Maurelian maurelian

Learning to learn (how a contract system works): Week 1

One of the biggest challenges in auditing is quickly ramping up on a system. The faster I can do this, the more time and capacity I have for finding real issues with it. I'm working my way through the extremely popular "Learning to Learn" course on Coursera, in order to help me improve at this.

My notes summarize the course content, and describe specific implications for how to learn and understand a smart contract system more quickly and deeply.

Focused and Diffuse modes of thinking

Learning and understanding require a combination of two modes of thought: Focused and Diffuse.

NSLOC stands for 'Normalized Source Code', which is a custom measurement we use (among others) when evaluating the complexity of a codebase.

To get the NSLOC count of a file:

For all functions, reduce any multiline function declarations to a single line.
Remove all comments
Remove all empty lines
Count the remaining lines

Example:

Feel free to copy and paste this list into a README, issue or elsewhere in your project.

Audit prep checklist (reference)

Documentation (A plain english description of what you are building, and why you are building it. Should indicate the actions and states that should and should not be possible)
- For the overall system
- For each unique contract within the system
Clean code
- Run a linter (like EthLint)
Fix compiler warnings

	pragma solidity ^0.4.21;

	contract HalfFullOrHalfEmpty {
	address player;
	uint gates;


	constructor() public payable {
	require(msg.value == 1 ether);
	}

	pragma solidity ^0.4.24;

	contract Delegator {

	bytes32 controllerLookupName = 0xabba;

	function() external payable {
	// Do nothing if we haven't properly set up the delegator to delegate calls
	// if (controllerLookupName == 0) {
	// return;

	pragma solidity ^0.4.0;

	contract ISomething {
	function fooSomething() returns(uint);
	}

	contract BarGuy {
	// This internal function use the type system for additional safety guarantees onthe input addres.
	function barThing (ISomething _iSomething) internal returns(uint){
	uint x = _iSomething.fooSomething();

	// Taken from https://etherscan.io/address/0xf91546835f756da0c10cfa0cda95b15577b84aa7#code
	// Story: https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe
	// Newsletter: https://tinyletter.com/smart-contract-security/archive

	pragma solidity ^0.4.23;
	// produced by the Solididy File Flattener (c) David Appleton 2018
	// contact : [email protected]
	// released under Apache 2.0 licence
	contract Token {
	/* This is a slight change to the ERC20 base standard.

	pragma solidity ^0.5.9;

	library Math {
	function add(uint a, uint b) public returns (uint){
	return a + b;
	}
	}

	contract UsesMath {
	using Math for uint;


	======= /Users/primary/Projects/Audits/0x-monorepo/contracts/exchange/contracts/src/delegatesToLib.sol:Math =======
	EVM assembly:
	/* "/Users/primary/Projects/Audits/0x-monorepo/contracts/exchange/contracts/src/delegatesToLib.sol":25:312 library Math {... */
	dataSize(sub_0)
	dataOffset(sub_0)
	/* "--CODEGEN--":132:134 */
	0x0b
	/* "--CODEGEN--":166:173 */
	dup3

	This post links my 3Box profile to my Github account! Web3 social profiles by 3Box.

	✅ did:muport:QmfDuJZ7fXN9PQCFEqpGdQuQhw5RePG6zBhmt75BZnpmh5 ✅

	Create your profile today to start building social connection and trust online at https://3Box.io/