ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Friday Jun 22nd 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Melonport And Oyente Release Bug Checking Tool

By

Jeremy

Nation

WriterETHNews.com

A new tool designed to catch bugs in executable distributed code contracts is now in beta.

On June 19, 2017, digital asset management company Melonport AG, in partnership with developers at Oyente, revealed a beta version of an analysis tool designed to check for flaws in executable distributed code contracts (EDCCs).

The tool, also called Oyente from its namesake developers, was released to the public as open source code. It is compatible with any Ethereum-based EDCC language, including Soldity, Serpent, and LLL. Oyente was originally developed in an academic paper by National University of Singapore doctoral student Loi Luu. After running out of funding, Oyente was put on hold until February of 2017, when Melonport closed a funding round, raising 2.5 million Swiss francs and took interest in the project. According to Melonport, it was Oyente's potential “to greatly augment the Ethereum developer community’s ability to create safe and secure decentralized applications,” which drew them to partner and develop it. After six months of work, Oyente covers a great deal of Ethereum Virtual Machine (EVM) opcodes.

Reto Trinkler, CTO and Chairman of Melonport, touched on concerns of EDCC security when speaking of the Oyente tool. He said, "We believe analyzing disassembled opcodes from bytecode deployed to the blockchain and checking them against a set of properties is one of the most cost and time effective ways to reason about smart contract security to date. For the Melon protocol, this translates to a great open-source tool to help ensure quality and security standards in Melon modules."

Oyente published a blog describing changes to the code since its initial release. While most of the opcodes are supported on the EVM, some "are not possible to represent symbolically," such as DELEGATECALL and EXTCODECOPY. For opcodes such as these, developers at Oyente said they created context-sensitive analysis tools that reduce the potential for false positive results.

Luu expressed happiness to see the tool in use. "Oyente can be used to detect many common bugs found in smart contacts like reentrancy, transaction ordering dependence and so on. What’s more interesting is that Oyente’s design is modularized, so this allows advanced users to implement and plug in their own detection logic to check self-defined properties in their contracts. I look forward to seeing more contributions from the community to make Oyente even more powerful and useful."

The next steps for Oyente and Melonport are to continue to improve the tool before it comes out of beta testing. Future builds will implement support for ERC20 token tracking. The team reminds everyone that while the tool is still a work in progress, bugs may be present, so user feedback is crucial.

The development of Oyente brings more open source tools to the community at large. Mona El Isa, CEO of Melonport, expressed that the collaboration was endeavored upon with sharing in mind. "While formal verification is not a magical bullet for smart contract security, we’re very proud to be able to fund and share this open source symbolic execution tool with both our own module developers and the Ethereum community as a whole."

Jeremy Nation

Jeremy Nation is a writer living in Los Angeles with interests in technology, human rights, and cuisine.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Melonport, Oyente or other Ethereum technology news.