Using newer compiler versions and the optimizer gives gas optimizations and additional safety checks for free!
The advantages of versions 0.8.* over <0.8.0 are:
0.8.0 (can be more gas efficient than some
library based safemath).0.8.2, leads to cheaper runtime gas.
Especially relevant when the contract has small functions. For
🥇 Instead of sending Ether, use the withdrawal pattern
🥈 If you really need to send Ether, use a safe wrapper like OpenZeppelin's Address.sendValue(addr, amount)
🥉 If you really need to send Ether without dependencies, use (bool success, ) = addr.call{value: amount}("")
Currently TSS works by the system auto-generating a set of TSS invitees that collectively generate a new vault pubkey outside of process. Each node that participates in the signing ceremony then posts in their results into THORChain as a MsgTssPool.
Two evil nodes are able to front-run a TSS signing ceremony by posting in a fake TSS result and voting twice, which achieves consensus and creates a vault controlled by attacker, stealing funds (before the valid tx arrives).
Note: #thorsec team found a similar bug allowing spoofing ID which was patched in https://gitlab.com/thorchain/thornode/-/merge_requests/1922 - this vulnerability is similar but works even with the original ID spoof patch. After disclosure, MR 1922 also incorporated fixes to stop this attack presented below.
| import { BigNumber, providers, Wallet } from "https://esm.sh/ethers"; | |
| import { FlashbotsBundleProvider, FlashbotsBundleResolution } from "https://esm.sh/@flashbots/ethers-provider-bundle"; | |
| const FLASHBOTS_AUTH_KEY = Deno.env.get('FLASHBOTS_AUTH_KEY'); | |
| const WALLET_PRIVATE_KEY = Deno.env.get('WALLET_PRIVATE_KEY'); | |
| const GWEI = BigNumber.from(10).pow(9); | |
| const PRIORITY_FEE = GWEI.mul(3); | |
| const LEGACY_GAS_PRICE = GWEI.mul(12); | |
| const BLOCKS_IN_THE_FUTURE = 2; |
| # Ethereum helper methods | |
| # source this in your .bashrc or .zshrc file with `. ~/.ethrc` | |
| # --- Solidity sandbox --- | |
| # https://github.com/maurelian/solidity-sandbox | |
| scratch() { | |
| dir=$(pwd) | |
| cd ~/Documents/projects/solidity-sandbox || exit | |
| bash newTest.sh $1 | |
| cd "$dir" || exit |
| const converter = require("hex2dec"); | |
| const Eth = require("ethjs"); | |
| const eth = new Eth(new Eth.HttpProvider(process.env.INFURA)); | |
| async function getERC20TransferByHash(hash) { | |
| const ethTxData = await eth.getTransactionByHash(hash); | |
| if (ethTxData === null) throw "TX NOT FOUND"; | |
| if ( | |
| ethTxData.input.length !== 138 || | |
| ethTxData.input.slice(2, 10) !== "a9059cbb" |
| #!/usr/bin/python3 | |
| from python_graphql_client import GraphqlClient | |
| from json import dumps | |
| from asyncio import run | |
| from re import compile as re_compile | |
| from pytimeparse import parse | |
| reg = re_compile(r'^(\d+(\.\d+)?)') | |
| handle = None |
| pragma solidity 0.6.6; | |
| pragma experimental ABIEncoderV2; | |
| import "https://github.com/Uniswap/uniswap-v2-core/blob/master/contracts/interfaces/IUniswapV2Pair.sol"; | |
| import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/FixedPoint.sol"; | |
| import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/FullMath.sol"; | |
| import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/Babylonian.sol"; | |
| import "https://github.com/Uniswap/uniswap-lib/blob/master/contracts/libraries/BitMath.sol"; | |
| library SafeMath { |
| set-option -g prefix C-g | |
| unbind-key C-g | |
| bind-key C-g send-prefix | |
| set -g default-terminal "screen-256color" | |
| set -ga terminal-overrides ",*256col*:Tc" | |
| set-option -g status-position bottom | |
| set -g base-index 1 |
