Mythril is a security tools platform that brings security into smart contract development environments and build pipelines. At its core, it consists of an API and SDK that which allows partners to create purpose-built Ethereum security tools and also extend the Mythril Platform with useful security extensions and plug-ins. In this talk we will give an overview of how Mythril fits into smart contract development, how we are working with partners, and how Mythril integrates with other security services such as those from NRI Secure.
Tom is a co-founder of ConsenSys Diligence and co-chair of Enterprise Ethereum Alliance Security Working Group. Currently creating web3 crypto token innovations on the Ethereum blockchain with a focus on security, developer tools, decentralized products and n-sided ecosystems. Formerly... Read More →
Programmers often copy and paste the software code from various sources like GitHub. This reuse is excessively found in Ethereum as its community is open source-oriented and smart contracts are open to the public through the chain. Although the code reuse is an efficient development strategy, contract software often suffers from the propagated security threats due to the possibility of cloning buggy code. Vulnerable code clones - similar code fragments containing security bug - are even permanent because of the immutability of Ethereum. If a hacker succeeds to exploit one of the clones, our contracts may also be exploited. Users, funds, and services are exposed to threats, and there is no other way than the contract migration. Therefore, to ensure the safety, the contract developer should pay attention to recently hacked clones. In this session, we introduce real-world vulnerability propagation cases in Ethereum smart contract. And we propose our vulnerability DB and analyzer to Ethereum community to be secured from the known vulnerabilities.
Jisu Park is CEO of Sooho, a security startup company in Korea. Sooho provides fully automated vulnerability scanner services for the smart contract. He is a doctoral student in Software Security at Korea University. He is an expert in software vulnerability detection, smart contract... Read More →
A new protocol for assuring smart contract behaviour デプロイされたスマートコントラクトのセキュリティ・プロトコール
Smart contracts are immutable pieces of code on a blockchain which often handle large sums of money. Pre-deployment, many contracts undergo security audits and are subjected to static analysis in order to find errors and issues; however, there are no options for ensuring correctness of a contract once it has been deployed. This talk describes a novel decentralized protocol that provides a layer of economic assurance for the correctness of a deployed smart contract. The protocol deems a smart contract to be correct if it does not perform some user-defined behaviour. The protocol periodically rewards participants who place a collateral stake on the behaviour of a smart contract; participants lose this stake in the event that the contract misbehaves. The protocol enables economic assurance for arbitrary stakeholders of a contract, allowing these stakeholders to recover staked funds if a contract misbehaves. Stakeholders are not limited to the contract writers or owners, and anyone can stake collateral.
Yohei is a full stack engineer with experience working at both startups and large tech companies. Before joining Quantstamp, Yohei was in Seattle working on Amazon Go, the no-checkout convenience store. He first got involved with blockchain through arbitrage and bot-trading and is... Read More →