Talk on smart contract security at the CyberJourney event organized in Cagliari by Pluribus One and Owasp. The talk focus is on smartcontract vulnerability and countermeasures to mitigate or eliminate the surface of attacks. It is also described the process of security audit
6. CyberJourney–June22,2023,Cagliari,Italy
#cyberjourney
"Smart contracts on Ethereum
are worse than even non-
financial commercial code; as of
May 2016, Ethereum contracts
averaged 100 obvious bugs [...]
per 1000 lines of code. For
comparison, Microsoft code
averages 15 bugs per 1000
lines, NASA code around 0 per
500,000 lines."
6
7. CyberJourney–June22,2023,Cagliari,Italy
#cyberjourney 7
Smart contracts are self-executing programs
that run on a blockchain. They allow for the
automation of complex transactions and
eliminate the need for intermediaries,
making them faster, cheaper, and more
secure than traditional contracts.
Unlike traditional code, smart contracts are
immutable, meaning they cannot be altered
once deployed on the blockchain. This
ensures that all parties involved in the
transaction can trust that the terms of the
contract will be executed as written
(ChatGPT3.5)
12. CyberJourney–June22,2023,Cagliari,Italy
#cyberjourney 12
Offchain traditional software Smart contract
Denial of
service
Loss grows linearly with the time of
recovery
No DoS, but gas fees can grow
(a lot)
Data leakage Hackers can resell data There is no private data in
smart contracts
Data
corruption
Loss proportional to the time to
recover (if there is a backup)
Data corruption IS THE LOSS
Ransom Loss is based on pay-per-recover,
recover no guaranteed
Not applicable