The Ethereum Solidity Meetup took place on April 12th at Business Center Gulliver, Kyiv. It focused on smart contracts and featured discussions on Ethereum challenges, practice tools, common mistakes/pitfalls and ways to avoid them, technical aspects, and more.
About the Event
The meetup was informative for developers and entrepreneurs with a strong understanding of OOP (object-oriented programming), regardless of programming language.
The meetup was facilitated by Applicature’s core team, which has taken care of multiple ICOs, blockchain forks, and smart contracts for real industries. Attendees got a chance to find out something new from Applicature’s real experience, ask questions, and participate in the discussion.
Through attending Applicature’s meetup, developers and entrepreneurs learned more about best-practice tools, new token standards, hacks and vulnerabilities, gas optimization, and other solutions — and, of course, met great people from the industry.
Agenda and Meetup Speakers
Applicature’s CEO Ihor Pidruchny reported about Applicature as a boutique blockchain development agency and the services it provides.
ERC20 Problems That Other Tokens Can Solve
Applicature’s CTO Andrew Zubko shared his knowledge about Ethereum token standards (ERC20, ERC223, ERC827, and ERC721). This included interfaces, methods of implementation, and compatibility with other tokens.
ERC223 can solve the following ERC20 problems:
- Inability to handle incoming transactions in the receiver contract
- The ability of tokens to be sent to a contract that is not designed to work with tokens without handling, allowing them to potentially be lost. At least $400,000 are lost at the moment.
- When a user needs to transfer funds, s/he must always perform the transfer. It doesn’t matter if the user is depositing in-contract or sending to an externally-owned account. Token -transactions should match Ethereum’s ideology of uniformity.
ERC827 will allow:
- Transfers to be approved by the receiving party
- Notification that the transfer was successfully completed
ERC721 will provide:
- A standard interface allowing wallet/broker/auction applications to work with anyNFT on Ethereum.
Background of Hacks/Vulnerabilities
Applicature’s key smart-contract developer Roman Tsivka explained potential hacks and vulnerabilities of Ethereum and Solidity smart contracts, and demonstrated ways of avoiding them.
Roman started with an overview of the problem: “Among the hype surrounding the possibilities of blockchain-based applications is the promise of so-called smart contracts, applications that execute and verify complex transactions such as the shifting of digital currencies or the sale of a piece of property.
But a vulnerability in a smart contract has created a crisis for thousands of investors in a $150 million blockchain-based crowdsourced investment project.”
Types of Hacks and Vulnerabilities
- re-entrance attack
- decentralized autonomous organization
- The “call-stack” attack
- malicious libraries
- integer overflow
- integer division round-down
- loop length and gas manipulation
- fallback function consuming more than the limit of 2,300 gas
- forced balance update
- transaction-ordering dependence
- price tiers and price updating vulnerability
- locked Ethers
Conclusion
General ways to avoid these vulnerabilities include:
- Smart contracts should be as simple as possible.
- Maximum statements and branches must be covered.
- Already-checked and well-worked contracts as a base for your new contracts must be used.
- Variable values during contract execution should be checked.
Applicature plans to organize another meetup in May. Stay tuned for more company news, and don’t miss out!