-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnotes.txt
386 lines (262 loc) · 11 KB
/
notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
Gasper
access list new transaction types
nonce
bloom filters
AA
different signature schemes
allow different people to transact
available on starknet
----------------------------------------------
Day 2
contract design - have an idea of the interface you want to expose to the world
modifiers increase the size of the contract, have a jump to the modifier code in new compilers
indexed keyword in front of events, make it queriable
use arrays to iterate through mappings
two different syntaxes for creating an instance of a struct
order of inheriting contracts is important, makes a difference to the behaviour of the contract
string.concat(s1,s2)
enums, stored in a uint8
Storage - permanent data
Memory - temporary, outside of the function scope it gets discarded
calldata - cheaper than memory, used
memory vs calldata - we can change the value of memory,
we cannot change calldata it is immutabe
immutable can be defined at compile time
fallback() - if a transaction calls a function that doesn't exist (not matching method signatures)
recieve() - hook when contract recieves ether
Type Error,
require, assert (check if condition is holding) and revert (stop execution)
calling external contracts always use try catch
custom errors good for optimization
using other contracts/libraries - compile time and runtime distinguish
- specific syntax for using libraries
ie using Math for uint256;
check slide 35 for deploying libraries !!!!!
pre - compiled contracts
checking signatures,
hashing (sha256hash)
0x04 address of a pre compiled contracts
Fee schedule
Every block has a base Fee
delete storage if its no longer needed
event selector for non anonymous event E to access the 32- byt selector topic
library references
block.basefee
block.difficulty
block.prerandao
self dstruct is deprecated
access events from other contracts
initialization of immutable variables
function selectors, EVM knows which function to call by scheme, functions have
a signature, slide 43
The FIRST FOUR BYTES of the call data for a function call
specifies the function to be called.
encode with signature
wrap/unwrap outbox into types
function types - used as callbacks
Q - In what scenario/case would we need to use inline assembly?
----------------------------------------------------------------------------------
data structures - merkle patricia trees
verkle tree - efficient way of storing data and retrieving compared to merkle
slide 2 of lesson t is old diagram (a little out of date)
world state trie will hold key value pairs of a contract
what state changes have been made and gas reciepts are given in bloom filters
block fields have changed
attestations
world state
Miners slide 9 should be block producers
check if signatures of the transaction is valid
nonce on a transaction is valid, equivalent to the sender accounts current nonce
----------------------------------------------------------------------------------
Day 3
memory pointers
slots, for fixed sized items,
mapping size can grow aswell as arrays,
Sol to uml, tool in foundry to shows the stack
Transaction Tries: records transaction request
Transaction Receipt Tries: records the transaction
outcome
opcodes - pop,push,dup,swap
upgradability
contract call vs delegate call , proxy contract maintains the state, where as with contract call the
constructor iniates the state only once
upgrading is an anti pattern, don't do it
a registry contract, hold the latest address versino of a contract
function contract (business logic) and data contract (link to the function logic)
proxy,diamond,strategy patterns
pulggable modules, gnosis safe
fallback() // delegate call
append to the storage when we upgrade, don't overwrite variables from your old implementations
try using some governances mechanism to bring back trust when upgrading the contract
initialiser for upgradeable cotnracts rather than the constructor
is there a design pattern for initializing with x number of data fields?
Eternal storage for every datatype
HW3
think about pre compiled contracts
----------------------------------------------------------------------------------
Day 4
check out tenderly
forge,
fuzz testing,
Chisel
first 16 bytes
----------------------------------------------------------------------------------
Day 5
Stack is 256 bits wide, only the top 16 elements is viewable
----------------------------------------------------------------------------------
Day 6
extcodessize - used for isContract, does not work for all circumstances check for eoa
return of a call, check if it has succeeded
fields availble for function setters
memoryguard - only use memory within a certain range
Yul commands checkout
Fuel labs created yul+
compiler --ir flag shows the yul version of the solidity code
----------------------------------------------------------------------------------
Day 7
Layer 1 solution - redesigning the protocol or consensus mechanism
as you increase the number of nodes more participents to get through, BFT solution can have a negative impact on scalability
split chains into shards, messaging between contracts will be in a specific shards
off chain scaling
layer 1 can be used for security
layer 2 can be used for execution
optimistic fraud proof rollup
optimistic rollup - bare minimum information needed with not proofs
EIP4488 - decrease the cost of the calldata
make adaptations for ZKP
optimisation techniques -
remove redundant code
break out of loops as early as possible
look at the order of the functions, test the cheaper function first
SSTORE opcode - zero to non-zero requires a code, storage slots are either warm or compiled
cold storage
warm storage
don't store data unless if you really have to
reduce the number of SStore operations
packing of data on storage slots
bytes32 is the most optimized storage type , whenever possible
bytes is better than byte[]
bytes1 to bytes32
bytes32 cheaper than using string
smaller datatypes use arrays
uint vs uint256,
overhead of get the item out of the storage aswell
padding done aswell when its gone onto the stack
----------------------------------------------------------------------------------
Day 8
avoid public variables
optimizer, prevent duplications
if a view function is only payed by gas if its invoved from a transacitonal method
reduce size of deployment by removing modifiers, use funcitons instead
avoid sload and sstore in loops
gas of emitting events = events k + unindexedbytes a + indexed topics b
turn on optimiser when compiling
reduce size of error message to reduce gas
keccak256 is the cheapest hashing
remove duplicates and dead code
vanity addresses with many leading zeroes, cheaper the change would be if leading zeroes
gas() and call () in yul saves manual gas counting, see how much gas is available before making the call
zero address checks that are needed
token balances uint256 value
bit shifting a & (1 << 2) , a & (1 << 6), reduce the amount you are storing for bit words
measure the performance (context is important here), make sure the code is secure
Solutions:
Leonardo Scantamburlo 17:59
https://github.com/LeoScant/GasOptimization
Willian Urban 18:02
Group 7: 413735 => https://github.com/UrbanWill/foundry-gas-optimization
Messages addressed to "Meeting Group Chat" will also appear in the meeting group chat in Team Chat
Kenneth Smith 18:02
Group 8: 149,080 gas https://github.com/mirkopezo/gas-optimisation-team-game
Nelson Rodrigues Marreiros 18:02
Group 2 : 359130 => https://github.com/NelsonRodMar/Owner-avatar-GasOptimisationFoundry-
Leonardo Scantamburlo 18:03
Group 5 => 333430 https://github.com/LeoScant/GasOptimization
via-ir = true - stack too deep error, items on the stack not getting cleaned upgradability
local variables in a function can be the root cause
this changes the deployment costs
iszero cuts down on opcodes
/// @Solidty memory-safe-assembly
compiler setting
----------------------------------------------------------------------------------
Day 9 - security
showvase of users stealing funds
addresses were traceable via tornado cash
check for default values
clearing out, items to be set to zero
Polynetwork hack -
hash of a method signature and taking the first four bytes shows the fingerprint for the evm to select a specified function
exploit details
mismanagement of access rights
one address to have two roles
bug bounty platforms
tenderly lesson 10 slide 33
initialize function over a constructor for upgradeability
initialize function has the correct access control around it
adding to the storage with proxy pattern, becareful not to change anything unintentially
----------------------------------------------------------------------------------
Day 10
security
require - sanitize the input
assert - specific, used less often, verify your program
revert - revert back to the previous state
doing something unusual
Modifiers as gaurds - make sure code is safe
don't change any state within a modifier
Integer divisionthank
fallback - proxy pattern for upgradability
Payability
locking pragmas - fixed version of compiler when testing, ensure to use the same compiler in production use fix compiler settings
Shadowing
tx.origin don't use this for access control avoid it, checking msg.sender for access control
solodity allows multiple complex inheritance
attacks -
reentrancy attack - contracts vulnerable to re-entrance
- statements in the code in the correct order
not always going to be exploitable
rekt news how contract been attacked
safe math library, denial service
becareful with interaction of your contract and other contracts
The audit process - best practises
offer bug bounties after putting code in production
code freeze, introduce bugs that won't bet picked up
talk to the developers to understand the intent of the contract and understand the behaviour
auditing a contract for a rug pull,
Estimate price quotes
ERC20 approval attack
assess the severity of the issue
----------------------------------------------------------------------------------
Day 11
Formal verification and testing, automated analysis
static analysis tool - slither
eth-security-toolbox - docker
zio features
Monitoring - tenderly
symbolic execution tools over fuss testing
taint analysis
post conditions with assert or require for the return value of an invoked function
K framework, write a specification
Solidty SMT checker
lesson 12 shows many tools for testing monitory and auditing
scribble
cetora - aave have a document on the usage for this tool
Mithril
Manticore
Halmos does symbolic execution
symbolic execution - general purpose verification
run in vscode across contracts
testing - fuzzing merkle proof example slide 36 lesson 12
Firefly - instead of ganache, collects information of tests, low level implementations
----------------------------------------------------------------------------------
Day 12
xcodecopy in delegate calls
MEV
front running all transactions are available in a public mempool before they are mined
- get a trade ahead of someone else's1
back running
sandwich attack
MEV L2
optimism
oracle extractable value
MEV Optimisations
AA - MEV - perform atomic multi optimisation