Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ethereumjs-util
Advanced tools
The ethereumjs-util package provides a set of utility functions for Ethereum. These utilities include functions for handling addresses, big numbers, hashing, and encoding/decoding data according to the Ethereum protocol standards. It is a foundational package that can be used to develop Ethereum-based applications, facilitating tasks such as transaction formatting, signature verification, and data conversion.
Address Formatting
Converts an Ethereum address to its checksummed version to prevent case sensitivity errors.
const { toChecksumAddress } = require('ethereumjs-util');
const checksumAddress = toChecksumAddress('0xfb6916095ca1df60bb79ce92ce3ea74c37c5d359');
console.log(checksumAddress);
Hashing
Generates a keccak256 hash of the input data, a common hashing function used in Ethereum.
const { keccak256 } = require('ethereumjs-util');
const hash = keccak256(Buffer.from('hello'));
console.log('Hash:', hash.toString('hex'));
Signature Verification
Signs a message hash with a private key and serializes the signature in a format compatible with RPC calls.
const { ecsign, toRpcSig } = require('ethereumjs-util');
const privateKey = Buffer.from('c87509a1c067bbde7aebb4d3c0a0b8ab8bd02b676c91662b5f41c4ec9863d8ee', 'hex');
const msgHash = keccak256(Buffer.from('hello'));
const sig = ecsign(msgHash, privateKey);
const serializedSig = toRpcSig(sig.v, sig.r, sig.s);
console.log('Signature:', serializedSig);
Web3 is a comprehensive Ethereum library that includes utilities similar to ethereumjs-util but also provides a wide range of functionalities to interact with Ethereum nodes directly. It covers the entire Ethereum API and is more extensive for building DApps.
Ethers is a lightweight library that aims to be a complete and compact library for interacting with the Ethereum Blockchain and its ecosystem. It includes utilities for addresses, big numbers, and hashing, similar to ethereumjs-util, but also features a complete set of functions to interact with smart contracts and blockchain data.
A collection of utility functions for ethereum. It can be used in node.js or can be in the browser with browserify.
MAX_INTEGER
- The max interger that the VM can handleTWO_POW256
- 2^256SHA3_NULL
- SHA3-256 hash of null
SHA3_RLP_ARRAY
- SHA3-256 of an rlp of an empty arraySHA3_RLP
- SHA3-256 hash of the rlp of null
ETH_UNITS
- an array of ethereum unitsBN
rlp
zeros(number)
Returns buffer filled with 0's
Parameters
number
- the number bytes to to returnReturn: buffer
pad(val, length)
pads an array
or buffer
with leading zeros till it has length
bytes
Parameters
val
- the value to padlength
- the of the resulting valueReturn: array
or buffer
unpad(val)
Trims leading zeros from a buffer or an array
Parameters
val
- a buffer
or and Array
to unpadReturn: buffer
or and Array
toBufer(val)
Attemps to turn a value into a Buffer
Parameters
val
theReturn: Buffer
intToHex(int)
Converts an Integer
into a hex String
Parameters
int
Return: String
intToBuffer(int)
Converts an Integer
to a Buffer
Parameters
int
Return: Buffer
bufferToInt(buf)
converts a Buffer
to an Interger
Parameters
buf
Return: Interger
fromSigned(buf)
interpets a Buffer
as a signed Integer
Parameters
buf
Return: BN.js
toUnsigned(num)
Converts a BN.js
to an unsigned interger
Parameters
num
- a BN.js
Return: buffer
publicToAddress(pubKey)
Returns the ethereum address of a given public key
Parameters
pubKey
- the public key as a buffer
Return: : buffer
privateToAddress(privateKey)
Returns the ethereum address of a given private key
Parameters
privateKey
- the private key as a buffer
Return: Buffer
privateToPublic(privateKey)
Returns the ethereum public key of a given private key
Parameters
privateKey
- the private key as a buffer
Return: Buffer
generateAddress(from, nonce)
Generates an address of a newly created contract. Don't forget to incerment the nonce to get the correct address.
Parameters
from
- the address of the account creating the contractnonce
- the creating accounts nonceReturn: Buffer
sha3(a, bytes)
Returns a sha3 of a
of the length of bytes
Parameters
a
the value to hashbytes
how many bytes the hash should beReturn: Buffer
printBA(ba)
Print a Buffer Array
Parameters
ba
- an Array
of Buffers
Return: a Buffer Array
baToJSON(ba)
converts a buffer array to JSON
Parameters
ba
- an Array
of Buffers
Return: a JSON Object
isHexPrefixed(String)
Returns a Boolean on whether or not the a sting starts with 0x
Parameters
String
Return: String
stripHexPrefix(String)
Removes 0x
from a given String
Parameters
String
Return: String
addHexPrefix(String)
Adds 0x
to a given string if it does not already start with 0x
Parameters
string
Return: string
defineProperties(self, fields)
defines properties on a Object
. It make the assumtion that underlying data is binary.
Parameters
self
- the Object
to define properties onfields
- an array fields to define. Fields can containname
the name of the propertieslength
the number of bytes the field can haveallowLess
if the field can be less than the length
allowEmpty
validate(fields, data)
Validate defined fields
Parameters
fields
data
Return: Boolean
Node.js Tests use Mocha. Test in the browser use Testling.
MPL-2.0
FAQs
A collection of utility functions for Ethereum
The npm package ethereumjs-util receives a total of 1,253,744 weekly downloads. As such, ethereumjs-util popularity was classified as popular.
We found that ethereumjs-util demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.