devcon 4 / current state of security
- YouTube
- IPFS
- Details
Current State of Security
Duration: 00:31:06
Speaker: Dan Guido, J. Maurelian, Kevin Seagraves, Martin Swende, Matthew Di Ferrante, Phil Daian
Type: Panel
Expertise: Expert
Event: Devcon
Date: Invalid Date
Matthew Di Ferrante, Martin Swende, J. Maurelian, Dan Guido, Phil Daian, and Kevin Seagraves have a conversation on the Current State of Security in Ethereum.
- Related
Devcon
Talk
21:04
Enter the Hydra – An Experimental Approach to Smart Contract Security
In this talk, we will demonstrate a new approach to secure smart contract development that we believe has the potential to remove a large class of implementation bugs that has plagued the ecosystem. We will discuss connections to other topics in secure smart contract development and announce an effort to build the most secure Ethereum contract ever launched on the mainnet! Philip Daian is a Computer Science graduate student pursuing a PhD at Cornell University. He specializes in smart contracts and smart contract security, as well as the confidentiality properties of distributed ledger technology. He brings experience in the formal verification and automotive domains. Before coming to Cornell, he worked with runtime verification and formal methods, first collaborating with the FSL on several projects as an undergraduate at the University of Illinois at Urbana-Champaign and later moving to the private sector. He looks forward to building the next generation of efficient and open financial cryptosystems.
Devcon
Talk
17:48
Ethereum Security
Martin Swende gives their talk on Ethereum Security.
Devcon
Talk
29:23
Smart Contract Security - Incentives Beyond the Launch
To mitigate security issues that were quickly present in the deployment of smart contracts, the community has turned to a wide variety of security techniques. Standard when deploying new contracts is manual review by an externally contracted company/individual. In many ways this has been a success, reducing the number of observed security incidents. In this talk, we take a look at how unique incentives in smart contracts affect the process of securing them. For example, smart contracts are often non-upgradeable: enshrinement at release time encourages security processes that end after the deployment of the contract, leaving blind spots in long-term security guarantees against evolving threats. Pressure to ship often leaves critical security guarantees out-of-scope of external reviews, and auditor incentives tend away from detailed or fundamental criticisms of contracts' protocols. In this talk, we review the reviews and take a look at several top contracts in the ecosystem: what are the provided guarantees, who were they reviewed by, and what is missing? How do these guarantees compare to guarantees provided users in systems outside the smart contract ecosystem? And how can we most effectively deploy the immense talent coming into the community towards more secure, more usable systems for end-users?
Devcon
Talk
18:45
Ethereum Security Overview
Martin Swende gives an overview of Ethereum Security.
Devcon
Talk
55:44
Live Smart Contract Hacking
In this break-out session, a panel of well-renowned hackers and builders will perform security assessments of contracts that the audience submits - and anyone in the room is highly encouraged to help out and take part in the audit. There will not be time to perform full-scale reviews, but the panel will discuss the contracts both from a high-level perspective and also dive into the nitty gritty details, to see if we can find faults in the implementation. This is a panel session, where we want to interact with the community and bash as many bugs as possible, and hopefully demonstrate how tricky it can be to program for the EVM. Mistakes are what makes us learn: There shall be no shaming of anyone who submits a contract for review.
Devcon
Talk
23:35
Solutions towards trusted and private computations - built by Golem for the wider ecosystem
Intel SGX is a technology first developed by Intel for the protection of code and data. This an extremely promising technology that will contribute to the development of the blockchain space and is focusing efforts on solutions and further development.Our hard work has allowed us to be positioned as the most advanced team in this field. We are building this solution and open-sourcing it because we believe that our user-friendly product will enable many projects facing challenges like the ones we have faced apply this solution and push other development aspects of their projects. This talk will cover what we have accomplished so far and what are the next steps related to Intel SGX technology development. We will explain how we have achieved total security and privacy for requestors (people requesting computing power via the Golem p2p marketplace). They can be certain that the data they share is not accessible for the providers and they can be certain that the results are not manipulated. We'll also show how that integrates with our Concent service.Most importantly we will talk about other new possibilities that this technology enables for decentralized computations, explaining how to run arbitrary binaries inside SGX.
Devcon
Panel
19:52
Smart Contract Security in Ethereum
Martin Swende, Vitalik Buterin, Christian Reitwiessner, Raine Revere, Philip Daian discuss Smart Contract Security.
Devcon
Talk
30:18
CBC Casper Design Philosophy
Consensus protocols are used by nodes to make consistent decisions in a distributed network. However, consensus protocols for public blockchains should satisfy other requirements, by virtue of the protocol being open. For example, they need to be incentivized, in that people will be incentivized to run consensus forming nodes in the first place, and in that following the protocol should be an equilibrium for consensus forming nodes.The CBC Casper family of consensus protocols has been designed to fit design criteria necessary for secure public blockchains. In this talk, we will explore the design goals and methodology used in CBC Casper research: economically motivated properties of the consensus protocol, the correct-by-construction approach to protocol specification, and the resulting rapid iteration.
Devcon
Talk
18:31
Ledger SGX enclave - (un)popularity assessment and the way forward
An overview of the new developer features available for Ledger Nano S Ethereum application, including the validation of an arbitrary smart contract call on screen and how to design a Dapplet on a Nano S to assist the security of Dapps.
Devcon
Talk
19:41
Evolution of Smart Contract Security in the Ethereum Ecosystem
A lot has changed in the smart contract development ecosystem in the year since DEVCON2. Our perspective as leaders of the smart contract security community OpenZeppelin shows us that the industry is maturing. We give a brief overview of how security patterns and practices have evolved in the past months, dive into some details of recent developments, and talk about promising projects and their plans for the future.