Smart Contract Vulnerability Exploitation & Protection
On June 12th, The Blockchain Society along with silver sponsors Skrumble, Nobul, and MLG, hosted an event on how to identify and neutralize (or how not to lose millions of dollars and ruin your career).
The workshop covered smart contract vulnerabilities. Ethereum launched their public network on July 30th of 2015, serving as a general purpose smart contract platform, and in under a month, programmer induced smart contract vulnerabilities began hitting the public stage. With their ecosystem maturing, there is the benefit of hindsight when setting out to release safe and secure smart contracts. The talk reviewed well known smart contract attacks and how one can arm themselves with defensive strategies.
Guests were encouraged to bring their laptops, joining in reviewing a series known programmer induced smart contract vulnerabilities, reviewing code, implement fixes, and introducing tests to ensure the same vulnerability does not reappear. Also recommended was installing a text editor intended for programmers, and being familiar with the basic features of the command line environment of their respective operating system.
The event welcomed guest speaker Noah Marconi, a researcher turned developer, coming with over a decade of experience spanning research, analytics, and software development. He is no stranger to to emergent technology, and is right at home in the fast moving blockchain arena. Noah began his career as a researcher at Vision Critical, before migrating to the product side to design and build research automation tools. Most recently, he held the position of Scientist at Zero Gravity Labs (LoyaltyOne’s Innovation Arm) and Vice President of Research & Development at BlockAble Inc.
Noah helped recount the history of spectacular smart contract hackings on Ethereum (tallying $100s of millions in loss) and reviewed code examples to see exactly what went wrong. To contrast the gloom and doom, he discussed how to remedy the broken smart contracts and, importantly, inventoried the available tools and techniques to avoid repeating history and keep individual contracts safe.
We are only beginning to scratch the surface of what decentralized technology can do, and Noah welcomes the prospect of helping flesh out possibilities.