$2,665.95 6.88%
ETH · 209w

DEFCON on Ethereum

DEF CON 25: Porosity Decompiling Ethereum Smart-Contracts DEF CON 25

Today, we presented how to decompile Ethereum Smart-Contracts at DEF CON 25.

Video Presentation of Porosity during DEFCON25 Materials

Porosity’s GitHub: And you can also find our Slides here and our WhitePaper here.

Why ?

Ethereum smart contracts are code that is executed on every node of the decentralized Ethereum blockchain network. When connected together, they form the distributed applications (Dapps) that power an emerging “Internet of Value.” Contracts themselves are stored on the blockchain such that everyone can be certain they will generate the exact same output without relying on a central server (or single company) to own that application.

Most Ethereum developers write smart contracts in Solidity, a high-level (human readable) programming language which resembles JavaScript. While Solidity is not the only language that targets the Ethereum Virtual Machine (EVM) – for example, the Python-like Viper is being developed by Ethereum’s creator Vitalik Buterin – for now, Solidity is by far the most widely used.

Softwares have bugs, Smart contracts too

Prior hacks on the Ethereum network such as the 2016 DAO theft or the recent Parity multi-sig wallet compromise resulted because of poorly written Solidity code that introduced vulnerabilities which hackers exploited to steal funds from other Ethereum users, not because of compromises of the underlying blockchain protocol or cryptographic weakness.

Because of the perceived insecurity of Solidity, so far most tools have focused on scanning Solidity source code, which is assumed to be available. For example, frameworks like Open Zeppelin combine automated scanning for known issues with human review to build a library of “safe” contracts, but tools like this are only helpful if developers choose to submit their code for review.

Once a smart contract ...

Continue on
Recent news
No posts found