Smart Contract Security - A Walk Through Cyber Minefield
A Blockchain is essentially a digital ledger of transactions that are distributed across the entire network of computer systems on a Peer-to-Peer network. Each block in the chain contains a number of transactions, and every time a new transaction occurs on the blockchain, a record of that transaction is added to every participant’s ledger. The decentralised database managed by multiple participants is known as Distributed Ledger Technology (DLT).
One of the first one and most famous is of course Bitcoin founded in 2009, which is basically a peer-to-peer electronic cash system written and proposed by a mysterious persona called Satoshi Nakamoto, a pseudonym used to disguise the author’s identity.
Over the years different Blockchains were born, with Ethereum being one of the most used today. Ethereum is a protocol proposed by Vitalik Buterin in 2013. Dubbed by some as a “World Computer”, Ethereum’s combination of features allow it to provide users with smart contracts and decentralized applications, otherwise known as DApps. Ethereum was developed in response to the lack of capabilities within the Bitcoin protocol. Bitcoin has a very limited scripting language and does not support smart contracts. Ethereum, on the other hand, provides users with a Turing-complete programming language called Solidity. Along with the ability to develop smart contracts, it allows for a much more accommodating blockchain in terms of possible use cases.
Smart contracts are programs that are deployed as decentralized applications and very often handle valuable assets finding their application mostly in e-commerce applications, exchanges, De-Fi, DAO and thus making them especially attractive targets and subject to numerous Cybersecurity Attacks. As such, smart contract security is a very important and sensitive topic today and remains one of the main issues of smart contract technology. A small error in the code of a contract can lead to millions of dollars in losses, as was the case with DAO. Therefore, when it comes to writing a smart contract, security should always be the developer’s top priority on the normal SDLC process.
This presentation aims at explaining some of the most common vulnerabilities that are specific to the application level of Blockchain technology by analyzing concrete exploitation case scenarios of these security vulnerabilities. We will also review some of the available tools and applications that detect these vulnerabilities in terms of their approach and effectiveness.
Reando Veshi
always passionate about technology, is a Penetration Tester and Security Researcher at insighti a.s. He graduated in Computer Engineering at University in Padua, where, after receiving his degree, he started to work in the infosec world. Being a lover of WebSec, he always likes to find something wrong and fix it.He is the founder of an Italian community called PentestingMadeSimple, where, in his free time, he makes videos and shares his knowledge about pentesting, hacking and Bug Bounty. Always passionate about technology, he has been focused for the past year he has been focused on the world of Blockchain, a cybersecurity instructor in Italian courses focusing on Blockchain Technology and having the opportunity to cooperate with recognized experts in the field.