Dive into advanced Solidity hacking techniques in this 35-minute RSA Conference talk. Explore bleeding-edge exploits and learn the crucial skill of writing contracts to hack other contracts. Gain insights into the persistent security challenges in blockchain technology and understand the potential dangers of new tool advancements. Examine real-world examples like the DAO hack and Parity wallet vulnerabilities. Discover methodologies for identifying and exploiting smart contract weaknesses, including reentrancy attacks, public visibility issues, and overflow vulnerabilities. Learn about gas limits, transaction-ordering dependence, and call-stack depth limitations. Prepare for future blockchain security challenges and explore real-time protection strategies. Suitable for those with blockchain and Solidity basics, this talk equips you with advanced knowledge to enhance your smart contract hacking skills.
Overview
Syllabus
Intro
Meow-putting that computing power to use?
Millions of reasons to hack smart contracts
Problem isn't going away
Solidity
Dev tools
oyente and Manticore
MAIAN
Methodology
Leave off the first "re-" for savings
Writing a contract to attack a contract
Reentrancy (and irony) in the dao code
Default public - Parity wallet hack
execute
Parity multisig wallet hack 2
Parity 2 transactions
Not going with the (over)flow
Unchecked send in king of the ether
Gas limits
Withdraw don't send
Transaction-ordering dependence
Call-stack depth limit
Variable or function ambiguity
Odds and ends
Prepping for the future...
Real-time blockchain protection
Get involved
Taught by
RSA Conference
