Outsmarting Smart Contracts - Security Vulnerabilities and Attack Vectors

Explore the intricacies of smart contract security in this 43-minute conference talk from OWASP AppSec EU 2018. Delve into the world of blockchain technology, focusing on the second generation that enables programmable transactions through smart contracts. Examine the Ethereum platform, its cryptocurrency Ether, and the Solidity programming language used for smart contract development. Uncover potential vulnerabilities and common design flaws that have led to multi-million dollar thefts in the past. Learn about spectacular hacks like the $30M Parity incident and gain insights into preventing such costly mistakes. Discover the challenges of responsible vulnerability disclosure in the blockchain ecosystem and a proposed mechanism for securely notifying contract owners. Gain a comprehensive understanding of attack vectors specific to decentralized, publicly visible smart contracts and acquire knowledge on identifying and mitigating these vulnerabilities.

Intro
Blockchain is everywhere
What is blockchain
What are smart contracts
Why use smart contracts
Executing smart contracts
Security of smart contracts
Pareto wallet
Blind commitments
Libraries
Gas Limit
US Attack
Lessons Learned
Attacking Web Applications
Too Short Address
Attack
Vulnerability
Demo
Summary
Questions
Crypto Exchanges