Smart contract news

A smart contract is a computer protocol intended to digitally facilitate, verify, or enforce the negotiation or performance of a contract.

World latest news

RSK Smart Contracts Are Now Available On Microsoft Azure Marketplace

RIF Labs, the Operating System (OS) development team headed by RSK Labs, has announced the addition of RSK smart contracts to the Microsoft Azure Marketplace. The Marketplace is a forum for Microsoft-based apps, which has been offering increased support for blockchain applications. According to a press release, RSK smart contracts are the latest addition to the platform along with the ability to launch an RSK Smart MainNet Node. This places RSK among the first blockchains to be supported by Microsoft’s Blockchain-as-a-Service platform. RSK benefits by providing its user community exposure to a higher grade of consumer convenience and protection. According to the announcement: “RIF Labs customers can now take advantage of the scalability, high availability, and security of Azure, with streamlined deployment and management.” Furthermore, tech superpowers like Microsoft, Intel and IBM endorsing blockchain will fuel greater adoption as each corporation’s user bases find more exposure toblockchain tech. Of Microsoft’s support, Diego Gutierrez Zaldivar, CEO of RIF Labs, said: “Making development as easy and seamless as possible is vital to realizing blockchain technology’s full potential. Microsoft’s endorsement of RSK Smart Contract Network is critical in bridging the gap to mass adoption, which in turn will help unleash the power of the Internet of Value.” Microsoft continues to remain at the cutting edge of blockchain adoption, lending credibility and aid to projects like R3‘s Corda Settler, a global payments app supporting remittances through crypto, and Hyperledger, another platform for enterprise applications. The post RSK Smart Contracts Are Now Available On Microsoft Azure Marketplace appeared first on Crypto Briefing.
CryptoBriefing

A Deep Dive into the MythX Smart Contract Security Analysis API

This week, we launched five challenges as part of the Ethereal Virtual Hackathon with a prize pool of $6k (paid in crypto, obviously). This quick guide explains how to perform an analysis with MythX API.What is MythX?MythX is a security analysis platform for Ethereum smart contracts. It performs a comprehensive range of industry-leading analyses on smart contracts, including input fuzzing, static and symbolic analysis.The goal of MythX is to make security analysis available to all Ethereum developers — even those who are not security-savvy. In the ongoing Hackathon we award prizes in five categories. For more details on the requirements and prizes check out the Gitcoin issues:Foundational ToolsContinuous Integration ToolsIDEs and Code EditorsWeb appsFreestyleHow MythX API worksMythX clients submit Solidity code and solc compiler artifacts to the MythX API (https://api.mythx.io) for analysis. The required imput data can be generated by compiling source code with solc or solc-js. Prerequisite for analysis is that the code is free of syntax errors and compiles successfully. On submitting the request, the analysis service returns an UUID which can then be used to query the analysis status and obtain the results.The MythX OpenAPI specification describes the API request and response format in detail. However, the easiest way to get familiar with the API is by trying it yourself.Analysis WalkthroughIn the following walkthrough we’ll use PythX, a Python library that also comes with a simple command line interface (if you’re a JavaScript fan and/or Python hater, you can get similar results by running Sabre with the--debug flag). The first step is to install PythX:$ pip3 install pythxYou can show the available commands by running pythx --help.$ pythx --helpUsage: pythx [OPTIONS] COMMAND [ARGS]...PythX is a CLI/library for the MythX smart contract security analysis API.Options: --help Show this message and exit.Commands: check Submit a new analysis job based on source code, byte code, or... login Login to your MythX account logout Log out of your MythX account openapi Get the OpenAPI spec in HTML or YAML format ps Get a greppable overview of submitted analyses refresh Refresh your MythX API token report Check the detected issues of a finished analysis job status Get the status of an analysis by its UUID top Display the most recent analysis jobs and their status truffle Submit a Truffle project to MythX version Print version information of PythX and the APINote that Pythx’s commands closely mirror the API specification: There’s separate commands for login, refresh, submitting an analysis, and so on. Setting the PYTHX_DEBUG environment variable enables verbose debugging output. We’ll use this to get a closer look at the low-level API requests.$ export PYTHX_DEBUG=1AuthenticationMythX API uses username/password authentication based on JSON Web Tokens (JWT). Users are identified by their Ethereum address and a password chosen when signing up.To get started as a MythX developer I recommend signing up for a free account on the MythX website. During the beta, which will run at least until the start of June, free accounts are unrestricted, and we’ll provide special accounts to tool devs once paid subscriptions become available.To accommodate users who want to try out MythX tools prior to signing up, there is also a built-in trial account with limited capabilities. Specifically, the trial user only receives up to three security issues detected per analysis and cannot list or access historical analyses. The credentials for the trial user are:Username: 0x0000000000000000000000000000000000000000Password: trialTo view the login request, type:$ pythx loginThis will prompt you for an Ethereum address and password. PythX will then send a POST request to the /auth/login endpoint:POST https://api.mythx.io/v1/auth/login HTTP/1.1Content-Length: 90Content-Type: application/json{"ethAddress": "0x[...]", "password": "[password]"}If the credentials are valid, the server sends a JSON-formatted response containing the JWT access token and refresh token. By submitting the access token in the Bearer header you can use authenticated endpoints. The access token is valid for 10 minutes, after which you can obtain a new one using the refresh token.Running an AnalysisWhile MythX can run an analysis on EVM bytecode only, you have to submit both the source code and bytecode to receive a complete result. The following options exist:Submit bytecode only. In this case, you need to submit both the creation bytecode and runtime bytecode in thebytecode and deployedBytecode fields, respectively. Note that in this case, you will only receive partial results and the false positive rate will be higher.Submit bytecode and Solidity code. Here, you submit the creation and runtime bytecode as well as the source mappings generated by solc. Additionally, you submit a the list of input filenames in the sourceList field and the source code for each file in the sources field. Note that you must include the filenames and code for all imports (and recursively for imports of imports) as well. Finally, when submitting source code, you must add a mainSource field that tells MythX about the primary file being analyzed.Submit bytecode and ASTs. Same as above, but you submit the abstract syntax tree (AST) of each file instead of the source code. Assuming you are using solc, this is easier to implement than option 2 because solc provides the ASTs for all imports automatically — you can simply pass on the output of solc instead of manually adding the source code for each import. Also, the mainSource field can be ommitted when using ASTs.As an example, let’s look at the first challenge of the MythX workshop. To perform an analysis from Solidity source with PythX, make sure you that solc is installed an in the path, then run:$ pythx check -sf Token.solWhat PythX does is running the solc command line tool with the following arguments:solc --combined-json ast,bin,bin-runtime,srcmap,srcmap-runtime <file>It then formats the API request according to specification and sends a POST request to the analysis endpoint. The submitted JSON object looks as follows (truncated for brevity):POST https://api.mythx.io/v1/analysesAuthorization: Bearer [Access token]Content-Length: 18124Content-Type: application/json{ "data": { "bytecode": "[token.sol creation bytecode]", "sourceMap": "25:503:0:...", "deployedBytecode": "[token.sol bytecode]", "deployedSourceMap": "25:503:0:...", "mainSource": "token.sol", "sources": { "token.sol": { "ast": {}, "source": "[Soldity code for token.sol]" } }, "sourceList": [ "token.sol" ], "version": "0.5.7+commit.6da8b019.Linux.g++", "analysisMode": "quick" }, "clientToolName": "pythx"}Note the two additional configuration parameters:analysisMode: Currently, there are two analysis modes that differ in the execution time available to the fuzzer and symbolic analyzer. The “quick” mode takes 45–90 seconds to complete, while the “full” mode takes 5–10 minutes. Full mode allows for a deeper analysis that can discover more bugs, such as bugs that require multiple transactions to execute. We are currently working on a third mode (codename “lighting”) that returns a result within a few seconds.clientToolName: This field allows you to pick an arbitrary name for your tool. We track usage of different MythX tools for the purpose of revenue sharing: After paid subscriptions go live, 25% of revenues will be split between tool devs proportional to the number of active of active paying users of each tool.In the response to a newly submitted analysis you will receive a job UUID (allowing you to track analysis progress), as well as some useful meta data. This includes our backend tool versions, a timestamp, the user’s ID, as well as the time the job has been queued and is running. With the status field you are able to track whether your analysis has finished.{ "apiVersion": "v1.4.14", "harveyVersion": "0.0.18", "maestroVersion": "1.2.10", "maruVersion": "0.4.4", "mythrilVersion": "0.20.4", "queueTime": 1488, "runTime": 11572, "status": "Queued", "submittedAt": "2019-04-20T09:22:56.522Z", "submittedBy": "5c6d656206d17300110e24d6", "uuid": "d257381b-97b0-4fce-9832-7da2f8ca2ebb"}Note that initially, the analysis status is shown as “queued”. Each analysis request goes through three phases:Queued: The job has been accepted but not yet picked up by a worker. As long as the API is not overloaded, jobs should remain in “queued” state for only a few seconds.In progress: The analysis is currently running. In “quick” mode, the analysis should take 45–90 seconds to complete.Finished: The analysis is completed and the report can be obtained.PythX displays these objects in a nicer way through its CLI:$ pythx status d257381b-97b0-4fce-9832-7da2f8ca2ebb╒════════════════╤══════════════════════════════════════╕│ uuid │ d257381b-97b0-4fce-9832-7da2f8ca2ebb │├────────────────┼──────────────────────────────────────┤│ apiVersion │ v1.4.14 │├────────────────┼──────────────────────────────────────┤│ mythrilVersion │ 0.20.4 │├────────────────┼──────────────────────────────────────┤│ maestroVersion │ 1.2.10 │├────────────────┼──────────────────────────────────────┤│ harveyVersion │ 0.0.18 │├────────────────┼──────────────────────────────────────┤│ maruVersion │ 0.4.4 │├────────────────┼──────────────────────────────────────┤│ queueTime │ 1488 │├────────────────┼──────────────────────────────────────┤│ runTime │ 11572 │├────────────────┼──────────────────────────────────────┤│ status │ In Progress │├────────────────┼──────────────────────────────────────┤│ submittedAt │ 2019-04-20T09:22:56.522Z │├────────────────┼──────────────────────────────────────┤│ submittedBy │ 5c6d656206d17300110e24d6 │╘════════════════╧══════════════════════════════════════╛Once your job is done, you will see the following entry in the status object:"status":"Finished"Retrieving ResultsOnce the job is in “finished” state we can retrieve the results with the pythx report command.$ pythx report d257381b-97b0–4fce-9832–7da2f8ca2ebbThis sends an authenticated request to the /analysis/UUID/report endpoint:GET https://api.mythx.io/v1/analyses/d257381b-97b0–4fce-9832–7da2f8ca2ebb/issues HTTP/1.1 200Authorization: Bearer [Access token]A list of detected security issues is returned in the response.HTTP/1.1 200Content-Type: application/json; charset=utf-8[ { "issues": [ { "swcID": "SWC-101", "swcTitle": "Integer Overflow and Underflow", "description": { "head": "The binary subtraction can underflow.", "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." }, "severity": "High", "locations": [ { "sourceMap": "296:29:1" } ], "extra": { "testCase": { "initialState": { "accounts": null }, "steps": null } } }, { "swcID": "SWC-101", "swcTitle": "Integer Overflow and Underflow", "description": { "head": "The binary subtraction can underflow.", "tail": "The operands of the subtraction operation are not sufficiently constrained. The subtraction could therefore result in an integer underflow. Prevent the underflow by checking inputs or ensure sure that the underflow is caught by an assertion." }, "severity": "High", "locations": [ { "sourceMap": "337:30:1" } ], "extra": { "testCase": { "initialState": { "accounts": null }, "steps": null } } }, { "swcID": "SWC-101", "swcTitle": "Integer Overflow and Underflow", "description": { "head": "The binary addition can overflow.", "tail": "The operands of the addition operation are not sufficiently constrained. The addition could therefore result in an integer overflow. Prevent the overflow by checking inputs or ensure sure that the overflow is caught by an assertion." }, "severity": "High", "locations": [ { "sourceMap": "373:23:1" } ], "extra": { "testCase": { "initialState": { "accounts": null }, "steps": null } } } ], "sourceType": "solidity-file", "sourceFormat": "text", "sourceList": [ "token.sol" ], "meta": { "coveredInstructions": 318, "coveredPaths": 9 } }]PythX, just like other tools in the MythX ecosystem, resolves the given source locations and maps them to line numbers in the Solidity input files. The result from a CLI call getting the report will be displayed as a prettier table:Client Libraries and ToolsThe MythX API is just the first step for us. We aim to build an open-source ecosystem that allows developers of varying skill levels to easily build tools specific to their needs. Security is an integral part of building a sustainable ecosystem. We practice what we preach, so we already came up with a nice little set of tools and libraries that you can get inspiration from. :)MythX Plugin for Truffle: https://github.com/ConsenSys/truffle-securityPythX: https://github.com/dmuhs/pythx/Mythos: https://github.com/cleanunicorn/mythosSabre: https://github.com/b-mueller/sabreArmlet: https://github.com/ConsenSys/armletGetting SupportProcessing build artifacts and source mappings correctly can become tricky for complex Soldity projects. On way to make things easier is to re-use code of the existing projects listed above. You can also get in contact with the team and other tool devs on the Discord server.Further linksMythX developer documentationAwesome MythX smart contract security toolsOpenAPI SpecA Deep Dive into the MythX Smart Contract Security Analysis API was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Hackernoon

Microsoft Azure Now Supports RSK Smart Contracts

RIF Labs has announced the integration of its public blockchain, RSK Smart Contracts, on Microsoft's Azure Marketplace. The RSK Smart Contract Network is an open-source platform that seeks to extend the functionality of Bitcoin using smart contracts and the Azure Marketplace is an app store for Microsoft’s cloud computing service.Prior to the integration, RIF Labs customers had to deploy local servers while manually setting up and maintaining nodes for running the blockchain. With the addition of RSK Smart Contracts on the marketplace, users can have an RSK blockchain network set up in minutes via Azure.Adrian Eidelman, RSK strategist and RIF Labs CTO, believes the integration with Microsoft's marketplace allows DApp developers to keep their focus on the product development now that node deployment has been settled.“DApp developers can now focus on building their product, since they don’t have to worry anymore about spending hours in setting up and maintaining the node,” Eidelman explained in a company statement shared with Bitcoin Magazine. “Microsoft’s support will be key to accelerate adoption of RSK technologies and the Bitcoin ecosystem.”RSK Smart Contracts is the latest public blockchain to be supported by the Azure Marketplace.Sajan Parihar, director of Microsoft Azure, explained why the Azure marketplace is so pivotal for developers."Through Microsoft Azure Marketplace, customers around the world can easily find, buy, and deploy partner solutions they can trust, all certified and optimized to run on Azure,” Parihar said in the statement. “We're happy to welcome RSK Smart Contracts to the growing Azure Marketplace ecosystem."RIF Labs’ integration with Microsoft will also prove crucial for the blockchain startup in the future, as it gets set to launch new protocol implementations for its RIF OS. The increased ease of setting up nodes will provide an opportunity to expand the RSK network for far less cost and storage space rental on the nodes themselves could provide the opportunity for developers to earn mining rewards.In 2018, RSK Labs was acquired by RIF Labs, an acquisition that saw the smart contract platform expand beyond Bitcoin's blockchain. This article originally appeared on Bitcoin Magazine.
Bitcoin Magazine
More news sources

Smart contract news by Finrazor

ESSENTIAL

Basic information about Ethereum and description of its working process, problems of the Internet and the way Ethereum tries to solve them as well as the explanation of smart contracts.

Read more
ESSENTIAL

Everything you need to know about blockchain oracles, their importance and benefit for blockchain, the structure of oracles which consists of different components as well as their types and the list of oracle developers

Read more
ESSENTIAL

Blockchain as an effective provider of privacy and security, the meaning of smart contracts and their role, major aspects of blockchains and distributed ledgers and their use cases as well as the idea of Blockchain 3.0

Read more

Trending

Hot news

Hot world news

BTC and ADA Are Showing Positive Signs With Strong Bullruns and Weaker Corrections

The cryptomarket is going through some good times, recovering from the sharp fall it had during 2018. The recovery of the global marketcap, and the high number of developments around cryptos and blockchain technologies has led many analysts to claim that we are close to witnessing not only a stabilization of the markets but also a bullish trend in the short term. Of all the crypto currencies on the ecosystem, BTC has always been the reference token, not only for holding the most powerful position in the top 10 but also for having the highest number of users and software developments. BTC is Having a Great Week BTC has experienced a significant price increase. After a period of constant “Bart Simpsons”, it finally seems that the most important cryptocurrency in the world broke the 5k resistance. This marks an a crucial milestone as it is a a value that could not be reached for months. However, during the last few hours BTC was curiously bullish. The token easily broke the 5.4K to flirt with the 5.6K band. If this trend continues, it could be said that BTC has been bullish for the entire past week, winning between 500 to 600 Dollars per token. BTC. 30 minute candles. After the big green candle, 5580 has become a new support Bitcoin (BTC) 1day candles. courtesy Tradingview Cardano (ADA) Also Shows Some Positive Signs Another token that has been specially bullish is Cardano (ADA) The project that promises to solve the “blockchain trilemma” experienced a a surge of about 10% in less than 24h, standing at one point almost at $0.08 per token. One of the reasons for this rise is the positive reaction of the market to the announcement by Charles Hoskinson (head of the project) saying that IOHK managed to close a an association with the Ethiopian government to popularize the use of Cardano in that region. According to Mr. Hoskinson, thanks to this partnership the Ethiopian authorities, the government will allow its citizens to use ADA to make payments as if it were fiat. Also, residents of Addis Ababa, the capital of the country, will be able to use ADA to pay for public transport services in the city. Right now, Cardano (ADA) experienced a correction that placed the token back to the support at 0.074 USD. The token then went up again to 0.075 with signs of another possible bullish trend in the short term Currently the bullish trend seems to be solid in most of the markets. The signs of a trend reversal are not strong enough to be frightened, however it is important to follow the charts, remembering that cryptocurrencies are extremely volatile. The post BTC and ADA Are Showing Positive Signs With Strong Bullruns and Weaker Corrections appeared first on Ethereum World News.
Ethereum World News

USDX Wallet Announces Integration with First Crypto Exchange, ExMarkets

April 23rd, 2019, Frankfurt, Germany – USDX Wallet is a mobile-first instant transfers solution powered by blockchain technology. It targets crypto holders, allowing individuals to send and receive funds quickly and fee-free. It also covers the needs of an unbanked audience, and those who don’t want to pay commissions within traditional money transfer mobile apps. The USDX Wallet app guarantees multi-level security for all transactions and instant transfers of assets by username, phone number or QR code. The native blockchain used by the USDX Wallet is based on the BitShares protocol and allows 100,000 transactions per second. USDX and LHT Tokenomics The payment system has two cryptocurrencies at its core: USDX token and LHT coin. The USDX token is a stablecoin pegged to the U.S. dollar at a 1:1 ratio via a smart contract. USDX is collateralized by the system’s core cryptocurrency, LHT. The total supply of LHT is 1 billion coins. LHT coins will be released gradually to the market; only 10% of the LHT supply will be issued each year, of which 5% will be freely tradeable and 5% will be locked on the blockchain to provide 200% collateralization. Recent Developments USDX Wallet has not held any private sales or presales, as it has received a sufficiently large venture investment. Future profits of the project will come from business account fees. From December 2018 to January 2019, there was an airdrop that attracted tens of thousands of participants. At the moment, USDX Wallet has surpassed 50,000 verified accounts. For the last several months the team behind the app have been implementing integration with crypto exchanges. The first platform to list LHT will be ExMarkets exchange, with two more exchanges to come. On Exmarkets, LHT will be available in trading pairs with Bitcoin (LHT/BTC) and Ethereum (LHT/ETH). About Exmarkets ExMarkets is a digital asset exchange platform powered by the state-of-the-art trading engine developed in-house. On the exchange, ExMarkets users can trade the most popular cryptocurrencies as well as gain the chance to participate in the token sales of the most promising blockchain and crypto projects through ExMarkets Initial Exchange Offering (IEO) LaunchPad. Recently, ExMarkets was granted two operational licenses for crypto-fiat gateway and custodian service provision by the Estonian regulator making it one of the few certified players in the market. Also, ExMarkets supports EUR (SEPA transfers) deposits to the cryptocurrency exchange and is a part of the CoinStruction liquidity framework which is aggregating order-books from the most well-known cryptocurrency exchanges guaranteeing 24/7 crypto liquidity. It takes only a few minutes to set up an account; users are allowed to make deposits in Bitcoin, Ethereum, other supported cryptocurrencies, and tokens. ________________________________ For more information on USDX Wallet, visit https://usdx.cash. The free USDX Wallet app is available on Google Play and the App Store. Follow USDX Wallet on Medium, Twitter, Facebook and Telegram. ExMarkets platform https://www.exmarkets.com/. Media Contact Details Contact Name: Maria Lobanova Contact Email: mlobanova@usdx.cash Partnership Request Details Contact Email: partners@usdx.cash USDX Wallet is the source of this content. Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. Cryptocurrencies and tokens are extremely volatile. There is no guarantee of stable value, or of any value at all. Disclosure: This is a sponsored press release. The post USDX Wallet Announces Integration with First Crypto Exchange, ExMarkets appeared first on NullTX.
NullTX
By continuing to browse, you agree to the use of cookies. Read Privacy Policy to know more or withdraw your consent.