Unilayer Network code security upgrades. Ethereum dependencies
Almost any Web3 project has a dependency on another major project — Ethereum, for example. In the blockchain world, this is more natural than anywhere else.
As you know, Ethereum has just done the merge and moved to PoS — a completely different consensus system. For projects that depend on Ethereum, such a big change can also mean big problems.
Unilayer Network partnership code security works
Today we just helped our partner, Unilayer Network, make major preparations to integrate with Ethereum. We succeeded in helping Unilayer isolate Ethereum functionality into a submodule, which will allow our partner to avoid many update issues and security problems during the full Ethereum integration.
Unilayer Network smart contracts are EVM based, and all the dependencies were previously written in the code with no isolation. We insisted Unilayer Ethereum data be hauled by submodules.
Few words about submodules and dependencies
Separating, isolating and putting dependency code into a submodule is a rather painstaking task, but a submodule is the optimal way to handle dependencies on large projects and their libraries. Once set up, submodules allow your project to stop being responsible for other projects’ code, its updates and its security.
It solves the main issue of such dependencies: if a project library you rely on has an update vulnerability, your project will be affected as well. Without a submodule, you may never find out there was a vulnerability and an update in the first place — until your project got hacked.
Submodules can be set up to notify you when the parent repository changes. With a submodule, the data of projects you depend on can be tracked, can be monitored, and can be managed.
While it might seem complicated and costly for a new project, in the long-term perspective submodules are a simpler, cheaper, safer and more convenient way to interact with your code than frantically reviewing the code in its entirety in case of an emergency.
Submodules for large dependencies are the right way from the security point of view, and the right way as far as the ideology of open source code handling is concerned.
About SmartState
Launched in 2019 and located in Dubai, SmartState is retaining the place of one of the leading DeFi security auditing companies. We carry out tests of security of the code core, smart contracts and blockchain for all types of errors or vulnerabilities.
We specialize in manual testing, so the SmartState’s tech team of white-hat security professionals carefully measures up a project’s git and supports clients with guidelines and recommendations for the further advancement. Our security audit reports review the threats and vulnerabilities with which codebases may be exploited in the future, because the network achieves scalability and expands to accommodate more use cases and functionality.
Stay tuned and find more about us and what we provide on our:
