Whats up all! I am Dan Guido, the CEO & co-founder of Path of Bits, the agency that Nick is criticizing on this weblog submit. I simply need to say that you simply’re free to comply with Nick’s recommendation and ignore our recommendation at your individual peril.

We have performed greater than 100 good contract safety evaluations and the vast majority of contracts that help upgradeability have had critical flaws in them. We have helped stop dozens of tasks from launching code that’s unimaginable to improve, would lead to damaged or partial upgrades, or had questions of safety that might inadvertently lose tens of millions of ETH with a easy typo. We have spent unbelievable effort documenting these flaws for the group to allow them to keep away from these points, even when they are not our shoppers, by writing weblog posts documenting them and constructing instruments to assist mechanically detect them.

For those who contemplate there’s even an opportunity we’re right (which it’s best to, given our expertise and empirical outcomes), then it’s best to overview the next papers we have revealed and run our `slither-check-upgradeability` software to help together with your code evaluations.

  1. Contract upgrade anti-patterns

  2. How contract migration works

  3. Upgradeable contracts made safer with Crytic

Upgradeability is just not a subject to be taken calmly, because it entails the low-level manipulation of the EVM in ways in which few are skilled. After all, readers are free to disregard the dangers, as Nick has seemingly really helpful right here to the detriment of our group. We do not need to see upgrades fail in apply and we predict this recommendation will trigger them to take action.

Lastly, readers needs to be conscious that we not too long ago performed a overview of Nick’s diamond normal on a paid engagement for a consumer. The outcomes are forthcoming.

Source link


Please enter your comment!
Please enter your name here