Diligence Blog

It’s been a couple of years since code4rena has introduced competitive audits into the smart contract security landscape, and it looks like audit contests are here to stay. In the meanwhile several other platforms have popped up with the same forumula. Audit contests are simple. A project publishes a set of smart contracts that they would like to have audited, and promises a prize pool for security related findings. A contest is ran for a couple of weeks during which participants can submit their findings.

We recently released a new tool called napalm, a detection module IDE. Napalm makes it easy to set-up a multi-tool custom detector project. Not stopping there, napalm provides an all-out quality of life upgrade for security researchers that like to write their own detection modules. A tool that helps you develop detection modules is great, but it occurred to me that lots of people are not writing their own detection modules yet.

Attention, all auditors and security researchers! We’ve got a new tool for you! You’re a security researcher and you hate repetitive work. So what do you do? You’ve compiled a nice collection of analysis rules and detection modules that automatically do all the repetitive work for you. Life is great, until, …. You’ve got 100+ modules, some for slither, others for semgrep and things are getting out of hand! You have to spend time writing scripts to run the right modules at the right time, and it’s impossible to even keep track of what you can automatically detect.

Enterprise Ethereum Alliance (EEA) shapes the most mature standard for smart contract security. Consensys Diligence contributes to the EthTrust Security Levels Specification, spearheaded by the EEA EthTrust Security Levels Working Group.

Learn how an audit by the Diligence team made GLIF’s smart contracts and protocol more secure.

This blog post discusses Tidal’s engagement with Consensys Diligence to audit the protocol’s on-chain insurance smart contracts.

Consensys Diligence provides actionable tips on building secure and robust smart contracts in web3.

On May 6th 2023 DeusDao was exploited resulting in $6.5M in losses. A detailed write-up of the event can be found here. The root cause of the exploit, was a logical error in the burnFrom function. function burnFrom(address account, uint256 amount) public virtual { uint256 currentAllowance = _allowances[_msgSender()][account]; _approve(account, _msgSender(), currentAllowance - amount); _burn(account, amount); } On the first line of burnFrom, the message sender and account are accidentally swapped when computing the allowance for tokens to burn.

Announcing Diligence Fuzzing support for all Foundry developers to ensure easy and efficient smart contract security.

Consensys Diligence explains the Halo2 zero-knowledge prover and highlights bugs that can affect security of Halo2 circuits.