The March 2023 Solidity digest features updates and new releases of various Solidity-related tools, along with approved ERC proposals, and multiple articles about Solidity security. News Remix v0.31 Chain forking: This feature allows users to fork Ethereum Mainnet, testnets, or any chain of their choice at any block number and play with it on the Remix VM. New proxy contract upgrade checks: Remix has updated its UI to deal with upgradeable contracts using the UUPS design pattern. It saves a list of previously deployed proxy contracts and performs checks to ensure that the user is upgrading the right contract. File Explorer updates: Users can now right-click on a file or folder name to back up the file or folder, and there is an update to generate UML in the FE right-click menu. Warning when updating a file outside of Remix: When users update a file in the shared folder connected with Remix from a tool outside of Remix, a warning will pop up. - This new version of Hardhat adds two long-awaited features: ES Modules support and better support for Solc’s IR-based compilation pipeline. Besides that, this version includes several other improvements and bug fixes. Hardhat v2.13.0 v4.8.2 of OpenZeppelin and contracts contracts-upgradeable Bug fix for that could cause a balance overflow when was used for batches of size 1. ERC721Consecutive _mintConsecutive Breaking changes to : the internal function will no longer update balances when batchSize is greater than 1. ERC721 _beforeTokenTransfer - Truffle introduces the Truffle Dashboard Hardhat plugin, which allows developers to see decoded transaction information when using Truffle Dashboard with their Hardhat projects. truffle v5.8.0 ERC - Extends ERC-20 with an ERC-721-like tokenURI, and extends ERC-721 and ERC-1155 with interoperability. ERC-1046: tokenURI Interoperability - A universal representation of multiple related NFTs as a single digital asset across various platforms. ERC-5606: Multiverse NFTs - A new management role with an expiration date of NFT/SBT is defined, achieving the separation of transfer right and holding right. ERC-6147: Guard of NFT/SBT, an Extension of ERC-721 - A translation of an HTTP-style Web3 URL to an EVM call message. ERC-4804: Web3 URL to EVM Call Message Translation - Allows token owners to grant the ability for others to use specific properties of those tokens. ERC-5380: ERC-721 Entitlement Extension Libs - A Solidity Mutation Testing Tool. See also the article . Certora/gambit Gambit: A Solidity Mutation Testing Tool for Formal Verification Audits - is a specification to add account abstraction functionality to the Ethereum mainnet without modifying the consensus rules. Review by OpenZeppelin of the latest version revision of the Ethereum Foundation specification and reference implementation. EIP-4337 – Ethereum Account Abstraction Incremental Audit EIP-4337 by MixBytes Barter DAO Security Audit Report by OpenZeppelin ScopeLift Flexible Voting Audit Articles - OpenZeppelin, in collaboration with the community of Web3 security experts, has documented the top security research from 2022 to promote best practices and effective security measures across the industry Blockchain Hacking Techniques of 2022 | Top 10 - We meet up with Tincho, Damn Vulnerable DeFi creator and previous Openzeppelin lead auditor, on what his exact audit process looks like end-to-end. We do a mock audit of ENS to show you how to do it. “Damn Vulnerable DeFi” Creator Teaches You How To Audit - It is commonly believed that smart contract code on Ethereum is immutable and cannot be changed once deployed. However, this is only true if the contract was deployed using the standard procedure. This article is about techniques that allow one to create a smart contract at a specific address and then change its internal logic by modifying the bytecode that processes user data. Metamorphic Smart Contracts: Is EVM Code Truly Immutable? - An inflation attack is a widespread problem that targets the ERC-4626 tokenized vault standard and has largely gone unnoticed until recently. This attack allows malicious actors to steal the first deposits into vulnerable pools, potentially resulting in significant losses for unsuspecting investors. Overview of the Inflation Attack - Discussion about splitting a string into multiple lines in Solidity without breaking multi-byte characters or emojis. Splitting a string into multiple lines in Solidity: How hard can it be? - An analysis of a hack that occurred on February 17, 2023, on the Dex Aggregator platform called Dexible, which resulted in the loss of $2 million by users who allowed the Dexible contract to exchange tokens on their behalf. Dexible Hack Analysis — Never Blindly Trust Smart Contracts - SwapX suffered a loss of nearly $1M due to a BSC chain attack on February 27, 2023, as a result of poor access control on the "approval" function, which allowed attackers to authorize their contract and execute trades on behalf of the victim. SwapX hack analysis — Improper Access Control - A hacker exploited a logical flaw in Euler Finance’s donate liquidity feature through Flash loans and caused the project to lose $197 million on March 13, 2023. Euler Finance Hack Analysis — Flash loan attack Clear storage and get incentivized by Ethereum Blockchain Talks ETHDubai 2023 Upcoming Events - April 14 – 16, 2023, Tokyo, Japan ETHGlobal Tokyo Final Words If you have any interesting or useful links to share, please fill out the . form Although I'm currently working as a Lead Backend Engineer at Bumble, the content in this digest does not refer to my work or experience at Bumble.
