Webcast: Getting Started in Blockchain Security and Smart Contract Auditing

Why is blockchain security important?

Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system.

The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account.

All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology, new issues are being found daily.

In this Black Hills Information Security (BHIS) webcast, we’ll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers.

Join us on the BLACK HILLS INFOSEC Discord channel for discussion and interaction with the community — https://discord.gg/bhis

0:00:00 – PreShow Banter™ — Beau Has a Fan Club

0:32:39 – FEATURE PRESENTATION: Getting Started in Blockchain Security and Smart Contract Auditing

0:36:39 – Roadmap

0:37:51 – Why Blockchain Security

0:39:21 – Growing Use Cases for Blockchain

0:43:23 – Blockchain Elements That Need Securing

0:49:00 – What Are Smart Contracts

0:51:22 – EVM : Ethereum Virtual Machine

0:54:00 – Solidity

0:59:55 – Smart Contract Vulns

1:04:00 – Reentrancy

1:05:54 – Front-Running

1:07:41 – Inter Overflow and Underflow

1:09:15 – Denial-of-Service

1:10:43 – Access Control

1:12:46 – Timestamp Dependence

1:15:23 – Case Studies – Uranium Finance Hack

1:17:26 – Poly Network Hack

1:21:07 – Cream Finance Hack

1:24:42 – DEMO: Live Exploit

1:35:44 – Exploit Recap

1:36:14 – Security Tools – VS Code + Solidity Visual Developer

1:37:08 – Slither

1:37:26 – Mythril & MythX

1:37:57 – Get-Started Resources

1:39:03 – Bug Bounties

1:39:19 – Key Takeaways

1:40:29 – This is the End – Q & A

BlockchainHAX QuickStart Guide • https://start.blockchainhax.com

Follow Beau on Twitter • Beau Bullock – @dafthack

CoinSec Podcast – Weekly show about blockchain security • coinsecpodcast.com • @coinsecpodcast

Black Hills Information Security • https://www.blackhillsinfosec.com@BHInfoSecurity

**All YouTube ad revenue donated to the Innocent Lives Foundation** https://www.innocentlivesfoundation.org

*Psst* If you liked this blog, we think you’d enjoy Beau’s class:

Breaching the Cloud 

Available live/virtual and on-demand!