Making ‘npm install’ Safe

Kate Sills talks about some of the security issues using NPM packages, the EventStream incident that created a security breach in a package, and Realms and SES (Secure ECMAScript) as possible solutions to NPM package security vulnerabilities. Read more

Trains, Hotels, and Async

Dean Tribble presented a solution to the train-hotel problem at the Stanford Blockchain Conference. The train-hotel problem comes from Andrew Miller and demonstrates a difficulty with cross-shard communication. In the problem, we want to get a train ticket AND a hotel reservation - if we don’t get both, we want neither. Read more

Preventing Reentrancy Attacks in Smart Contracts

Reentrancy attacks can be entirely prevented with eventual-sends. Eventual-sends (think JavaScript promises — promises actually come from eventual-sends!) allow you to call a function asynchronously and receive a promise, even if the function is on another machine, another blockchain, or another shard, making sharding and cross-chain contract communication much easier. Read more

POLA Would Have Prevented the Event-Stream Incident

A popular npm package, event-stream, included malicious code that attempted to steal the private keys of certain Bitcoin users. At Agoric, we think this attack was entirely preventable, and the answer is POLA, the Principle of Least Authority. Read more

Agoric Releases SES: Secure JavaScript

SES takes us one step closer to a world of smart contracts by creating a secure subset of JavaScript for object capabilities. With SES, even untrusted JavaScript programs can execute in the same environment safely. Read more

Agoric Joins ECMAScript Committee (TC39) and ECMA International

We’re excited to announce that Agoric has been unanimously approved as a member of ECMA International and TC39. ECMA International is the organization responsible for publishing ECMAScript (JavaScript) standards, and TC39 is the working group in which decisions about the future of JavaScript are made. Read more

Introducing Agoric

Agoric is committed to making strong security easier to achieve. We are delighted to announce that Agoric has completed a seed funding round from the Zcash Company, Naval Ravikant, and Polychain Capital. Read more