Security

A key innovation of the Lity compiler and virtual machine is that they are proactive in preventing common smart contract security issues. We have categorized known security issues with Ethereum Solidity smart contracts, extracted common coding patterns that lead to those issues, and installed checks for those patterns in both the Lity language compiler and the virtual machine. We believe that 95% of smart contract bugs that lead to money loss on Ethereum will not occur in the first place on the CyberMiles blockchain.

ERC checker

The ERC checker is a Lity compiler facility to make sure that smart contract source code correctly complies to the ERC standards they claim to implement. This analysis is done at the source code level by the compiler.

Static analysis

After the Lity compiler generates the bytecode for the smart contract, it automatically runs the Oyente static analysis tool to check for common security issues, such as call stack bugs, reentrancy issues, time dependency, and concurrency bugs. Oyente has a library of rules, which is frequently updated to check for new security issues.

Overflow protection

One of the most common security issues in Ethereum smart contracts is integer overflow. Lity proactively eliminates the opportunities for integer overflow in smart contract code. Specifically, Lity takes a two-pronged approach to prevent integer overflow at both source code and execution runtime levels.

  • Lity supports a new safeuint data type for safe integers. All safeuint operations are automatically wrapped in SafeMath functions and hence are protected from overflows. Because of that, safeuint is Lity’s recommended data type to represent token or coin amounts.
  • The CyberMiles Virtual Machine detects integer overflow at runtime, and stops the contract execution with an error, as opposed to continuing with the overflewn integer numbers.