Securing Smart Contracts

Presented at DEF CON 30 (2022), Aug. 12, 2022, 2 p.m. (240 minutes).

Learn how blockchains, cryptocurrency, NFTs, and smart contracts work, and their most important security flaws. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them. We will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws. No previous experience with coding or blockchains is required. This workshop is structured as a CTF competition, to make it useful to students at all levels. We will demonstrate the easier challenges from each topic, and detailed step-by-step instructions are available. We will have several instructors available to answer questions and help participants individually. Every participant should learn new, useful techniques. Materials: Any computer with a Web browser. The capacity to run a local virtual machine is helpful but not required. Prereq: Beginners are welcome. Familiarity with cryptocurrency and smart contracts is helpful but not necessary.

Presenters:

• Elizabeth Biddlecome - Consultant and Instructor
  Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
• Kaitlyn Handleman - Security Engineer
  Kaitlyn Handelman is a security engineer and consultant, defending high-value networks professionally. She has extensive experience in aerospace, radio, and hardware hacking. Industry credentials: OSCP, OSED
• Sam Bowne - Instructor
  Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences. Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner
• Irvin Lemus - Instructor
  Irvin Lemus has been in the industry for 10+ years as an MSP technician, consultant, instructor and coordinator. He is currently the cybersecurity professor at Cabrillo College in Santa Cruz, CA. He also is the Bay Area Cyber Competitions Regional Coordinator as well as the contest creator for SkillsUSA CA and FL. Irvin has spoken at various cybersecurity and educational conferences. Irvin holds a CISSP and a Bachelor's Degree in Information Security.

Similar Presentations:

• ekoparty 14 (2018) / Smart Contract Audit 101
• A New HOPE (2022) / Cryptography and Smart Contract Security
• DEF CON 30 (2022) / Securing Web Apps Workshop