Introducing "moriarty", a tool for automated smart contract symbolic execution vulnerability discovery and exploit synthesis

Presented at Kiwicon 2038AD: The Dystopic Future is Now (2018), Nov. 16, 2018, 11:30 a.m. (30 minutes).

"In the grim future of 2018, there is only war... and the cypherpunks won. if Timothy May was actually dead he'd be cackling in his grave by now. Bitcoin billionaires, smart contracts, end-to-end encryption, onion routing, obscure darkweb forums full of Bulgarian fraud pimps touting their latest autoshop software... it's certainly an exciting time to be alive. Ethereum is a cryptocurrency designed for the execution of ""smart contracts"", where code controls the flow of finance from one account to another. Putting programs in direct control of millions of non-repudible crypto-dollars... what could possibly go wrong? "Moriarty"" is a tool for the vulnerability analysis of ethereum smart contracts, where only one vulnerability actually counts --- stealing cold hard cash. Using the dark arts of symbolic execution, Moriarty can automatically find vulnerabilities and synthesise exploits ""on the fly"". Additionally, Moriarty sweeps the entire ethereum blockchain & contract space in order of potential income to maximise profit, in a purely proof-of-concept kind of way. This presentation will discuss the engineering of such a tool from first principles, along with tips, tricks and optimizations as yet unknown in ""other"" more generic symbolic execution frameworks. As we used to say back in the day, ""for information reasons only"".

Presenters:

  • Caleb Anderson / alhazred as Caleb "alhazred" Anderson
    Alhazred's name is a killing word. He enjoys long walks on the beach, the bellows breath of cinnamon, subtle aldehydes ... acids ... performance poetry and collecting HR complaints. In his spare time he works for Context Information Security as a sort-of kind-of foreman, cracking the spiked whip deep within the infosec mines. He was recently promoted from lead consultant to lead consultant.

Similar Presentations: