Watch / Smart Contract Security - Incentives Beyond the Launch

Smart Contract Security - Incentives Beyond the Launch

  • YouTube
  • IPFS
  • Details

Smart Contract Security - Incentives Beyond the Launch

Duration: 00:29:23

Speaker: Phil Daian

Type: Talk

Expertise: Intermediate

Event: Devcon 4

Date: Oct 2018

To mitigate security issues that were quickly present in the deployment of smart contracts, the community has turned to a wide variety of security techniques.  Standard when deploying new contracts is manual review by an externally contracted company/individual.  In many ways this has been a success, reducing the number of observed security incidents. In this talk, we take a look at how unique incentives in smart contracts affect the process of securing them. For example, smart contracts are often non-upgradeable: enshrinement at release time encourages security processes that end after the deployment of the contract, leaving blind spots in long-term security guarantees against evolving threats.  Pressure to ship often leaves critical security guarantees out-of-scope of external reviews, and auditor incentives tend away from detailed or fundamental criticisms of contracts' protocols. In this talk, we review the reviews and take a look at several top contracts in the ecosystem: what are the provided guarantees, who were they reviewed by, and what is missing?  How do these guarantees compare to guarantees provided users in systems outside the smart contract ecosystem?  And how can we most effectively deploy the immense talent coming into the community towards more secure, more usable systems for end-users?



  • Related