Explain Ethereum smart contract hacking like I am five

Presented at VB2018, Oct. 4, 2018, 2:30 p.m. (30 minutes).

Blockchain. Mining. Ethereum. Smart contracts. Gas. Solidity. DAO. These words had no (or a different) meaning XX years ago, yet now these are the foundations of something exciting and powerful. But with great power comes great responsibility. Designing and implementing smart contracts can be like encryption protocols: anyone can come up with one which looks secure from the developer's point of view, but only a few can design and implement one which really is secure.

But how can one hack smart contracts? In order to understand, I will explain from the ground up the meaning of all these words in the Ethereum world using real-life analogies. Once the basic building blocks have been explained, I will guide the audience through the world of hacking smart contracts. After attending this presentation, the audience will understand how a recursive call can burn 250M USD on the DAO and how the developers can create a parallel universe where this didn't happen. Reinit? Multi-signature wallets? The Parity hack? All of this is simple once the basics are founded.

Warning: case studies from recent real-life hacks and live interaction with smart contracts included. And CryptoKitties. Meow.


Presenters:

  • Zoltán Balázs - MRG Effitas   as Zoltan Balazs
    Zoltan Balazs Zoltan is the Chief Technology Officer at MRG Effitas, a company focusing on AV testing. Before MRG Effitas, he worked as an IT security expert in the financial industry for five years and as a senior IT security consultant at one of the Big Four companies for two years. His main areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass) and the Sandbox tester tool to test malware analysis sandboxes. He has been invited to give presentations worldwide at information security conferences including DEF CON, SyScan360, Deepsec, SAS, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Hacktivity and Ethical Hacking.Zoltan passed OSCE recently, and he is very proud of it. @zh4ck

Links:

Similar Presentations: