AppSec Europe 2018

The most common blockchain-based application is Bitcoin - cryptocurrency worth a couple of thousands $ per BTC. But Bitcoin is built on the Blockchain 1.0. The second generation of blockchain opened a much broader field of application and is described as mechanism allowing programmable transactions. Smart Contracts, as they are called, are scripts that are executed and stored in the blockchain. Their code, storage and execution calls are all publicly available and verifiable. The execution and verification processes are held by miners what makes the decentralized ecosystem slow, but secure. Smart contracts have many applications from ICOs, through digital identity management, non-digital asset (diamond, real estate, IoT device, etc.) ownership management and tracing to almost anything you can think of.
An example of second generation blockchain platform that support smart contracts is Ethereum. The miners, who execute contracts and secure the platform, are paid with Ether, which is the Ethereum cryptocurrency (worth about $1k) and an incentive for hackers. Ethereum’s smart contracts are written in the Solidity language, which is similar to well-known high-level languages, and compiled to Ethereum Virtual Machine bytecode stored in blockchain. It is a complex software implementing new and often difficult to follow in every detail technology. Thus it makes an explosive mix with high potential for human mistake by developer. The problem is that even a very small coding mistake can lead to losses of millions of dollars.
The goal of this presentation is to shed the light on the security of smart contracts, its potential vulnerabilities and popular design and implementation security flaws. I will investigate flaws of Ethereum smart contract, both Ethereum-specific and known from other languages, that led to spectacular thefts. I am sure you have heard of these spectacular hacks, like $30M (now worth $130M) Parity, or another $150M blocked in smart contracts. Thanks to this presentation you will know how millions were stolen and how to avoid such mistakes.
I will also share my personal experience regarding responsible disclosure of such vulnerabilities. It is a way harder than submitting a bug in a traditional application, and involves non-obvious complications. First, the transparency principle leads to a real time race between white and blackhat hackers. Sometimes whitehat even has to actually steal from potential victims in order to prevent malicious theft. Moreover, in most cases there is no possibility to contact (especially urgently and securely) the smart contract owner and report the problem. In my case, after finding critical vulnerability that allowed me to empty whole exchange Ethereum token wallet, it required a solid investigation to find the right people to talk to, and took unnecessarily long time. To address this issue I propose a mechanism to notify contract’s owner. The message is securely kept on the blockchain and only owner of the contract can read it.
The audience will leave with a fair understanding of a pack of attack vectors and vulnerabilities specific for the concept of decentralized execution of publicly visible smart contracts. And what’s more, they will know how to find and avoid these vulnerabilities.