Solidity Digest Monthly / April 2023

The April selection of the latest news, tools and materials from the world of Solidity.

News

• intellij-solidity 2.4.0 — Support of user-defined operators and other improvements.
• Remix v0.32 — Upload a folder to a Workspace, support of Trust Wallet and other improvements.
• Hardhat v2.14 — This release sets Shanghai as the default hardfork used by the Hardhat Network.
• truffle v5.8.3 and v5.8.4 — update Ganache to the most recent version which supports Shanghai and small fixes
• Week in Ethereum News: April 1, April 8, April 15, April 22, April 29

ERC

• ERC-6059: Parent-Governed Nestable Non-Fungible Tokens — An interface for Nestable Non-Fungible Tokens with emphasis on parent token's control over the relationship.
• ERC-5773: Context-Dependent Multi-Asset Tokens — An interface for Multi-Asset tokens with context dependent asset type output controlled by owner's preference.
• ERC-5219: Contract Resource Requests — Allows the requesting of resources from contracts.
• ERC-6220: Composable NFTs utilizing Equippable Parts — An interface for Composable non-fungible tokens through fixed and slot parts equipping.

Tools

• 0xMob100/sporalyzer — EVM contract size analyzer. See also Introducing Sporalyzer: A Tool for Analyzing Contract Size
• Diligence Fuzzing — greybox fuzzer for analyzing contracts written in Solidity. See also (Re-) Introducing Diligence Fuzzing.
• zeroknots/slotmachine — library designed to detect hazardous storage writes in Solidity contract. See also SlotMachine(tool) & EVM Storage Management
• Foundry Safer Log — The safelog library provides a foundry/hardhat like console logging interface whereby the individual log functions do not modify the state of memory
• Slitherin by Pessimistic.io — Slither detectors to help with code review and audit process

Articles

• Fuzz / Invariant Tests | The New Bare Minimum For Smart Contract Security
• Precision Loss Errors
• Allbridge Hack Analysis — Improper business logic
• Sentiment Hack Analysis — Reentrancy Attack
• MEV Bot hack analysis — MEV Boost Relay Attack
• 15/04/23 Hundred Finance Hack Post-Mortem
• Foundry Unit Tests
• Benchmarking Smart-Contract Fuzzers
• How to Prepare for a Smart Contract Audit
• Formal Verification & Symbolic Execution | The Security Silver Bullet?

Audits

• Top 7 Smart Contract Auditors and more
• Polygon zkEVM Contracts Security Review by Spearbit
• zkSync Fee Model and Token Bridge Audit by OpenZeppelin
• zkSync – L1 Diff Audit (February 2023) by OpenZeppelin
• Clearpool Security Audit Report by Mixbytes
• Cron Finance Security Review by Spearbit
• SEAPORT security review by Spearbit
• MYSO Finance Security Assesment by Trail of Bits
• Balancer v2 Security Assesment by Trail of Bits
• CloudWalk Multisig Wallet Audit Report by MixBytes
• EigenLabs — EigenLayer by ConsenSys Diligence
• Satin.Exchange by Trust

Code4rena reports

• Golom contest
• Canto Identity Protocol contest
• Neo Tokyo contest
• RabbitHole Quest Protocol contest
• Wenwin contest
• Tessera - Versus contest
• Mute Switch - Versus contest
• Reserve contest
• ParaSpace contest

Videos

• ETHGlobal Tokyo
• Solidity Inline Assembly & Yul — Peter Robinson described what Solidity Inline Assembly and Yul are, when they should be used, and the trade-offs between writing in pure Solidity, using Solidity with inline assembly, writing in Yul, or hand crafting byte code.
• ERC 1271 & ERC 6492: Signatures for Contract Wallets / Account Abstraction
• Create a sandwich MEV flashbot: part 1, part 2, part 3

Although I'm currently working as a Lead Backend Engineer at Bumble, the content in this digest does not refer to my work or experience at Bumble.

If you have any interesting or useful links to share, please contact me on twitter or fill this form

← Solidity digest / mar 2023