will be closing this chapter as Executive Director of the Ethereum Foundation soon and stepping into a new role as its President. This new opportunity will allow me to continue supporting EF’s institutional relationships, and to expand the reach of our vision and culture more broadly. I’m feeling deeply grateful and enthusiastic for what’s ahead, and while I made this decision a year ago, recent events have given me the perfect opportunity to reflect on what truly matters to me. These past few weeks have…
The security of the Ethereum protocol is continually being improved, and one recent effort is the external security review of the Pectra System Contracts. The results of this review can be found in the audits repository, and the TL;DR is that all discovered issues deemed relevant or important from these reviews have been addressed. Audit Scope and Methodology The Pectra System Contracts encompass several EIPs (EIP-2935, EIP-7002, and EIP-7251), and reviews were primarily done to: Evaluate the contracts for potential attack vectors.Ensure that the contract logic accurately implements the intended functionality as per the EIP specifications. A multi-phase approach was…
The Ethereum Foundation is thrilled to announce a new leadership structure, welcoming Hsiao-Wei Wang and Tomasz Stańczak as co-Executive Directors effective March 17th. This marks an exciting new chapter in the Foundation’s evolution as we continue to support a growing Ethereum ecosystem…. Source link
At 7:29 UTC today, on epoch 222464, the Pectra network upgrade went live on the Sepolia testnet. Unfortunately, an issue with Sepolia’s permissioned deposit contract prevented many execution layer clients from including transactions in blocks. The root cause was identified within minutes, and client teams immediately began working on a fix. This issue is due to Sepolia’s configuration and could not occur on the Ethereum mainnet. Around 14:00 UTC today, validators deployed a fix that restored the network to normal throughput. All Sepolia node operators must now upgrade their execution layer clients to the versions listed below to maintain network…