Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
ethereumjs-util
Advanced tools
The ethereumjs-util package provides a set of utility functions for Ethereum. These utilities include functions for handling addresses, big numbers, hashing, and encoding/decoding data according to the Ethereum protocol standards. It is a foundational package that can be used to develop Ethereum-based applications, facilitating tasks such as transaction formatting, signature verification, and data conversion.
Address Formatting
Converts an Ethereum address to its checksummed version to prevent case sensitivity errors.
const { toChecksumAddress } = require('ethereumjs-util');
const checksumAddress = toChecksumAddress('0xfb6916095ca1df60bb79ce92ce3ea74c37c5d359');
console.log(checksumAddress);
Hashing
Generates a keccak256 hash of the input data, a common hashing function used in Ethereum.
const { keccak256 } = require('ethereumjs-util');
const hash = keccak256(Buffer.from('hello'));
console.log('Hash:', hash.toString('hex'));
Signature Verification
Signs a message hash with a private key and serializes the signature in a format compatible with RPC calls.
const { ecsign, toRpcSig } = require('ethereumjs-util');
const privateKey = Buffer.from('c87509a1c067bbde7aebb4d3c0a0b8ab8bd02b676c91662b5f41c4ec9863d8ee', 'hex');
const msgHash = keccak256(Buffer.from('hello'));
const sig = ecsign(msgHash, privateKey);
const serializedSig = toRpcSig(sig.v, sig.r, sig.s);
console.log('Signature:', serializedSig);
Web3 is a comprehensive Ethereum library that includes utilities similar to ethereumjs-util but also provides a wide range of functionalities to interact with Ethereum nodes directly. It covers the entire Ethereum API and is more extensive for building DApps.
Ethers is a lightweight library that aims to be a complete and compact library for interacting with the Ethereum Blockchain and its ecosystem. It includes utilities for addresses, big numbers, and hashing, similar to ethereumjs-util, but also features a complete set of functions to interact with smart contracts and blockchain data.
A collection of utility functions for ethereum. It can be used in node.js or can be in the browser with browserify.
MAX_INTEGER
- The max integer that the VM can handleTWO_POW256
- 2^256SHA3_NULL
- SHA3-256 hash of null
SHA3_RLP_ARRAY
- SHA3-256 of an RLP of an empty arraySHA3_RLP
- SHA3-256 hash of the RLP of null
BN
rlp
zeros(number)
Returns buffer filled with 0's
Parameters
number
- the number of bytes to returnReturn: Buffer
pad(val, length)
Pads an Array
or Buffer
with leading zeros till it has length
bytes
Parameters
val
- the value to padlength
- the of the resulting valueReturn: Array
or Buffer
rpad(val, length)
Pads an Array
or Buffer
with trailing zeros till it has length
bytes
Parameters
val
- the value to padlength
- the of the resulting valueReturn: Array
or Buffer
unpad(val)
Trims leading zeros from a Buffer
or an Array
Parameters
val
- a Buffer
or an Array
to unpadReturn: Buffer
or Array
toBuffer(val)
Attempts to turn a value into a Buffer. Attempts to turn a value into a Buffer. Supports Buffer, string, number, null/undefined, BN.js or other objects with a toArray() method.
Parameters
val
the object to be convertedReturn: Buffer
intToHex(int)
Converts an Integer
into a hex String
Parameters
int
Return: String
intToBuffer(int)
Converts an Integer
to a Buffer
Parameters
int
Return: Buffer
bufferToInt(buf)
Converts a Buffer
to an Integer
Parameters
buf
Return: Interger
fromSigned(buf)
Interprets a Buffer
as a signed Integer
Parameters
buf
Return: BN.js
toUnsigned(num)
Converts a BN.js
to an unsigned integer
Parameters
num
- a BN.js
Return: buffer
publicToAddress(pubKey)
Returns the ethereum address of a given public key
Parameters
pubKey
- the public key as a Buffer
Return: : Buffer
privateToAddress(privateKey)
Returns the ethereum address of a given private key
Parameters
privateKey
- the private key as a Buffer
Return: Buffer
privateToPublic(privateKey)
Returns the ethereum public key of a given private key Parameters
privateKey
- the private key as a Buffer
Return: Buffer
generateAddress(from, nonce)
Generates an address of a newly created contract. Don't forget to increment the nonce to get the correct address. Parameters
from
- the address of the account creating the contractnonce
- the creating accounts nonceReturn: Buffer
sha3(a, bytes)
Returns a sha3 of a
of the length of bytes
Parameters
a
- the value to hashbytes
- how many bytes the hash should beReturn: Buffer
sha256(a, bytes)
Returns a sha256 of a
Parameters
a
- the value to hashReturn: Buffer
ripemd160(a, bytes)
Returns a ripemd160 of a
Parameters
a
- the value to hashpadded
- pad the hash to 256 bits with zeroesReturn: Buffer
rlphash(a)
Returns a sha3 of the RLP encoded version of a
Parameters
a
- the value to encode and hashReturn: Buffer
printBA(ba)
Print a Buffer Array
Parameters
ba
- an Array
of Buffers
Return: a Buffer Array
baToJSON(ba)
Converts a buffer array to JSON Parameters
ba
- an Array
of Buffers
Return: a JSON Object
isHexPrefixed(string)
Returns a Boolean on whether or not the String starts with 0x
Parameters
string
- a String
Return: Boolean
stripHexPrefix(string)
Removes 0x
from a given String
Parameters
string
- a String
Return: String
addHexPrefix(string)
Adds 0x
to a given string if it does not already start with 0x
Parameters
string
- a String
Return: string
defineProperties(self, fields)
Defines properties on a Object
. It make the assumption that underlying data is binary.
Parameters
self
- the Object
to define properties onfields
- an array fields to define. Fields can contain:name
the name of the propertieslength
the number of bytes the field can haveallowLess
if the field can be less than the length
allowEmpty
validate(fields, data)
Validate defined fields
Parameters
fields
data
Return: Boolean
MPL-2.0
FAQs
A collection of utility functions for Ethereum
We found that ethereumjs-util demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.