Engineering Weekly Updates

Monday March 30

We released a new version of Zoe (v0.3.0), which makes it easier for users to escrow with Zoe and receive their payouts. This version eliminates the array structure for offer rules and instead allows the user to make their offer using Javascript objects with specialized keys called "keywords”.

We’ve started Dynamic IBC implementation.

Read Past Weekly Updates

03.28.2020

TC39 Panel Discussion at JSConf in Hawaii

Members of the TC39 committee including Agoric’s Chief Scientist Mark S. Miller join Cassidy Williams to answer questions sourced from the JSConf Hawaii audience about how the committee decides on changes to the language, and how companies, organizations, or individuals can get more involved. Read more

01.16.2020

How Zoe Ensures You Won’t Leave Empty-Handed

Zoe is our new platform that provides an innovative, much safer approach for building and interacting with smart contracts. Elsewhere we talk about “offer safety” in Zoe: the assurance that on payout, a client of a contract either gets what they want or gets a refund. Here, I’m going to dig into another feature of Zoe, “payout liveness” (also referred to as “exit safety” in early presentations)...Read more

01.13.2020

Chip Morningstar Joins Agoric

We’re excited that Chip Morningstar has joined Agoric as a software engineer as of January 2020. A longtime associate of Agoric’s team members, Chip has built and shipped systems in varied realms from gaming to smart contracts to digital payments. Read more

11.19.2019

Staking Hub: Cosmos Game of Zones AMA

Zaki Manian (Tendermint team) & Dean Tribble (Agoric) joined Staking Hub on Nov 5, 2019 to discuss Cosmos IBC and Game of Zones (GoZ). IBC enables blockchains to exchange value & data. Read more

10.24.2019

Realms and Evaluator Shim Security

Two security bugs were found and fixed in the realms-shim library, so all users should upgrade to the latest version. A new, simpler evaluator-shim library is being developed, with a smaller attack surface. Future security efforts will focus on this alternative library. Read more

10.15.2019

Zoe vs. the Low-Level Status Quo

Deciding to send a payment to a blockchain address can be nerve-racking. You think you’re getting something in return, but will you? You think you’ve looked at the contract code, but maybe you missed something. Contracts have bugs. If only there was a way to guarantee that the money that you send isn’t stolen. If you could guarantee that you would get what you wanted, or get a refund, that’d ad...Read more

10.10.2019

TC39 Proposals

During the last TC39 meeting, 4 proposals we’ve been working on made it to Stage 1. Read more

10.02.2019

Realms-shim Security Updates

Four security-critical bugs were discovered and fixed in the ‘realms-shim’ and ‘SES’ libraries, which underpin Agoric’s secure JavaScript platform. All users should upgrade to the latest versions. Read more

08.03.2019

Making ‘npm install’ Safe

Kate Sills talks about some of the security issues using NPM packages, the EventStream incident that created a security breach in a package, and Realms and SES (Secure ECMAScript) as possible solutions to NPM package security vulnerabilities. Read more

02.01.2019

Trains, Hotels, and Async

Dean Tribble presented a solution to the train-hotel problem at the Stanford Blockchain Conference. The train-hotel problem comes from Andrew Miller and demonstrates a difficulty with cross-shard communication. In the problem, we want to get a train ticket AND a hotel reservation - if we don’t get both, we want neither. Read more

01.28.2019

Preventing Reentrancy Attacks in Smart Contracts

Reentrancy attacks can be entirely prevented with eventual-sends. Eventual-sends (think JavaScript promises — promises actually come from eventual-sends!) allow you to call a function asynchronously and receive a promise, even if the function is on another machine, another blockchain, or another shard, making sharding and cross-chain contract communication much easier. Read more

12.03.2018

POLA Would Have Prevented the Event-Stream Incident

A popular npm package, event-stream, included malicious code that attempted to steal the private keys of certain Bitcoin users. At Agoric, we think this attack was entirely preventable, and the answer is POLA, the Principle of Least Authority. Read more

07.28.2018

Agoric Releases SES: Secure JavaScript

SES takes us one step closer to a world of smart contracts by creating a secure subset of JavaScript for object capabilities. With SES, even untrusted JavaScript programs can execute in the same environment safely. Read more

07.13.2018

Agoric Joins ECMAScript Committee (TC39) and ECMA International

We’re excited to announce that Agoric has been unanimously approved as a member of ECMA International and TC39. ECMA International is the organization responsible for publishing ECMAScript (JavaScript) standards, and TC39 is the working group in which decisions about the future of JavaScript are made. Read more

05.21.2018

Introducing Agoric

Agoric is committed to making strong security easier to achieve. We are delighted to announce that Agoric has completed a seed funding round from the Zcash Company, Naval Ravikant, and Polychain Capital. Read more