Devcon Archive

Devcon

Talk

30:18

CBC Casper Design Philosophy

Consensus protocols are used by nodes to make consistent decisions in a distributed network. However, consensus protocols for public blockchains should satisfy other requirements, by virtue of the protocol being open. For example, they need to be incentivized, in that people will be incentivized to run consensus forming nodes in the first place, and in that following the protocol should be an equilibrium for consensus forming nodes.The CBC Casper family of consensus protocols has been designed to fit design criteria necessary for secure public blockchains. In this talk, we will explore the design goals and methodology used in CBC Casper research: economically motivated properties of the consensus protocol, the correct-by-construction approach to protocol specification, and the resulting rapid iteration.

Store your keys safely offline - never get online to sign transactions preview

Devcon

Breakout

07:40

Store your keys safely offline - never get online to sign transactions

The best way to keep your private key safe, is to keep it disconnected from the internet. This is usually done in hardware wallet, however most of those wallets are directly connected to a computer, either via usb or bluetooth. What if the wallet was never online and never ever connected to an online device. This is achievable using QR code. We did it with Parity Signer. I will present why we built it, how, do a short live demo, and what we will do in the future.

The Gas Siphon Attack: The Technical and Economic Realities Behind Hacking Exchanges preview

Devcon

Talk

05:40

The Gas Siphon Attack: The Technical and Economic Realities Behind Hacking Exchanges

The Gas Siphon Attack allows anyone to siphon value from many exchanges in the form of gas refunds, a mechanism built directly into the Ethereum protocol. Users can write a simple script that continuously drains unprotected exchange hot wallets of all of their ETH. Until this was responsibly disclosed, many exchanges were affected with varying degrees of severity. How it happened, who was affected, and the technical details behind the attack are discussed during the presentation. The talk dives into the details of the refund mechanism built into the Ethereum network, and how it can be maliciously abused. The presentation explains who is vulnerable and what they can do about it. A number of these types of technical exploits exist on both centralized and decentralized exchanges, and one may find that responsibly disclosing these attacks are harder than the actual exploit itself. Getting in touch with exchanges, continuous communication with services, and helping fix different systems may be a month-long journey that yields very little in return. Hacks, front-running, misaligned miner incentives, and economic disparities are all issues for exchanges and services that are discussed in this presentation. Finally, the talk covers different ways to protect yourself and your dapp from both known and unknown exploits. Preventative measures are presented that will allow for protection from these types of attacks.

Devcon

Breakout

04:54

The magic of ethereum addresses

More often than not, people get messed up when writing or copying ethereum addresses. The ENS is supposed to solve that but is not adopted by everyone yet. These errors can have spectacular consequences. Some end up with a happy end.- https://medium.com/bitclave/how-we-sent-eth-to-the-wrong-address-and-successfully-recovered-them-2fc18e09d8f6- https://twitter.com/drew___stone/status/1135703041997516801With the adoption of wallet smart contracts, this issue is only going to grow. This talk will describe where ethereum address comes from, how you could exploit knowledge of these mechanisms, and how you could protect yourself and your users using create2 based factory like the one deployed at 0xfac100450af66d838250ea25a389d8cd09062629.

Solutions towards trusted and private computations - built by Golem for the wider ecosystem preview

Devcon

Talk

23:35

Solutions towards trusted and private computations - built by Golem for the wider ecosystem

Intel SGX is a technology first developed by Intel for the protection of code and data. This an extremely promising technology that will contribute to the development of the blockchain space and is focusing efforts on solutions and further development.Our hard work has allowed us to be positioned as the most advanced team in this field. We are building this solution and open-sourcing it because we believe that our user-friendly product will enable many projects facing challenges like the ones we have faced apply this solution and push other development aspects of their projects. This talk will cover what we have accomplished so far and what are the next steps related to Intel SGX technology development. We will explain how we have achieved total security and privacy for requestors (people requesting computing power via the Golem p2p marketplace). They can be certain that the data they share is not accessible for the providers and they can be certain that the results are not manipulated. We'll also show how that integrates with our Concent service.Most importantly we will talk about other new possibilities that this technology enables for decentralized computations, explaining how to run arbitrary binaries inside SGX.

Browser 3.0 - How to Build Secure Web3 Clients preview

Devcon

Talk

24:02

Browser 3.0 - How to Build Secure Web3 Clients

The Internet and Ethereum share many parallels. We can learn from the history of the Web and its "browser wars" and will see that "time to market" plays an important role for the positioning and adoption of network clients. The Chrome browser defines for most people how they use services and experience the Internet and a new generation of clients will eventually do the same for the Ethereum network. Applications such as Mist or Brave use popular frameworks like Electron to accelerate the development of browser(-like) applications without giving up platform ownership as it is the case for plugins such as Metamask. However, Electron has some serious security issues that should be considered and which are discussed together with their alternatives.

Securely Connecting Smart Contracts to Off-Chain Data and Events preview

Devcon

Talk

21:57

Securely Connecting Smart Contracts to Off-Chain Data and Events

For smart contracts to achieve mass adoption, they need the ability to securely connect to external off-chain data and existing non-blockchain systems. The reliability with which smart contracts connect to key external systems determines their overall security. This critical security factor determines whether smart contracts will be used to secure the many forms of value beyond tokenization, such as prediction market outcomes, insurance payouts, trade finance, and more. In this talk, we’ll examine what makes a secure oracle mechanism reliable enough to be trusted by smart contracts for external data delivery, access web APIs, and off-chain payments. We’ll review the security risks and failure scenarios to avoid when using oracles and share how developers should set up methods to maximize success. We’ll examine how a decentralized network makes oracle mechanisms more secure, and how decentralization, combined with approaches like Trusted Execution Environments, can enable the highest level of security when connecting with external systems. Finally, we will show the design patterns which leading smart contracts use to remain reliable and provide high levels of overall security while connecting to external systems.

Decentralized Threat Detection Bots preview

Devcon

Talk

30:27

Decentralized Threat Detection Bots

Decentralized threat detection bots are a recent area of research and development for protecting the ecosystem. This talk will cover concepts and recent research on detection bots and implementation patterns including heuristic-based, time-series based, multi-block, and TX simulation. Examples involving prior exploits will be included, as well as tools, limitations, the potential for automated threat prevention, and areas for further research.

Devcon

Talk

From Web2 Security With Love

Web3 organizations often rely on Web2 for infrastructure, communications, and development, yet their Web2 security posture is often neglected. This leaves them vulnerable to a wide range of adversaries, from well-funded sophisticated attackers to opportunistic script kiddies. In this talk,Joe Dobson will share hard-earned lessons from the Web2 trenches that can help secure Web3.Don’t make it easy for the adversary. Learn from the past: strengthen your Web2 security to safeguard your Web3 future.

Complementing DApps with Trusted Computing: The Challenge of Designing Rock Solid Oracles preview

Devcon

Talk

26:09

Complementing DApps with Trusted Computing: The Challenge of Designing Rock Solid Oracles

Decentralized Applications aim to change the way verticals across multiple industries work. An important element for this to happen is for smart contracts to access real-world data. Problem is, blockchain is a walled-garden and smart contracts cannot natively fetch data from the outside world. Blockchain oracles enable DApps to overcome this limitation. Designing such a tool is quite a challenge - elements such as security, decentralization and feasibility must be kept into consideration. Is blockchain a self-standing technology? Security-focused techniques such as Trusted Computing or ZKSnarks are being explored as a complementary technology enhancing the power of decentralized tools. How do those technologies complement each other? What’s the benefit for blockchain oracles to rely on both? And what’s the benefit for users?

Scaling Ethereum with security and usability in mind