In the blockchain, there are no secrets. Every transaction is logged and everyone has a copy of all of the code. Nearly all of this code can only be analyzed through reverse engineering. Over the past year, we've seen enterprising hackers use flaws in smart contracts to whisk away millions. This was made possible thanks to Ethereum, the technology that powers cryptocats, and Solidity, a high-level language that describes Ethereum's Turing-complete smart contracts. This talk will introduce smart contract security, present common vulnerability classes, and demonstrate how to reverse-engineer EVM bytecode to identify these vulnerabilities. The talk will also present tools to support vulnerability discovery in EVM bytecode and in Solidity source code.
- Jay Little and Ryan Stortz