Continuing the security snippet trend, I am going to investigate some other prime examples of issues that can be faced within smart contract code both small and big that need to be properly vetted and pointed out during a due diligence review.

This time the focus will be ERC-20 contract…


We will continue the security-oriented tidbits by delving a little bit deeper into how re-entrancy attacks, a relatively unique trait to Ethereum, and improper data-caching can cause various types of attacks to manifest, including multi-million past incidents.

EVM State Machine

The EVM which all code is executed upon operates in a straightforward, deterministic…


In this article, I will list and investigate a few relatively common albeit non-basic mistakes that people tend to introduce in their codebases without being aware of their consequences.

My plan is to release such tidbits from time to time to “immortalize” my security-related knowledge and make it easier for…


The Ethereum Virtual Machine, or EVM for short, is an often misunderstood engine that is responsible for executing the compiled code of smart contracts and is what all high-level languages, such as Solidity and Vyper, get compiled to.

Although discussed in the Yellow Paper Ch.9 in length, there aren’t many…


One of the many reasons Ethereum has come to be as successful as it is today is that it seamlessly allows smart contracts within its ecosystem to interact between them, enforcing a set of abstractions that allow a strongly typed system to invoke arbitrary functions and thus contracts.

While powerful…


I had a discussion the other day with one of my friends regarding government-instated censorship and how manipulatable the whole internet is, ultimately supported by a select few companies of a conglomerate cabal that can theoretically impose whatever they wish on the users of the internet.

My viewpoint on the…


Ethereum smart contract development has been around for quite a while yet only recently has it seen widespread adoption by the general developer community.

As by nature smart contracts on Ethereum are able and usually meant to interact between them, a set of guidelines have been proposed from time to…


A very important step that takes place in a project’s formal audit is the scoping process in which auditors are called to gauge the complexity of a project and assess how much time it would theoretically take to audit the project’s code in full.

I will attempt to explain my…


In the blockchain space, the term “decentralization” has been hashed over again and again leading to it deviating from its true meaning as well as purpose. …


In the past, projects used to not care about gas-optimized code and instead focused their code reviews entirely on security. However, with gas spikes becoming more prevalent than ever, gas optimizations are becoming a trending topic that a lot of folks are interested in.

In this article we will attempt…

Alex Papageorgiou

A Solidity security auditor keen to share his knowledge.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store