Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths

Black Hat via YouTube

Overview

Explore Ethereum smart contract vulnerabilities and attack analysis in this 39-minute Black Hat conference talk. Dive into the world of blockchain security as Jay Little introduces Ethereum smart contracts, demonstrates reverse engineering techniques for binary-only contracts, and highlights common vulnerability classes. Learn to investigate attacks on contracts using new tools that re-process blockchain ledger data, recreate contracts with state, and analyze suspect transactions through traces and heuristics. Gain insights into Ethereum implementation, EVM (Ethereum Virtual Machine), Solidity behaviors, and issues like uninitialized variables. Discover tools such as Ethersplay, IDA-EVM, Mythril, and Manticore for smart contract analysis. Explore blockchain data, web3.js and web3.py libraries, and techniques for finding contracts. Examine real-world examples of contract creations, deaths, and massive self-destructs. Enhance your understanding of blockchain security and smart contract vulnerabilities to better protect and analyze Ethereum-based systems.

Syllabus

Intro
Trail of Bits Cyber security research company - High-end security research with a real- world attacker mentality to reduce risk and fortify code. Security Engineering
Prompt
Ethereum Implementation
Accounts and Transactions and Blocks
EVM: Ethereum Virtual Machine
ABI and Address Spaces
Sample Contract Creation
Sample Contract Death
Sample Contract Usage (3)
Solidity Behaviors and Issues
Uninitialized Variables
Not So Smart Contracts
Ethersplay Binary Ninja Plugin
IDA-EVM IDA Pro Module
Mythril
Manticore
Storage Requirements Check stackexchange first.
Geth and Parity
Geth Running Options
Client Operation Suggestions
Answering Questions
Tracing
Who? What? When?
Blockchain Data
The Block in Blockchain
web3.js and web3.py web3.js is official client library
Finding Contracts
Geth Experience Geth crashing with synemode fast-consistently - new install
Parity Experience
Hybrid Approach
Empty Code Results
First Contract Creation Block 46402 (2015-08-07)
First Contract "Creation" (With Enough Gas)
First Contract Creation (With Code)
Top Duplicates (3)
Massive selfdestruct (2)
Criteria
Creator != selfdestruct destination
10,000 ETH!
Creator != selfdestruct transaction originator
300ETH selfdestruct
Etherwow
Becoming Mortal
Conclusion

Taught by

Black Hat

Reviews

Start your review of Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.