In this story, I talk about the moats of the two main blockchains, Bitcoin and Ethereum and I provide some statistics and figures to illustrate each moat. Bitcoin In first, let’s examine the main moats of the Bitcoin network. The Bitcoin cryptocurrency is the first-largest cryptocurrency in terms of market capitalization…

In this story, I analyze the revenues of the USDT stablecoin. I’m publishing this story as part of the Token Research training provided by Ekolance and Maximilian A. Gutsche. Origine of the USDT stablecoin USDT is owned by iFinex Inc., a Hong Kong holding company. It’s also the owner of the cryptocurrency exchange Bitfinex. USDT…

In this story, I explain how to automatically generate a documentation of a Solidity smart contract by using a Hard Hat plugin. The hardhat-dodoc plugin (https://www.npmjs.com/package/@primitivefi/hardhat-dodoc) from Hardhat allows to generate a Markdown documentation of a Solidity smart contract using NatSpec format tags. It is possible to use templates. To…

In this story, I show how to use the Rattle on the famous Solidity KingOfTheEtherThrone smart contract. Rattle is a static binary EVM analysis framework that produces a control flow graph after removing the DUP, SWAP, PUSH , and POP opcodes. …

In this story, I show how to deploy a Solidity smart contract with Remix, Truffle, and Ganache. Truffle (http://truffleframework.com/) is a Javascript framework based on NodeJS used for the development of Dapps. It allows to set up CI/CD pipelines. It provides the following features: Compilation, Linking, Deployment, Automated testing, Network…

In this story, I show how to automate the verification of a Solidity smart contract with Etherscan. Hardhat (https://www.npmjs.com/package/@nomiclabs/hardhat-etherscan) is an integration plugin for Etherscan’s contract verification service (https://etherscan.io/). Once this service is successfully used, a green “verified” status icon is displayed on Etherscan. To use this service, you must…

In this story, we will use Slither to analyze the security of the RaceCondition.sol smart contract. Slither (https://github.com/crytic/slither) is a Solidity static analysis framework. Its main features are : detection of vulnerabilities, display of information on contracts, provision of an API to customize scans. Each contract uses a specific version…

There are different types of security tools: testing, test coverage, linting, disassembly, visualization, static analysis, dynamic analysis, formal verification. In this story, I present the most popular Solidity smart contract security tools. Slither for static analysis Slither is a Solidity static analysis framework written in Python 3. It allows to detect vulnerabilities, to better…

In this story, I list the main vulnerabilities of the Solidity smart contracts. Thanks to SWC Registry and CWE registries. Default visibility of functions References: SWC-100 : Function Default Visibility CWE-710: Improper Adherence to Coding Standards Vulnerability By default, in older versions of Solidity, functions were public. If the developer forgot to specify the visibility…