From our Blog

ChainSecurity has completed a security audit of the SMART VALOR project. The full report, including the scope of the audit and considered properties, is available on Github.

ChainSecurity has successfully completed a security audit of the DAOstack smart contracts. The audit process was performed over the course of 4 weeks and involved 4 security experts.

Earlier this week, ChainSecurity responsibly disclosed a security issue in the proposed EIP 1283 feature of Constantinople. This new feature lowers the gas costs for the so-called dirty storage writes. The cheaper storage writes, however, enable reentrancy attacks for the transfer and send Solidity statements, which are safe in the current version due to the limited constant amount of gas they provide to the callee.

The upcoming Constantinople Upgrade for the ethereum network introduces cheaper gas cost for certain SSTORE operations. As an unwanted side effect, this enables reentrancy attacks when using address.transfer(...) or address.send(...) in Solidity smart contracts. Previously these functions were considered reentrancy-safe, which they aren’t any longer.

ChainSecurity has successfully completed an audit of the DigixDao smart contracts. During the audit process, performed by three security experts over four weeks, a set of contracts were reviewed with respect to a specification derived by the ChainSecurity and Digix teams together.