Watch / Preventing Disaster: Advances in Smart Contract Vulnerability Detection

Preventing Disaster: Advances in Smart Contract Vulnerability Detection

  • YouTube
  • IPFS
  • Details

Preventing Disaster: Advances in Smart Contract Vulnerability Detection

Duration: 00:18:55

Speaker: Daniel Luca, Bernhard Mueller

Type: Breakout

Expertise: Intermediate

Event: Devcon 5

Date: Oct 2019

What do the DAO, Parity MultiSig wallet and Beautychain have in common? 1. All three were hacked with disastrous consequences, 2. in each case, the bugs could have easily been spotted in advance using automated analysis techniques. In this talk, we'll investigate the above exploits in depth and show how to use a combination of multi-transactional symbolic execution, taint analysis and greybox fuzzing to detect similar bugs with high accuracy and a low false positive rate. Well' also introduce optimization tricks that enable fast detection of "deep" vulnerabilities - exploit conditions that are triggered over a longer sequence of highly specific transactions. Finally, we'll show how developers can apply these security analysis methods to their own contracts using MythX and Mythril.

Categories

  • Related