Play all

Intro

when transactions aren't enough

meow-putting that computing to use

smart contracts

billions, or just millions of reasons

problem isn't going away

Solidity

dev tools

oyente and Manticore

basic methodology

leave off the first "re-" for savings

reentrancy (and irony) in the dao code

default public - Parity wallet hack

init Wallet

execute

Parity multisig wallet hack 2

Parity 2 transactions

unchecked send in king of the ether

gas limits

withdrawn not sent

encryption

transaction-ordering dependence

call-stack depth limit

variable or function ambiguity

odds and ends

things might be getting better?

keep in touch

Description:

Explore a comprehensive methodology for hacking smart contracts in this NolaCon 2018 conference talk. Delve into the world of Solidity, development tools, and security vulnerabilities in blockchain technology. Learn about reentrancy attacks, public visibility issues, and the infamous DAO and Parity wallet hacks. Examine common pitfalls such as unchecked sends, gas limits, and transaction-ordering dependencies. Gain insights into encryption challenges, call-stack depth limits, and variable ambiguity. Discover potential improvements in smart contract security and stay informed about the latest developments in this rapidly evolving field.

Hacking Smart Contracts - A Methodology

Add to list

#Conference Talks #Computer Science #Cryptography #Information Security (InfoSec) #Ethical Hacking #Programming #Programming Languages #Solidity #Cybersecurity #Vulnerability Assessment #Blockchain Development #Blockchain Security