Secureum Book
  • 🛡️Secureum Bootcamp
    • 🛡️Secureum Bootcamp
    • 🙌Participate
    • 📜History
  • 📚LEARN
    • Introduction
      • 🔷1. Ethereum Basics
        • 1.1 Ethereum: Concept, Infrastructure & Purpose
        • 1.2 Properties of the Ethereum Infrastructure
        • 1.3 Ethereum vs. Bitcoin
        • 1.4 Ethereum Core Components
        • 1.5 Gas Metering: Solving the Halting Problem
        • 1.6 web2 vs. web3: The Paradigm Shift
        • 1.7 Decentralization
        • 1.8 Cryptography, Digital Signature & Keys
        • 1.9 Ethereum State & Account Types
        • 1.10 Transactions: Properties & Components
        • 1.11 Contract Creation
        • 1.12 Transactions, Messages & Blockchain
        • 1.13 EVM (Ethereum Virtual Machine) in Depth
        • 1.14 Transaction Reverts & Data
        • 1.15 Block Explorer
        • 1.16 Mainnet & Testnets
        • 1.17 ERCs & EIPs
        • 1.18 Legal Aspects in web3: Pseudonymity & DAOs
        • 1.19 Security in web3
        • 1.20 web2 Timescales vs. web3 Timescales
        • 1.21 Test-in-Prod. SSLDC vs. Audits
        • Summary: 101 Keypoints
      • 🌀2. Solidity
        • 2.1 Solidity: Influence, Features & Layout
        • 2.2 SPDX & Pragmas
        • 2.3 Imports
        • 2.4 Comments & NatSpec
        • 2.5 Smart Contracts
        • 2.6 State Variables: Definition, Visibility & Mutability
        • 2.7 Data Location
        • 2.8 Functions
        • 2.9 Events
        • 2.10 Solidity Typing
        • 2.11 Solidity Variables
        • 2.12 Address Type
        • 2.13 Conversions
        • 2.14 Keywords & Shorthand Operators
        • 2.15 Solidity Units
        • 2.16 Block & Transaction Properties
        • 2.17 ABI Encoding & Decoding
        • 2.18 Error Handling
        • 2.19 Mathematical & Cryptographic Functions
        • 2.20 Control Structures
        • 2.21 Style & Conventions
        • 2.22 Inheritance
        • 2.23 EVM Storage
        • 2.24 EVM Memory
        • 2.25 Inline Assembly
        • 2.26 Solidity Version Changes
        • 2.27 Security Checks
        • 2.28 OpenZeppelin Libraries
        • 2.29 DAppSys Libraries
        • 2.30 Important Protocols
        • Summary: 201 Keypoints
      • 🔏3. Security Pitfalls & Best Practices
        • 3.1 Solidity Versions
        • 3.2 Access Control
        • 3.3 Modifiers
        • 3.4 Constructor
        • 3.5 Delegatecall
        • 3.6 Reentrancy
        • 3.7 Private Data
        • 3.8 PRNG & Time
        • 3.9 Math & Logic
        • 3.10 Transaction Order Dependence
        • 3.11 ecrecover
        • 3.12 Unexpected Returns
        • 3.13 Ether Accounting
        • 3.14 Transaction Checks
        • 3.15 Delete Mappings
        • 3.16 State Modification
        • 3.17 Shadowing & Pre-declaration
        • 3.18 Gas & Costs
        • 3.19 Events
        • 3.20 Unary Expressions
        • 3.21 Addresses
        • 3.22 Assertions
        • 3.23 Keywords
        • 3.24 Visibility
        • 3.25 Inheritance
        • 3.26 Reference Parameters
        • 3.27 Arbitrary Jumps
        • 3.28 Hash Collisions & Byte Level Issues
        • 3.29 Unicode RTLO
        • 3.30 Variables
        • 3.31 Pointers
        • 3.32 Out-of-range Enum
        • 3.33 Dead Code & Redundant Statements
        • 3.34 Compiler Bugs
        • 3.35 Proxy Pitfalls
        • 3.36 Token Pitfalls
        • 3.37 Special Token Pitfalls
        • 3.38 Guarded Launch Pitfalls
        • 3.39 System Pitfalls
        • 3.40 Access Control Pitfalls
        • 3.41 Testing, Unused & Redundand Code
        • 3.42 Handling Ether
        • 3.43 Application Logic Pitfalls
        • 3.44 Saltzer & Schroeder's Design Principles
        • Summary: 201 Keypoints
      • 🗜️4. Audit Techniques & Tools
        • 4.1 Audit
        • 4.2 Analysis Techniques
        • 4.3 Specification, Documentation & Testing
        • 4.4 False Positives & Negatives
        • 4.5 Security Tools
        • 4.6 Audit Process
        • Summary: 101 Keypoints
      • ☝️5. Audit Findings
        • 5.1 Criticals
        • 5.2 Highs
        • 5.3 Mediums
        • 5.4 Lows
        • 5.5 Informationals
        • Summary: 201 Keypoints
  • 🌱CARE
    • CARE
      • CARE Reports
  • 🚩CTFs
    • A-MAZE-X CTFs
      • Secureum A-MAZE-X
      • Secureum A-MAZE-X Stanford
      • Secureum A-MAZE-X Maison de la Chimie Paris
Powered by GitBook
On this page
  • DSProxy
  • DSMath
  • DSAuth
  • DSGuard
  • DSRoles
  1. LEARN
  2. Introduction
  3. 2. Solidity

2.29 DAppSys Libraries

We now move on to a different set of libraries provided by the DAppSys teams at DappHub. These are used commonly in smart contracts as an alternative to the OpenZeppelin libraries that we have discussed.

DSProxy

The first one is the DAppSys DSProxy. This implements a simple Proxy that is deployed as a standalone contract and can be used by the Owner to execute the code the logic that is implemented in the implementation contract.

The user would pass in the contract byte code along with the function call data, the call data remember that it specifies the function selector of the function to be called along with the arguments for that function. This library provides a way for the user to both create the implementation contract using the bytecode provided, then delegating the call, to that contract, the specific function, the arguments as specified in the call data. There are associated libraries related to DSProxy that help implement a factory contract as well as some caching mechanism.

DSMath

DAppSys provides a DSMath library that provides math parameters for arithmetic functions. The first set of primitives are arithmetic functions that can be safely used without the risk of underflow and overflow. These are equivalent of the SafeMath library from OpenZeppelin. Here we can find the add , sub , mul functions. There is no div function because the Solidity compiler has built-in divide by zero checking. DSMath also provides support for fixed-point math.

It introduces two new types:

  • The Wad type: for decimal numbers with 18 digits of precision.

  • The Ray type: for decimal numbers with 27 digits of precision.

There are different functions that help one operate on the Wad and Ray types.

DSAuth

The DSAuth library provides support for developers to implement an authorization pattern that is completely separate from the application logic.

It does so by providing an auth modifier that can be applied to different functions and internally this modifier calls the isAuthorized() function that checks, if the msg.sender is either the owner of this contract or the contract itself. This is the default functionality.

This can also be specified to check, if the msg.sender has been granted permission by a specified authority.

DSGuard

The DSGuard library helps implementing an access control list (ACL). This is a combination of a source address destination address and a function signature.

This library can be used as the authority that we just discussed in the context of the DSAuth library. This implements a function canCall() that looks up the access control list and determines if the source address can call the function specified by the function signature at the destination address.

So it's a combination of the source, destination and the signature that determines the value of the bool that's either true or false: [src][dst][sig] => boolean.

When used as an authority by DSAuth, the source refers to the msg.sender, the destination is the contract that includes this library, the signature refers to the function signature.

DSRoles

The DSRoles library provides support for implementing role-based access control (this is something we discussed in the context of OpenZeppelin's AccessControl library as well). In this case it implements different access control lists, that specify roles and associated capabilities. It provides a canCall() function that determines, if a user is allowed to call a function at a particular address by looking up the roles and capabilities defined in the access control list.

RBAC is implemented via mechanisms, there is a concept of root users, who are users allowed to call any function regardless of what roles and capabilities are defined for that function. There's a concept of public capabilities that are global capabilities that apply to all users. Finally, there are role specific capabilities that are applied when the user is not the root user and the capability is not a public capability.

Previous2.28 OpenZeppelin LibrariesNext2.30 Important Protocols

Last updated 1 year ago

📚
🌀