Augur -Updated details+ New devlopment update
Augur (REP) Core Release v0.10.8
Augur (REP) Core Release v0.10.10
Ethereum contracts for a decentralized prediction market platform.
Augur (REP) Core Release v0.11.0-8
Augur Core (REP) Release v0.12.0-0 - Reporting Refactor
Release of the new dispute only reporting system
Augur - Solidity Compiler Audit Report
In September 2017, Augur engaged Coinspect to perform a security audit of the Solidity Compiler. The objective of the audit was to evaluate the security of the compiler. Sergio Lerner lead the audit, and has delivered a thorough report of the codebase.
The full report can be found here, and summary of the audit and issues can be found next.
During the assessment, Coinspect identified 0 high-risk issues, 0 medium-risk issues, and 10 low-risk issues. The issues identified during the assessment do not lead to the compilation of vulnerable code. Some of the low-risk issues were communicated to the Solidity team and fixed in newer releases, while some other issues remain unfixed.
Development teams of products which one or more of these issues may effect were notified on Friday, December 8th, 2017.
The audited project can be found in the ethereum/solidity Github repository.
A white box security audit was conducted on the Solidity Compiler in order to detect detect compiler flaws that can result in:
- Reduction of the security of the deployed contracts.
- Result in non-deterministic behavior.
- Malicious code execution or crashes when parsing specially crafted Solidity source code.
- Resource exhaustion during compilation, either CPU, memory or disk.
- Compiled code that consumes a non-constant amount of gas (e.g. depending on arguments), where the programmer would have expected constant cost.
- Facilitating underhanded code (trojans in open code).
Also common application security vulnerabilities were searched, including:
- Input validation.
- Denial of service prevention.
- Brute-forcing prevention.
- Information disclosure.
- Memory corruption vulnerabilities: buffer overflows, user supplied format strings.
- Integer overflows.
- Pointer management vulnerabilities: Double-free, use-after-free.
The audit was completed on October 2017, but the the report was completed on November 2017. This reports includes all the results from the audit.
SOL-001 — O(n2) compiler output blow-up by forced warnings/errors.
SOL-002 — O(n3) compiler output blow-up by function name duplicates.
SOL-003— RAM blow-up by constants cycles.
SOL-004 — RAM blow-up by exponential steps in constant cycle findings.
SOL-005 — Unbounded gas cost when deleting dynamically sized arrays.
SOL-006 — Duplicated super-constructor calls not reported.
SOL-007 — Error-prone Multi-Assignment with empty LValues.
SOL-008 — CPU blow-up using huge bignums literals.
SOL-009 — Output messages size blow-up using huge bignums literals.
SOL-010 — Easy underhanded code using false overrides.
The full audit report can be seen here: Solidity Compiler Audit Report.
Augur (REP) Update Contracts v3.5.0-1
Augur (REP) Update Contracts v3.5.0-11
Augur [REP] Update Core v1.0.0-1
Augur Weekly Development Update — June 13th
The Augur bounty program will be launching on HackerOne tomorrow. It will begin in a private invite-only mode for the first week, and afterwards it will be opened to the public. If you wish to be invited during the first week, please send us an email.
This past week we disclosed some details surrounding deployment in the Augur Discord. The deployment of Augur will be its full set of contracts, with no filtering or limitations within the reference UI. After a successful deployment and the automatic migration of REP is complete, all of Augurs functionally will be available to users who choose to use the Augur protocol. The Forecast Foundation will not be creating any markets nor facilitate the creation of any markets.
Joey had a few media appearances this past week, first appearing on Laura Shins Unconfirmed podcast talking about Augur and stablecoins:
He also gave a talk in New Zealand about ‘Creating Your Own Financial Market’ where he describes what drove him to found the Augur project:
We’re still hunting for bugs, improving Augur Node, and polishing off Augur App. If you want to help us search for bugs, have some feedback on the UI, or just have something you want to share with us, come chat!
augur-core — Augur back-end (Ethereum contracts)github.com
augur | clientgithub.com
augur-node — Public Augur node for serving market datagithub.com
docs — Augur documentationgithub.com
whitepaper — The Augur Project Whitepapergithub.com
The Augur Team