Realms and Evaluator Shim Security

Two security bugs were found and fixed in the realms-shim library, so all users should upgrade to the latest version. A new, simpler evaluator-shim library is being developed, with a smaller attack surface. Future security efforts will focus on this alternative library. Read more

Zoe vs. the Low-Level Status Quo

Deciding to send a payment to a blockchain address can be nerve-racking. You think you’re getting something in return, but will you? You think you’ve looked at the contract code, but maybe you missed something. Contracts have bugs. If only there was a way to guarantee that the money that you send isn’t stolen. If you could guarantee that you would get what you wanted, or get a refund, that’d ad...Read more

TC39 Proposals

During the last TC39 meeting, 4 proposals we’ve been working on made it to Stage 1. Read more

Realms-shim Security Updates

Four security-critical bugs were discovered and fixed in the ‘realms-shim’ and ‘SES’ libraries, which underpin Agoric’s secure JavaScript platform. All users should upgrade to the latest versions. Read more

Making ‘npm install’ Safe

Kate Sills talks about some of the security issues using NPM packages, the EventStream incident that created a security breach in a package, and Realms and SES (Secure ECMAScript) as possible solutions to NPM package security vulnerabilities. Read more

Trains, Hotels, and Async

Dean Tribble presented a solution to the train-hotel problem at the Stanford Blockchain Conference. The train-hotel problem comes from Andrew Miller and demonstrates a difficulty with cross-shard communication. In the problem, we want to get a train ticket AND a hotel reservation - if we don’t get both, we want neither. Read more

Preventing Reentrancy Attacks in Smart Contracts

Reentrancy attacks can be entirely prevented with eventual-sends. Eventual-sends (think JavaScript promises — promises actually come from eventual-sends!) allow you to call a function asynchronously and receive a promise, even if the function is on another machine, another blockchain, or another shard, making sharding and cross-chain contract communication much easier. Read more

POLA Would Have Prevented the Event-Stream Incident

A popular npm package, event-stream, included malicious code that attempted to steal the private keys of certain Bitcoin users. At Agoric, we think this attack was entirely preventable, and the answer is POLA, the Principle of Least Authority. Read more

Agoric Releases SES: Secure JavaScript

SES takes us one step closer to a world of smart contracts by creating a secure subset of JavaScript for object capabilities. With SES, even untrusted JavaScript programs can execute in the same environment safely. Read more

Agoric Joins ECMAScript Committee (TC39) and ECMA International

We’re excited to announce that Agoric has been unanimously approved as a member of ECMA International and TC39. ECMA International is the organization responsible for publishing ECMAScript (JavaScript) standards, and TC39 is the working group in which decisions about the future of JavaScript are made. Read more

Introducing Agoric

Agoric is committed to making strong security easier to achieve. We are delighted to announce that Agoric has completed a seed funding round from the Zcash Company, Naval Ravikant, and Polychain Capital. Read more