Explore a comprehensive methodology for hacking smart contracts in this NolaCon 2018 conference talk. Delve into the world of Solidity, development tools, and security vulnerabilities in blockchain technology. Learn about reentrancy attacks, public visibility issues, and the infamous DAO and Parity wallet hacks. Examine common pitfalls such as unchecked sends, gas limits, and transaction-ordering dependencies. Gain insights into encryption challenges, call-stack depth limits, and variable ambiguity. Discover potential improvements in smart contract security and stay informed about the latest developments in this rapidly evolving field.
Overview
Syllabus
Intro
when transactions aren't enough
meow-putting that computing to use
smart contracts
billions, or just millions of reasons
problem isn't going away
Solidity
dev tools
oyente and Manticore
basic methodology
leave off the first "re-" for savings
reentrancy (and irony) in the dao code
default public - Parity wallet hack
init Wallet
execute
Parity multisig wallet hack 2
Parity 2 transactions
unchecked send in king of the ether
gas limits
withdrawn not sent
encryption
transaction-ordering dependence
call-stack depth limit
variable or function ambiguity
odds and ends
things might be getting better?
keep in touch
