Version v0.4
lecture: Explain Ethereum Smart Contract hacking like I am five
Mining. Ethereum. Smart contracts. Gas. Solidity. DAO. These words had no or a different meaning 5 years ago. But now these are the foundations of something exciting and powerful. But with great power comes great responsibility. Designing and implementing smart contracts are like encryption protocols. Everyone can come up with one which looks secure from the developer’s point of view, but only a few can design and implement one which is really secure.
But how can one hack smart contracts? In order to understand these, I will explain from the ground-ups the meaning of all of these words in the Ethereum world with real life analogies. Once the basic building blocks are explained, I will guide you into the world of hacking smart contracts. After attending this presentation, everyone will understand how a recursive call can burn 250M USD on the DAO and how the developers can create a parallel universe where this did not happen. Reinit? Multi-signature wallets? The Parity hack? All of this is simple once the basics are founded.
Warning: case studies from recent real-life hacks and live interaction with smart contracts included. And CryptoKitties. Meow
Outline
1. Introduction to cryptocurrencies, mining, blocks, transactions, blockchain, fee, wallet. Using examples five years old can understand.
2. Introduction to smart contracts, gas, Solidity, Wei, Ethereum Virtual Machine. Still five years old should follow.
3. Examples of how people interact with Smart Contracts. Metamask, Cryptokitties, ETHrps, Remix, test networks.
4. The power of smart contracts. Relationship between bytecode in the blockchain and the source code of the contract.
5. Hacking of smart contracts. Why mixing JavaScript developers with Solidity + web3.js is dangerous
6. The DAO hacking. Recursive calls + race condition. Ethereum Classic. Still with examples which are easy to follow.
7. Shared vulnerable library + reinit
8. The Parity hack
9. Integer overflow/underflow
10. Multi-signature wallets
11. Demo hacking of smart contracts. Smart kids are now able to do basic checks on smart contracts.
12. Resources to learn Solidity and practice smart contract hacking
Speakers
Z |