Diligence Blog

Latest

ConsenSys Diligence and Socket partner for secure Socket Liquidity Layer smart contracts

While smart contract systems of today have the capability to be deployed with permissions, upgradeable proxies, and ways to add extra logic to them, the unique selling point of this technology has always been its ability to remain immutable and predictable after the initial deployment. Systems with these properties can be used reliably by integrators with strong expectations that they will continue working as expected. From a smart contract security perspective, this allows users and builders to rest easy knowing that the code they are transacting with now will not change and surprise them.
ConsenSys Diligence
April 25, 2023

The forgotten IPFS vulnerabilities

In 2021 we privately disclosed multiple vulnerabilities in the InterPlanetary File System but never really talked about it. Let’s change that 😊!
tintinweb
September 28, 2022

ConsenSys Diligence Partners with StarkWare To Expand Auditing Services

Earlier this year, ConsenSys Diligence announced its partnership with StarkWare to expand its security audit capabilities for smart contracts written in Cairo and deployed on StarkWare. “We were very impressed by the team’s in-depth analysis and understanding of Cairo, overcoming the fact that this is a new language. Consensys Diligence has already contributed to the safety of StarkEx by detecting a bug that was promptly fixed.” said Uri Kolodny, Co-founder and CEO at StarkWare about the partnership.
ConsenSys Diligence
September 20, 2022

Analysis

Best Practice

Feature

tBTC: Navigating the cross-chain conundrum

We recently conducted a security assessment of Thesis’ tBTC. In this post, we explore a fundamental limitation of Bitcoin transaction verification within Ethereum smart contracts.
Alexander Wade
May 01, 2020

Destroying the Indestructible

This morning, I saw a link to Dharma’s IndestructibleRegistry. The idea behind this registry is that it keeps track of contracts that cannot be destroyed. It does this by verifying the contract’s bytecode on chain. In this post, I’ll show you how I managed to trick that verification and destroy an “indestructible” contract.
Steve Marx
December 11, 2019

News

Paradigm CTF Winner

ConsenSys Diligence team, a.k.a Dilicious, won the first place at Paradigm Capture the Flag competition. Paradigm CTF was one of the most anticipated security competitions in the Ethereum space.
Shayan Eskandari
February 28, 2021

Newsletter

Smart Contract Languages

Welcome Back! Security for the EIP Process

The security risk profile for blockchain protocols and application is quite demanding. With high incentives to play foul and potentially severe consequences for all participants. No wonder we were surprised to find out that security was not yet explicitly part of Ethereum’s core change management process. Good thing, this finally changed.
Martin Ortner
January 05, 2020

Solidity, the Young Adult

Solidity is getting bigger! We are doing a series to present you with the language’s future plans and hopefully spark a conversation on merits and use cases.
Gonçalo Sá
November 15, 2019

Tools

Year in Review