Smart Contracts Security Audits Infrastructure vulnerability analysis
Integer Overflows and Underflows
Integer overflow and underflow are common issues in programming, including Solidity. Arithmetic operations can result in these issues when the result exceeds the representable range of numbers. This often leads to unpredictable contract behavior and poses potential security risks.IN DETAILSThe Ethereum Virtual Machine (EVM) imposes size limitations on integer data types. Each type has a fixed range of values. For instance, a variable of type uint8 can only hold integer values from 0 to 255, i...
Integer Overflows and Underflows
Integer overflow and underflow are common issues in programming, including Solidity. Arithmetic operations can result in these issues when the result exceeds the representable range of numbers. This often leads to unpredictable contract behavior and poses potential security risks.IN DETAILSThe Ethereum Virtual Machine (EVM) imposes size limitations on integer data types. Each type has a fixed range of values. For instance, a variable of type uint8 can only hold integer values from 0 to 255, i...
Unveiling the Hidden Flaws: OXORIO's Deep Dive into Rho Protocol's DeFi Derivatives
In April this year, the OXORIO team conducted an audit of Rho Protocol], which is a decentralized crypto-native interest rate derivatives market (we will delve deeper into this later). As a result, our auditors found many interesting vulnerabilities that we would like to share with you. FYI, we have also found some interesting vulnerabilities in other types of protocols, see there :)What are the derivatives?Let’s begin our exploration into the realm of derivatives from a distant point, direct...
Unveiling the Hidden Flaws: OXORIO's Deep Dive into Rho Protocol's DeFi Derivatives
In April this year, the OXORIO team conducted an audit of Rho Protocol], which is a decentralized crypto-native interest rate derivatives market (we will delve deeper into this later). As a result, our auditors found many interesting vulnerabilities that we would like to share with you. FYI, we have also found some interesting vulnerabilities in other types of protocols, see there :)What are the derivatives?Let’s begin our exploration into the realm of derivatives from a distant point, direct...
Reentrancy Attacks in Solidity Smart Contracts
It's been several years since hackers stole a lot of money from the DAO in 2016 by using a trick called a reentrancy attack. This kind of attack can still happen today and cause serious financial problems. Luckily, there are ways to stop these attacks and keep your project safe.How does it work?A reentrancy attack on a smart contract happens when one contract gives control to another contract. Then, the second contract can call the first contract again before the first call is finished. ...
Reentrancy Attacks in Solidity Smart Contracts
It's been several years since hackers stole a lot of money from the DAO in 2016 by using a trick called a reentrancy attack. This kind of attack can still happen today and cause serious financial problems. Luckily, there are ways to stop these attacks and keep your project safe.How does it work?A reentrancy attack on a smart contract happens when one contract gives control to another contract. Then, the second contract can call the first contract again before the first call is finished. ...
Overflow and Underflow Vulnerabilities in Cairo
IntroIn this article, we will explore one of the most common categories of vulnerabilities in the Cairo language: overflow and underflow. By comparing the approaches of two Cairo versions, 0.x and 1.0, to addressing this issue, we will analyze how each of them handles this vulnerability.Cairo EvolutionIn 2020, StarkWare introduced Cairo 0, a fully functional programming language for creating verifiable computations. Originating as an assembly language, Cairo gradually evolved, expanding its c...
Overflow and Underflow Vulnerabilities in Cairo
IntroIn this article, we will explore one of the most common categories of vulnerabilities in the Cairo language: overflow and underflow. By comparing the approaches of two Cairo versions, 0.x and 1.0, to addressing this issue, we will analyze how each of them handles this vulnerability.Cairo EvolutionIn 2020, StarkWare introduced Cairo 0, a fully functional programming language for creating verifiable computations. Originating as an assembly language, Cairo gradually evolved, expanding its c...
Cairo Security Flaws: The Hidden Dangers in Smart Contracts
IntroStarkNet is a scalable Layer 2 solution for Ethereum, built on zk-STARK technology. It enables fast, secure, and low-cost transactions through the use of validity rollups. StarkNet operates on the Cairo VM, allowing for the development of smart contracts in the Cairo language. While Cairo is a relatively new language, it is rapidly evolving and gaining popularity. However, as with any new technology, security concerns require careful examination.Cairo BasicsLet's start our dive into...
Cairo Security Flaws: The Hidden Dangers in Smart Contracts
IntroStarkNet is a scalable Layer 2 solution for Ethereum, built on zk-STARK technology. It enables fast, secure, and low-cost transactions through the use of validity rollups. StarkNet operates on the Cairo VM, allowing for the development of smart contracts in the Cairo language. While Cairo is a relatively new language, it is rapidly evolving and gaining popularity. However, as with any new technology, security concerns require careful examination.Cairo BasicsLet's start our dive into...
