Bitcoin
Bitcoin (BTC)
$95,087.00 -1.19483
Bitcoin price
Ethereum
Ethereum (ETH)
$3,550.18 -2.36875
Ethereum price
BNB
BNB (BNB)
$648.83 1.1231
BNB price
Solana
Solana (SOL)
$222.30 -1.64632
Solana price
XRP
XRP (XRP)
$2.52 -6.23187
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000277 -4.77659
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -3.09204
Pepe price
Bonk
Bonk (BONK)
$0.0000401 -5.93326
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 0.23292
dogwifhat price
Popcat
Popcat (POPCAT)
$1.36 15.81237
Popcat price
Bitcoin
Bitcoin (BTC)
$95,087.00 -1.19483
Bitcoin price
Ethereum
Ethereum (ETH)
$3,550.18 -2.36875
Ethereum price
BNB
BNB (BNB)
$648.83 1.1231
BNB price
Solana
Solana (SOL)
$222.30 -1.64632
Solana price
XRP
XRP (XRP)
$2.52 -6.23187
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000277 -4.77659
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -3.09204
Pepe price
Bonk
Bonk (BONK)
$0.0000401 -5.93326
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 0.23292
dogwifhat price
Popcat
Popcat (POPCAT)
$1.36 15.81237
Popcat price
Bitcoin
Bitcoin (BTC)
$95,087.00 -1.19483
Bitcoin price
Ethereum
Ethereum (ETH)
$3,550.18 -2.36875
Ethereum price
BNB
BNB (BNB)
$648.83 1.1231
BNB price
Solana
Solana (SOL)
$222.30 -1.64632
Solana price
XRP
XRP (XRP)
$2.52 -6.23187
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000277 -4.77659
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -3.09204
Pepe price
Bonk
Bonk (BONK)
$0.0000401 -5.93326
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 0.23292
dogwifhat price
Popcat
Popcat (POPCAT)
$1.36 15.81237
Popcat price
Bitcoin
Bitcoin (BTC)
$95,087.00 -1.19483
Bitcoin price
Ethereum
Ethereum (ETH)
$3,550.18 -2.36875
Ethereum price
BNB
BNB (BNB)
$648.83 1.1231
BNB price
Solana
Solana (SOL)
$222.30 -1.64632
Solana price
XRP
XRP (XRP)
$2.52 -6.23187
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000277 -4.77659
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000195 -3.09204
Pepe price
Bonk
Bonk (BONK)
$0.0000401 -5.93326
Bonk price
dogwifhat
dogwifhat (WIF)
$3.08 0.23292
dogwifhat price
Popcat
Popcat (POPCAT)
$1.36 15.81237
Popcat price

PayPal’s secret strategy to smart contact security revealed

paypals-secret-strategy-to-smart-contact-security-revealed
Edited by
News
PayPal’s secret strategy to smart contact security revealed

Trust — white hat hacker and head of smart contract auditing firm Trust Security — shed some light on a peculiar feature of the smart contract powering PayPal’s new stablecoin PYUSD.

In a recent tweet, Trust pointed out that they have “seen a lot of dunking on PayPal for using an ancient Solidity compiler.”

As pointed out in a recent article, an analysis of the smart contract revealed that the company used Solidity compiler version 0.4.24.

Considering that version 0.4.24 of Solidity was released on May 16, 2018, shows that the version chosen by PayPal was ancient indeed. Still, this is not necessarily a bad thing.

Trust explained that when choosing a Solidity compiler version, a programmer is looking for a compromise with the latest versions guaranteeing lower gas usage and more features. In contrast, older versions have been tested for longer and feature fewer unknowns.

In other words, older compilers are less likely to feature unknown vulnerabilities. He concluded someone may want to use an older version “because it withstood the test of time.”

Furthermore, Trust also pointed out that PayPal’s token is powered by a single short smart contract and the SafeMath library. This shallow complexity system does not require new features, with the objective being an “ultra-robust code used for the next 10+ years, not to do anything too fancy.”

Trust also explained, “The simpler the codebase and the fewer the integrations with outside code, the earlier you can set the compiler version and get away with it.”

In addition to that, this is also in line with the cybersecurity principle of attack surface reduction — where programmers look to make a system as simple and barebones as possible to reduce the probability of vulnerabilities hiding in unnecessary complexity and libraries.

Trust further highlighted that “immutable smart contracts are inherently different from traditional software” since there are no “periodic patch days or emergency releases.” The only viable approach is to “hope all components of the codebase are safe at a specific point in time,” and PayPal developers “can now rely on five years of compiler testing.”