Nothing found.

Latest stories

Eco Contracts Audit

The Eco team asked us to review and audit the contracts for their open payment network. We looked at the code and have…

Read More

A Year of Research at OpenZeppelin

It's been a busy 2019 for our dearest Research team. These are the main highlights of the year!.

Read More

Deep dive into the Minimal Proxy contract

In this deep dive into low-level EVM code, you will learn how to code a Minimal Proxy (EIP 1167) from scratch, no…

Read More

Our most popular audit reports

Nothing found.

SEE ALL >
More stories

Deconstructing a Solidity Contract — Part V: Function Bodies

The function body is precisely what the function wrappers detour to, after unpacking the incoming calldata. By the time a function body is executed, the function’s arguments should be sitting…

Deconstructing a Solidity Contract — Part IV: Function Wrappers

In the last article, we saw how the function selector acts as a hub or a switch of sorts in our BasicToken.sol contract. It sits at the entry point of a contract and redirects execution to the…

Transaction Permission Layer Protocol v1.0

The Transaction Permission Layer protocol (TPL) is a method for assigning metadata (herein referred to as “attributes”) to Ethereum addresses. These attributes then form the basis for designing…

Compliant Decentralization?: Exploring an Approach to Utility Token Distribution

William Hinman’s recent statements at the Yahoo Finance All Markets Summit provide some guidance for token projects intending to sell tokens as non-securities in the United States.

Deconstructing a Solidity Contract — Part III: The Function Selector

In the previous article, we identified the need to separate a contract’s bytecode into creation-time and runtime code. Having made a deep dive into the creation part, it’s now time to begin...

Towards frictionless upgradeability

ZeppelinOS is all about making the technology of upgradeability into an accessible and frictionless tool for developers. Ideally, we want to enable a developer to create upgradeable instances...

Deconstructing a Solidity Contract — Part II: Creation vs. Runtime

Let’s get started by attacking the disassembled gibberish of our contract with our divide-and-conquer lightsaber. As we saw in the introductory article, this disassembled code is very low-level...

Deconstructing a Solidity Contract —Part I: Introduction

You’re on the road, driving fast in your rare, fully restored 1969 Mustang Mach 1. The sunlight shimmers on the all-original, gorgeous plated rims. It’s just you, the road, the desert, and the…

Getting started with ZeppelinOS

Blockchains are immutable, and Ethereum is no exception. Ethereum has a rich smart contracts ecosystem that greatly lowers the barriers to creating new decentralized applications (DApps), governance…

Dharma Audit

The Dharma team asked us to review and audit the smart contracts implementing their protocol. We looked at the code and now publish our results.

More stories

Deconstructing a Solidity Contract — Part V: Function Bodies

The function body is precisely what the function wrappers detour to, after unpacking the incoming calldata. By the time a function body is executed, the function’s arguments should be sitting…

Deconstructing a Solidity Contract — Part IV: Function Wrappers

In the last article, we saw how the function selector acts as a hub or a switch of sorts in our BasicToken.sol contract. It sits at the entry point of a contract and redirects execution to the…

Transaction Permission Layer Protocol v1.0

The Transaction Permission Layer protocol (TPL) is a method for assigning metadata (herein referred to as “attributes”) to Ethereum addresses. These attributes then form the basis for designing…

Compliant Decentralization?: Exploring an Approach to Utility Token Distribution

William Hinman’s recent statements at the Yahoo Finance All Markets Summit provide some guidance for token projects intending to sell tokens as non-securities in the United States.

Deconstructing a Solidity Contract — Part III: The Function Selector

In the previous article, we identified the need to separate a contract’s bytecode into creation-time and runtime code. Having made a deep dive into the creation part, it’s now time to begin...

Towards frictionless upgradeability

ZeppelinOS is all about making the technology of upgradeability into an accessible and frictionless tool for developers. Ideally, we want to enable a developer to create upgradeable instances...

Deconstructing a Solidity Contract — Part II: Creation vs. Runtime

Let’s get started by attacking the disassembled gibberish of our contract with our divide-and-conquer lightsaber. As we saw in the introductory article, this disassembled code is very low-level...

Deconstructing a Solidity Contract —Part I: Introduction

You’re on the road, driving fast in your rare, fully restored 1969 Mustang Mach 1. The sunlight shimmers on the all-original, gorgeous plated rims. It’s just you, the road, the desert, and the…

Getting started with ZeppelinOS

Blockchains are immutable, and Ethereum is no exception. Ethereum has a rich smart contracts ecosystem that greatly lowers the barriers to creating new decentralized applications (DApps), governance…

Dharma Audit

The Dharma team asked us to review and audit the smart contracts implementing their protocol. We looked at the code and now publish our results.