Solidity Digest - Mar 2023: Everything You Should Know

The March 2023 Solidity digest features updates and new releases of various Solidity-related tools, along with approved ERC proposals, and multiple articles about Solidity security.

News

• Remix v0.31

  • Chain forking: This feature allows users to fork Ethereum Mainnet, testnets, or any chain of their choice at any block number and play with it on the Remix VM.

    
    

  • New proxy contract upgrade checks: Remix has updated its UI to deal with upgradeable contracts using the UUPS design pattern. It saves a list of previously deployed proxy contracts and performs checks to ensure that the user is upgrading the right contract.

    
    

  • File Explorer updates: Users can now right-click on a file or folder name to back up the file or folder, and there is an update to generate UML in the FE right-click menu.

    
    

  • Warning when updating a file outside of Remix: When users update a file in the shared folder connected with Remix from a tool outside of Remix, a warning will pop up.

    
    

• Hardhat v2.13.0 - This new version of Hardhat adds two long-awaited features: ES Modules support and better support for Solc’s IR-based compilation pipeline. Besides that, this version includes several other improvements and bug fixes.

  
  

• v4.8.2 of OpenZeppelin contracts and contracts-upgradeable

  • Bug fix for ERC721Consecutive that could cause a balance overflow when _mintConsecutive was used for batches of size 1.

    
    

  • Breaking changes to ERC721: the internal function _beforeTokenTransfer will no longer update balances when batchSize is greater than 1.

    
    

• truffle v5.8.0 - Truffle introduces the Truffle Dashboard Hardhat plugin, which allows developers to see decoded transaction information when using Truffle Dashboard with their Hardhat projects.

ERC

• ERC-1046: tokenURI Interoperability - Extends ERC-20 with an ERC-721-like tokenURI, and extends ERC-721 and ERC-1155 with interoperability.

  
  

• ERC-5606: Multiverse NFTs - A universal representation of multiple related NFTs as a single digital asset across various platforms.

  
  

• ERC-6147: Guard of NFT/SBT, an Extension of ERC-721 - A new management role with an expiration date of NFT/SBT is defined, achieving the separation of transfer right and holding right.

  
  

• ERC-4804: Web3 URL to EVM Call Message Translation - A translation of an HTTP-style Web3 URL to an EVM call message.

  
  

• ERC-5380: ERC-721 Entitlement Extension - Allows token owners to grant the ability for others to use specific properties of those tokens.

Libs

• Certora/gambit - A Solidity Mutation Testing Tool. See also the article Gambit: A Solidity Mutation Testing Tool for Formal Verification.

Audits

• EIP-4337 – Ethereum Account Abstraction Incremental Audit - EIP-4337 is a specification to add account abstraction functionality to the Ethereum mainnet without modifying the consensus rules. Review by OpenZeppelin of the latest version revision of the Ethereum Foundation specification and reference implementation.

  
  

• Barter DAO Security Audit Report by MixBytes

  
  

• ScopeLift Flexible Voting Audit by OpenZeppelin

Articles

• Blockchain Hacking Techniques of 2022 | Top 10 - OpenZeppelin, in collaboration with the community of Web3 security experts, has documented the top security research from 2022 to promote best practices and effective security measures across the industry

  
  

• “Damn Vulnerable DeFi” Creator Teaches You How To Audit - We meet up with Tincho, Damn Vulnerable DeFi creator and previous Openzeppelin lead auditor, on what his exact audit process looks like end-to-end. We do a mock audit of ENS to show you how to do it.

  
  

• Metamorphic Smart Contracts: Is EVM Code Truly Immutable? - It is commonly believed that smart contract code on Ethereum is immutable and cannot be changed once deployed. However, this is only true if the contract was deployed using the standard procedure. This article is about techniques that allow one to create a smart contract at a specific address and then change its internal logic by modifying the bytecode that processes user data.

  
  

• Overview of the Inflation Attack - An inflation attack is a widespread problem that targets the ERC-4626 tokenized vault standard and has largely gone unnoticed until recently. This attack allows malicious actors to steal the first deposits into vulnerable pools, potentially resulting in significant losses for unsuspecting investors.

  
  

• Splitting a string into multiple lines in Solidity: How hard can it be? - Discussion about splitting a string into multiple lines in Solidity without breaking multi-byte characters or emojis.

  
  

• Dexible Hack Analysis — Never Blindly Trust Smart Contracts - An analysis of a hack that occurred on February 17, 2023, on the Dex Aggregator platform called Dexible, which resulted in the loss of $2 million by users who allowed the Dexible contract to exchange tokens on their behalf.

  
  

• SwapX hack analysis — Improper Access Control - SwapX suffered a loss of nearly $1M due to a BSC chain attack on February 27, 2023, as a result of poor access control on the "approval" function, which allowed attackers to authorize their contract and execute trades on behalf of the victim.

  
  

• Euler Finance Hack Analysis — Flash loan attack - A hacker exploited a logical flaw in Euler Finance’s donate liquidity feature through Flash loans and caused the project to lose $197 million on March 13, 2023.

  
  

• Clear storage and get incentivized by Ethereum Blockchain

Talks

• ETHDubai 2023

Upcoming Events

• ETHGlobal Tokyo - April 14 – 16, 2023, Tokyo, Japan

Final Words

If you have any interesting or useful links to share, please fill out the form.

Although I'm currently working as a Lead Backend Engineer at Bumble, the content in this digest does not refer to my work or experience at Bumble.