@konstanthacker Konstantinos Karagiannis
Transcript of @konstanthacker Konstantinos Karagiannis
![Page 1: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/1.jpg)
Konstantinos KaragiannisCTO, Security Consulting@konstanthacker
![Page 2: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/2.jpg)
ethereum is not bitcoin
“The key component is this idea of a Turing-complete blockchain”--Vitalik Buterin
![Page 3: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/3.jpg)
smart contracts• Business logic
programs• Semi autonomous• Move value,
enforce agreements
• Creativity the limit
![Page 4: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/4.jpg)
literally a billion reasons
![Page 5: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/5.jpg)
caveats
• No zero days• No customer code• Yes, a methodology• No, I doubt smart contracts
will get that smart
![Page 6: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/6.jpg)
solidity• Language of choice• High level, compiles to bytecode• Similarities to JavaScript and C• Supports:
• libraries• inheritance• user-defined types• assembly inline
![Page 7: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/7.jpg)
dev tools
• .sol files > bytecode > blockchain• Auditing .sol easier with
highlighting• Atom my fave, with plugins
• language-ethereum• etheratom
• Remix–browser based
![Page 8: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/8.jpg)
solgraph
![Page 9: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/9.jpg)
oyente
• Symbolic execution tool• Works with EVM byte
code or .sol files• Detects 4* vulns• Low false positive rate
![Page 10: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/10.jpg)
basic methodology• Interview devs• Load .sol file, preferably with highlighting• Try compiling• Dissect code flow—optional solgraph• Run oyente (cross fingers)• Manually verify 3/4 vuln yay/nays• Proceed to manually check for following
vulns…
![Page 11: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/11.jpg)
reentrancy
![Page 12: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/12.jpg)
leave off the first “re” for savings
![Page 13: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/13.jpg)
unchecked send in king of the ether
![Page 14: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/14.jpg)
unchecked send
![Page 15: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/15.jpg)
gas limits
![Page 16: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/16.jpg)
withdraw don’t send
![Page 17: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/17.jpg)
withdrawn not sent
![Page 18: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/18.jpg)
encryption
![Page 19: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/19.jpg)
transaction-ordering dependence
![Page 20: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/20.jpg)
call-stack depth limit
![Page 21: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/21.jpg)
variable or function ambiguity
![Page 22: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/22.jpg)
odds and ends
• Input validation – require(condition)• Timestamp dependence• Business logic flaws• Separating public/private data
![Page 23: @konstanthacker Konstantinos Karagiannis](https://reader034.fdocuments.us/reader034/viewer/2022042107/6256d67b3496cd37cc22406e/html5/thumbnails/23.jpg)
get involved