Hacking Smart Contracts--A Methodology

Presented at NolaCon 2018, May 18, 2018, 2 p.m. (Unknown duration).

The DAO hack of June 2016 was the moment smart contracts entered mainstream awareness in the InfoSec community. Was the hope of taking blockchain from mere cryptocurrency platform to one that can perform amazing Turing-complete functions doomed? We've learned quite a lot from that attack against contract code, and Ethereum marches on (even though multi-million dollar hacks, like Parity Wallet, still happen). Smart contracts are a key part of the applications being created by the Enterprise Ethereum Alliance, Quorum, and smaller projects in financial and other companies. Ethical hacking of smart contracts is a critical new service that is needed. And as is the case with coders of Solidity (the language of Ethereum smart contracts), hackers able to find security flaws in the code are in high demand. Join Konstantinos for an introduction to a methodology that can be applied to Solidity code review and potentially adapted to other smart contract projects. We'll examine the few tools that are needed, as well as the most common types of flaws, illustrated using either public or sanitized real worldvulnerabilities.


Presenters:

  • Konstantinos Karagiannis
    Konstantinos Karagiannis is the Chief Technology Officer for Security Consulting at BT Americas. In addition to guiding the technical direction of ethical hacking and security engagements, Konstantinos specializes in hacking financial applications, including smart contracts and other blockchain implementations. He has spoken at dozens of technical conferences around the world, including Defcon, Black Hat Europe, RSA, and ISF World Security Congress.

Links:

Similar Presentations: