Explain Ethereum smart contract hacking like I am five

Thursday 4 October 14:30 - 15:00, Green room

Zoltan Balazs (MRG Effitas)



Blockchain. Mining. Ethereum. Smart contracts. Gas. Solidity. DAO. These words had no (or a different) meaning XX years ago, yet now these are the foundations of something exciting and powerful. But with great power comes great responsibility. Designing and implementing smart contracts can be like encryption protocols: anyone can come up with one which looks secure from the developer's point of view, but only a few can design and implement one which really is secure.

But how can one hack smart contracts? In order to understand, I will explain from the ground up the meaning of all these words in the Ethereum world using real-life analogies. Once the basic building blocks have been explained, I will guide the audience through the world of hacking smart contracts. After attending this presentation, the audience will understand how a recursive call can burn 250M USD on the DAO and how the developers can create a parallel universe where this didn't happen. Reinit? Multi-signature wallets? The Parity hack? All of this is simple once the basics are founded.

Warning: case studies from recent real-life hacks and live interaction with smart contracts included. And CryptoKitties. Meow.

 

Zoltan-Balazs-web.jpg

Zoltan Balazs

Zoltan is the Chief Technology Officer at MRG Effitas, a company focusing on AV testing. Before MRG Effitas, he worked as an IT security expert in the financial industry for five years and as a senior IT security consultant at one of the Big Four companies for two years. His main areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass) and the Sandbox tester tool to test malware analysis sandboxes. He has been invited to give presentations worldwide at information security conferences including DEF CON, SyScan360, Deepsec, SAS, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Hacktivity and Ethical Hacking.
Zoltan passed OSCE recently, and he is very proud of it.

@zh4ck



Other VB2018 papers

Exploiting ActionScript3 interpreter

Boris Larin (Kaspersky Lab)
Anton Ivanov (Kaspersky Lab)

Internet balkanization: why are we raising borders online?

Stefan Tanase (Ixia)

The botnet landscape - live threats and steps for mitigation

Peter Dorey (Spamhaus Technology Ltd)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.