1) The document provides steps for developers to implement online payments on a merchant website using RESTful APIs from a payment company.
2) Developers are instructed to create a payment token by making an API call to the payment company's sandbox server and including the merchant's API key.
3) JavaScript code is then inserted into the merchant website to initialize the payment process by referencing the payment token and API keys. When a customer enters their payment details, it is sent to the payment company for processing without exposing sensitive card data.
4) The payment company returns a token to the merchant server, which then needs to call the payment company's API to verify the payment using the token, thus completing the transaction.
“Create your own cryptocurrency in an hour” - Sandip PandeyEIT Digital Alumni
Blockchain has already started disrupting or improving several industries with innovative solutions impacting our lives in more ways than we could have ever imagined. One such application of blockchain is a cryptocurrency. In this workshop, we create a simple cryptocurrency based on smart contracts, and talk about a few best practises on writing secure smart contracts to get you started with developing decentralized applications.
The document discusses blockchain security. It begins by defining what a blockchain is - a shared digital ledger that records transactions in a decentralized peer-to-peer network. It then discusses several key aspects of blockchain security including cryptography techniques like SHA-256 that secure the data, the computational power of the network that acts as a deterrent to attacks, and vulnerabilities like smart contract bugs that still need to be addressed. Overall the document conveys that blockchain security is strong due to its design but also that more work is needed to develop tools and best practices as the technology continues to evolve.
solc-verify: A Modular Verifier for Solidity Smart ContractsAkos Hajdu
Solc-Verify is a modular verifier for Solidity smart contracts. It allows users to annotate contracts with specification properties like preconditions, postconditions, and invariants in a custom annotation language. The verifier translates the annotated Solidity contract and specifications to Boogie and sends the resulting program to an SMT solver to automatically verify the properties. Solc-Verify aims to provide a practical verification tool that balances soundness, precision, expressiveness, and user-friendliness. It was presented as a way to help find bugs in smart contracts by formally verifying user-specified high-level properties.
What is the promise of smart contracts? How is their development different from software engineering? What practices should one adopt if becoming a smart contracts engineer?
Hyperledger Fabric Application Development 20190618Arnaud Le Hors
Slides presented at the Hyperledger Fabric Workshop in Barcelona on July 10th, 2019.
This covers the development of a Fabric application and smart contract (i.e. chaincode), with some tips on good practices and the IBM Blockchain Platform extension for VS Code.
In last deck we introduce in detail about an ERC20 token contract. In this deck we implement this in TestRPC, an in-memory Ethereum environment. We will execute every function defined in this contract through Remix.
This document provides an introduction to blockchain, smart contracts, and the Solidity programming language. It discusses why blockchain is significant, defines key blockchain concepts like blocks and decentralized consensus, and compares blockchain to traditional databases. It also introduces smart contracts and Solidity, provides an example smart contract, and outlines key Solidity concepts like accounts, contracts, and calls/messages. The document concludes with information on developing and testing smart contracts.
1) The document provides steps for developers to implement online payments on a merchant website using RESTful APIs from a payment company.
2) Developers are instructed to create a payment token by making an API call to the payment company's sandbox server and including the merchant's API key.
3) JavaScript code is then inserted into the merchant website to initialize the payment process by referencing the payment token and API keys. When a customer enters their payment details, it is sent to the payment company for processing without exposing sensitive card data.
4) The payment company returns a token to the merchant server, which then needs to call the payment company's API to verify the payment using the token, thus completing the transaction.
“Create your own cryptocurrency in an hour” - Sandip PandeyEIT Digital Alumni
Blockchain has already started disrupting or improving several industries with innovative solutions impacting our lives in more ways than we could have ever imagined. One such application of blockchain is a cryptocurrency. In this workshop, we create a simple cryptocurrency based on smart contracts, and talk about a few best practises on writing secure smart contracts to get you started with developing decentralized applications.
The document discusses blockchain security. It begins by defining what a blockchain is - a shared digital ledger that records transactions in a decentralized peer-to-peer network. It then discusses several key aspects of blockchain security including cryptography techniques like SHA-256 that secure the data, the computational power of the network that acts as a deterrent to attacks, and vulnerabilities like smart contract bugs that still need to be addressed. Overall the document conveys that blockchain security is strong due to its design but also that more work is needed to develop tools and best practices as the technology continues to evolve.
solc-verify: A Modular Verifier for Solidity Smart ContractsAkos Hajdu
Solc-Verify is a modular verifier for Solidity smart contracts. It allows users to annotate contracts with specification properties like preconditions, postconditions, and invariants in a custom annotation language. The verifier translates the annotated Solidity contract and specifications to Boogie and sends the resulting program to an SMT solver to automatically verify the properties. Solc-Verify aims to provide a practical verification tool that balances soundness, precision, expressiveness, and user-friendliness. It was presented as a way to help find bugs in smart contracts by formally verifying user-specified high-level properties.
What is the promise of smart contracts? How is their development different from software engineering? What practices should one adopt if becoming a smart contracts engineer?
Hyperledger Fabric Application Development 20190618Arnaud Le Hors
Slides presented at the Hyperledger Fabric Workshop in Barcelona on July 10th, 2019.
This covers the development of a Fabric application and smart contract (i.e. chaincode), with some tips on good practices and the IBM Blockchain Platform extension for VS Code.
In last deck we introduce in detail about an ERC20 token contract. In this deck we implement this in TestRPC, an in-memory Ethereum environment. We will execute every function defined in this contract through Remix.
This document provides an introduction to blockchain, smart contracts, and the Solidity programming language. It discusses why blockchain is significant, defines key blockchain concepts like blocks and decentralized consensus, and compares blockchain to traditional databases. It also introduces smart contracts and Solidity, provides an example smart contract, and outlines key Solidity concepts like accounts, contracts, and calls/messages. The document concludes with information on developing and testing smart contracts.
A Decompiler for Blackhain-Based Smart Contracts BytecodeShakacon
The document discusses decompiling Ethereum smart contracts. It describes how smart contracts written in Solidity are compiled to Ethereum Virtual Machine (EVM) bytecode that is stored on the blockchain. The bytecode contains a dispatcher that uses the first 4 bytes of the call data, representing the function hash, to determine which function to execute. Function parameters and local variables are accessed using EVM instructions like CALLDATALOAD and stored in memory and on the stack.
Ethereum is a decentralized platform that runs smart contracts. It uses a blockchain and cryptocurrency called Ether. Smart contracts are programs that run exactly as programmed without downtime, censorship, fraud or third party interference. They are written in Solidity and run on the Ethereum Virtual Machine. Remix is an IDE used to write, deploy and test smart contracts. It provides different environments like JavaScript VM, injected web3 and web3 provider to interact with local or remote Ethereum networks.
An Introduction to Upgradable Smart ContractsMark Smalley
This document discusses upgradable smart contracts and provides an overview of the Blockchain Embassy of Asia (BCE.asia). It introduces BCE.asia's CEO and describes some of their projects, including working on upgradable smart contracts. The document then covers topics like Ethereum smart contract platforms, standards for fungible and non-fungible tokens, vulnerabilities in smart contracts, and potential methods for building upgradable contracts including using a key-value store with proxies.
The document summarizes a presentation on weaponizing blockchain given at the HackMiami 2018 conference. It introduces blockchain and cryptocurrency concepts like Bitcoin addresses, private and public keys, and cryptography. It then discusses how to encode data like plaintext, files, and encrypted data within blockchain transactions and how to extract that encoded data. The presentation delves into detailed math behind elliptic curve cryptography used in blockchain like calculating public keys from private keys on the secp256k1 curve.
This document provides an overview of Ethereum smart contracts, including how to compile and deploy contracts manually or using an online compiler. It describes contract components like state, functions, and modifiers. It also covers gas, transactions, addresses, and common pitfalls around things like external calls and shared state.
Best practices to build secure smart contractsGautam Anand
- Quick update in blockchain tech space
- Comparision between tech
- Security in Blockchain (Focusing on ETH Solidity attack vectors)
- Design patterns
- 2 Popular hacks (Case study)
This document discusses Ethereum accounts and introduces account abstraction on StarkNet. It summarizes that Ethereum accounts are tied to cryptographic signers, but account abstraction decouples accounts and signers by implementing the IAccount interface. This allows accounts to have multiple signers, different signature schemes, and to be upgraded, improving security and enabling use cases like fraud monitoring, account recovery, and hardware security modules. Developers can access accounts through the Argent X wallet and starknet.js library.
Streakk Chain: Build on the Streakk - English
Streakk - User Guide: Wallet setup and smart contract deployment on Remix IDE
- Setting up Streakk Chain on Metamask
- Claiming Testnet Streakk tokens(tSTKC) from Faucet
- Deploying a Contract on Streakk Blockchain using Remix IDE
Don't wait, register now in STREAKK 🌐 https://web.streakk.io/auth/signup/6767352523/
The document discusses several security issues that can arise in smart contracts including race conditions, timestamp dependence, integer overflow and underflow, denial of service attacks, and reentrancy vulnerabilities. It provides examples of how these issues can occur and potential solutions to address them like using mutexes, pulling payments instead of pushing, and checking return values. The document also covers best practices for token and crowdsale contracts including implementing roles like minting, pausing, and finalizing functions as well as different pricing strategies.
Ethereum is by far the most common contract platform on top of which a variety of application are running. One of the well-accepted application is Token. Token is implemented through a token contract. Here we introduce the ERC20 standard and see more in detail on an ERC20 Token Contract.
Serverless Design Patterns (London Dev Community)Yan Cui
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
This document summarizes key aspects of initial coin offerings (ICOs) and blockchain technology. It discusses past failures and successes of digital currencies like E-gold and Bitcoin. It then explains that blockchains provide trust through cryptography, immutability, and distribution. Smart contracts enable automated transactions through secured ledgers. ICOs allow startups to raise funds by selling tokens to investors. Security and risks are important considerations for running a successful ICO. Tokenization could expand the use of blockchains to represent real-world assets.
Blockchain technology-in-fin tech - Anton SitnikovDataFest Tbilisi
- Exactpro is a specialist firm focused on functional and non-functional testing of exchanges, clearing houses, and other financial market infrastructures. It was founded in 2009 and now employs 550 specialists.
- The document discusses Exactpro's software testing services for mission critical financial technology and clients regulated by financial authorities. It also provides an overview of Corda, a distributed ledger platform, covering nodes, identities, states, transactions, and more.
- The summary highlights Exactpro's business, services testing financial technology, and introduces Corda as a topic covered in the document.
This document discusses socket programming in C. It begins with an introduction to sockets, describing them as an interface between applications and networks that allows processes to communicate. It then covers the client-server model and types of sockets like stream and datagram. The main socket APIs are explained, including functions for creating, binding, listening, connecting, sending, receiving and closing sockets. Examples of socket programming with UDP and TCP are provided, showing the typical functions used in each case. The document concludes by noting that files can also be sent over sockets and models for handling multiple clients like process, thread and worker pools.
Web3j is a Java library that provides complete Ethereum JSON-RPC implementation for interacting with Ethereum client APIs like Geth and Parity. It supports smart contract wrappers, wallet management, synchronous and asynchronous API as well as RxJava Observables. Web3j allows deploying, calling functions on and getting events from smart contracts.
"Building financial-grade applications involve performing complex calculations over a wide range of data from across different domains, with challenges including stringent accuracy requirements, latency constraints, along with the need to share states across distributed services.
During this session, I will cover how, at Morgan Stanley, we built a real-time, microservices based Liquidity Management platform using event streaming with Kafka Streams API, to tackle high volumes of data and to perform calculations on cross domain events, spanning wide time windows over the past and the future.
I will demonstrate how we used Kafka Streams & state stores, along with patterns like Saga to achieve eventual data consistency and use state-enriched events to decouple services when transferring them through multiple business domains. I will cover mechanisms to ensure accuracy and transparency with idempotency at heart along with error detection and replay strategies.
Finally, I will look at how we used a high-performant in-memory cache to stage the results of cascaded KStream based calculation engines, which powered our high-speed, ticking and stateful data visualisations."
BA and Beyond 20 - Geert Haerens - Evolvable Architecture — Are you hoping fo...BA and Beyond
Who says Agile, says iterations. Who says iterations, says continuous change. IT Systems developed under the Agile paradigm, must support continuous change, or after some iterations, the system is no longer evolvable, no longer produces value and breaks. The question thus becomes, how can you make sure your system will be evolvable ? During this talk I want to share with you:
- What evolvability actually is?
- What are the necessary conditions for evolvability?
- What you need to change in the way of development, to have evolvability.
This talk goes beyond “make loose coupling” and “use REST API”, and focuses and real and actionable advice on how to build evolvable systems.
TADSummit Innovation Showcase chaired by Michael Lazar, DataArt. A new billing solution for tomorrow's applications. Based on Ethereum we will show an efficient billing system that can accurately track subscribers' use of services and instantaneously charge usage. The solution is designed to streamline complex billing relationships and enable Enterprise class applications to leverage Telecom environments.
This document discusses intrusion detection systems, including common attack patterns like port, ping, and login sweeps. It outlines Snort as an example network-based intrusion detection system and provides Snort rule examples. Different types of intrusion detection systems are also covered, along with considerations for host-based versus network-based placement.
This document outlines key network protocols including ARP, SYN, FTP, ICMP, DNS, port scans, SYN floods, and the application layer. It discusses how these protocols work from the bit level up through data encapsulation using Ethernet, IP, and TCP. Specific topics covered include the three-way handshake, how ARP maps IP addresses to MAC addresses, SYN scans, the FTP protocol, ICMP, DNS name resolution, types of port scans, and SYN floods as a denial of service attack.
More Related Content
Similar to Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
A Decompiler for Blackhain-Based Smart Contracts BytecodeShakacon
The document discusses decompiling Ethereum smart contracts. It describes how smart contracts written in Solidity are compiled to Ethereum Virtual Machine (EVM) bytecode that is stored on the blockchain. The bytecode contains a dispatcher that uses the first 4 bytes of the call data, representing the function hash, to determine which function to execute. Function parameters and local variables are accessed using EVM instructions like CALLDATALOAD and stored in memory and on the stack.
Ethereum is a decentralized platform that runs smart contracts. It uses a blockchain and cryptocurrency called Ether. Smart contracts are programs that run exactly as programmed without downtime, censorship, fraud or third party interference. They are written in Solidity and run on the Ethereum Virtual Machine. Remix is an IDE used to write, deploy and test smart contracts. It provides different environments like JavaScript VM, injected web3 and web3 provider to interact with local or remote Ethereum networks.
An Introduction to Upgradable Smart ContractsMark Smalley
This document discusses upgradable smart contracts and provides an overview of the Blockchain Embassy of Asia (BCE.asia). It introduces BCE.asia's CEO and describes some of their projects, including working on upgradable smart contracts. The document then covers topics like Ethereum smart contract platforms, standards for fungible and non-fungible tokens, vulnerabilities in smart contracts, and potential methods for building upgradable contracts including using a key-value store with proxies.
The document summarizes a presentation on weaponizing blockchain given at the HackMiami 2018 conference. It introduces blockchain and cryptocurrency concepts like Bitcoin addresses, private and public keys, and cryptography. It then discusses how to encode data like plaintext, files, and encrypted data within blockchain transactions and how to extract that encoded data. The presentation delves into detailed math behind elliptic curve cryptography used in blockchain like calculating public keys from private keys on the secp256k1 curve.
This document provides an overview of Ethereum smart contracts, including how to compile and deploy contracts manually or using an online compiler. It describes contract components like state, functions, and modifiers. It also covers gas, transactions, addresses, and common pitfalls around things like external calls and shared state.
Best practices to build secure smart contractsGautam Anand
- Quick update in blockchain tech space
- Comparision between tech
- Security in Blockchain (Focusing on ETH Solidity attack vectors)
- Design patterns
- 2 Popular hacks (Case study)
This document discusses Ethereum accounts and introduces account abstraction on StarkNet. It summarizes that Ethereum accounts are tied to cryptographic signers, but account abstraction decouples accounts and signers by implementing the IAccount interface. This allows accounts to have multiple signers, different signature schemes, and to be upgraded, improving security and enabling use cases like fraud monitoring, account recovery, and hardware security modules. Developers can access accounts through the Argent X wallet and starknet.js library.
Streakk Chain: Build on the Streakk - English
Streakk - User Guide: Wallet setup and smart contract deployment on Remix IDE
- Setting up Streakk Chain on Metamask
- Claiming Testnet Streakk tokens(tSTKC) from Faucet
- Deploying a Contract on Streakk Blockchain using Remix IDE
Don't wait, register now in STREAKK 🌐 https://web.streakk.io/auth/signup/6767352523/
The document discusses several security issues that can arise in smart contracts including race conditions, timestamp dependence, integer overflow and underflow, denial of service attacks, and reentrancy vulnerabilities. It provides examples of how these issues can occur and potential solutions to address them like using mutexes, pulling payments instead of pushing, and checking return values. The document also covers best practices for token and crowdsale contracts including implementing roles like minting, pausing, and finalizing functions as well as different pricing strategies.
Ethereum is by far the most common contract platform on top of which a variety of application are running. One of the well-accepted application is Token. Token is implemented through a token contract. Here we introduce the ERC20 standard and see more in detail on an ERC20 Token Contract.
Serverless Design Patterns (London Dev Community)Yan Cui
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
This document summarizes key aspects of initial coin offerings (ICOs) and blockchain technology. It discusses past failures and successes of digital currencies like E-gold and Bitcoin. It then explains that blockchains provide trust through cryptography, immutability, and distribution. Smart contracts enable automated transactions through secured ledgers. ICOs allow startups to raise funds by selling tokens to investors. Security and risks are important considerations for running a successful ICO. Tokenization could expand the use of blockchains to represent real-world assets.
Blockchain technology-in-fin tech - Anton SitnikovDataFest Tbilisi
- Exactpro is a specialist firm focused on functional and non-functional testing of exchanges, clearing houses, and other financial market infrastructures. It was founded in 2009 and now employs 550 specialists.
- The document discusses Exactpro's software testing services for mission critical financial technology and clients regulated by financial authorities. It also provides an overview of Corda, a distributed ledger platform, covering nodes, identities, states, transactions, and more.
- The summary highlights Exactpro's business, services testing financial technology, and introduces Corda as a topic covered in the document.
This document discusses socket programming in C. It begins with an introduction to sockets, describing them as an interface between applications and networks that allows processes to communicate. It then covers the client-server model and types of sockets like stream and datagram. The main socket APIs are explained, including functions for creating, binding, listening, connecting, sending, receiving and closing sockets. Examples of socket programming with UDP and TCP are provided, showing the typical functions used in each case. The document concludes by noting that files can also be sent over sockets and models for handling multiple clients like process, thread and worker pools.
Web3j is a Java library that provides complete Ethereum JSON-RPC implementation for interacting with Ethereum client APIs like Geth and Parity. It supports smart contract wrappers, wallet management, synchronous and asynchronous API as well as RxJava Observables. Web3j allows deploying, calling functions on and getting events from smart contracts.
"Building financial-grade applications involve performing complex calculations over a wide range of data from across different domains, with challenges including stringent accuracy requirements, latency constraints, along with the need to share states across distributed services.
During this session, I will cover how, at Morgan Stanley, we built a real-time, microservices based Liquidity Management platform using event streaming with Kafka Streams API, to tackle high volumes of data and to perform calculations on cross domain events, spanning wide time windows over the past and the future.
I will demonstrate how we used Kafka Streams & state stores, along with patterns like Saga to achieve eventual data consistency and use state-enriched events to decouple services when transferring them through multiple business domains. I will cover mechanisms to ensure accuracy and transparency with idempotency at heart along with error detection and replay strategies.
Finally, I will look at how we used a high-performant in-memory cache to stage the results of cascaded KStream based calculation engines, which powered our high-speed, ticking and stateful data visualisations."
BA and Beyond 20 - Geert Haerens - Evolvable Architecture — Are you hoping fo...BA and Beyond
Who says Agile, says iterations. Who says iterations, says continuous change. IT Systems developed under the Agile paradigm, must support continuous change, or after some iterations, the system is no longer evolvable, no longer produces value and breaks. The question thus becomes, how can you make sure your system will be evolvable ? During this talk I want to share with you:
- What evolvability actually is?
- What are the necessary conditions for evolvability?
- What you need to change in the way of development, to have evolvability.
This talk goes beyond “make loose coupling” and “use REST API”, and focuses and real and actionable advice on how to build evolvable systems.
TADSummit Innovation Showcase chaired by Michael Lazar, DataArt. A new billing solution for tomorrow's applications. Based on Ethereum we will show an efficient billing system that can accurately track subscribers' use of services and instantaneously charge usage. The solution is designed to streamline complex billing relationships and enable Enterprise class applications to leverage Telecom environments.
Similar to Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar (20)
This document discusses intrusion detection systems, including common attack patterns like port, ping, and login sweeps. It outlines Snort as an example network-based intrusion detection system and provides Snort rule examples. Different types of intrusion detection systems are also covered, along with considerations for host-based versus network-based placement.
This document outlines key network protocols including ARP, SYN, FTP, ICMP, DNS, port scans, SYN floods, and the application layer. It discusses how these protocols work from the bit level up through data encapsulation using Ethernet, IP, and TCP. Specific topics covered include the three-way handshake, how ARP maps IP addresses to MAC addresses, SYN scans, the FTP protocol, ICMP, DNS name resolution, types of port scans, and SYN floods as a denial of service attack.
This document discusses memory, big data, and security information and event management (SIEM). It outlines how a SIEM infrastructure can be modeled after the human brain's memory to gather and analyze large amounts of data. Specifically, it proposes that machines should be adaptive, interactive, iterative and stateful, and contextual to effectively learn from data over time and identify security threats, similar to how the human brain functions. The document also mentions directed graphs and the five V's of big data - volume, velocity, variety, veracity, and value.
This document discusses different types and formats of data including unstructured, semi-structured, and structured data. It explains that unstructured data has no formal structure, semi-structured data has some defined tags but not a formal schema, and structured data has a formal schema and relationships defined. The document also covers topics like data encoding, compression, magic numbers, and different data formats like CSV, JSON, XML, and more.
Threat hunters collect internal and external data to establish hypotheses about potential threats. They hunt for information to identify real threats and determine an appropriate response. Open source intelligence includes data from social networks, crowd-sourced sites, wikis, and photographs that can provide information about people, organizations, technologies and more. Tools like Google dorking, the Wayback Machine and Shodan allow searching open webpages and networks for intelligence.
The document discusses converting data into information using NumPy and Pandas Python libraries. It covers topics like arrays and matrices, different data formats, NumPy operations for linear algebra and math, and Pandas for working with labeled data and performing analyses like sorting, filtering, and correlations. The goal is to understand how to structure and analyze data using these Python tools.
The document discusses information security, defense mechanisms, and risks. It outlines concepts like data, information, knowledge and wisdom. It describes kill chain models used to investigate security incidents and defenses that use layers like deterrence, detection, protection, reaction, recovery, and auditing. The document also covers risks, costs, benefits, and harm from physical, economic, psychological and reputational impacts.
This document discusses cybersecurity, intelligence, and the differences between human and machine intelligence. It provides an overview of cybersecurity job roles and frameworks. It also covers types of intelligence including naturalist, musical, logical-mathematical, existential, and inter-personal. Humans are described as having advantages in areas like creativity, perception, memory, verbal skills, and reasoning compared to current computer capabilities. Motivations for cyberattacks include entertainment, hacktivism, financial gain, spying, and revenge.
The document discusses ARTiFACTS, a platform that uses blockchain technology to provide attribution for research works. It allows researchers to establish proof of authorship, protect and share research materials, and receive valid attribution and credit for any research output. Researchers, scholars, and publishers can integrate with the ARTiFACTS open platform. It provides a case study of its partnership with the journal JBBA, where researchers can link supporting files and publications to receive citations.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Robust Programming of Smart Contracts in Solidity+, RK Shyamasundar
1. Robust Programming of Smart
Contracts in Solidity+
RK Shyamasundar
Department of Computer Science & Engg
Indian Institute of Technology Bombay
rkss@cse.iitb.ac.in
(Joint work with Snehal Borse and Prateek Patidar)
11/03/2020 ICBC2020 1
2. Smart Contracts
• Smart contracts provide the feeling of sequential
execution, but they are have stark similarity with
shared variable programs.
• One Comes across several vulnerabilities in
Solidity – a widely used language on Ethereum
• Realize robustness through methodologies of
distributed programs over shared variables.
– Explicit Declarations for concurrency and
– Process Interaction
– Specification of Concurrent Modules
11/03/2020 ICBC2020 2
3. Approach
• Capture the patterns of Vulnerabilities
• Generalize the patterns as Declarations for the
Programs
• Declarations + Program
Solidity program with Error handling
Features like require, assert, revert
11/03/2020 ICBC2020 3
Automatic Transform
Outline of Proof Carrying Code
4. Advantages
• Effective for Programmer - ease of programming
• Debugging at the level of Solidity and not
Ethereum
• A sort of Informal framework of proof carrying
code on the blockchain for smart contracts
• Parallels ensuring data integrity without
unnecessary mutual exclusion, permitting
dynamic resource management.
• Amenable structurally for formal correctness
(Model Checkers or Verifiers) similar to
concurrent programs
11/03/2020 ICBC2020 4
6. 11/03/2020 ICBC2020 6
• SOLIDITY +
• DECLARATIONS
• NONREENTRANT
• IMPORT
• EXPORT
• ACCESS
• PARALLEL
• INVAR …
• contract Coin {
• // The keyword "public" makes variables
• // accessible from other contracts
• address public minter;
• mapping (address => uint) public balances;
• // Events allow clients to react to specific
• // contract changes you declare
• event Sent(address from, address to, uint amount);
• // Constructor code is only run when the contract
• // is created
• constructor() public {
• minter = msg.sender;
• }
• // Sends an amount of newly created coins to an address
• // Can only be called by the contract creator
• function mint(address receiver, uint amount) public {
• require(msg.sender == minter);
• require(amount < 1e60);
• balances[receiver] += amount;
• }
• // Sends an amount of existing coins
• // from any caller to an address
• function send(address receiver, uint amount) public {
• require(amount <= balances[msg.sender], "Insufficient balance.");
• balances[msg.sender] -= amount;
• balances[receiver] += amount;
• emit Sent(msg.sender, receiver, amount);
• }
• }
15. Require(1)
• The require function should be used to ensure
valid conditions that cannot be detected until
execution time.
• These conditions include inputs, or contract
state variables are met, or to validate return
values from calls to external contracts.
• You can optionally provide a message string
for require, but not for assert.
11/03/2020 ICBC2020 15
16. Require (2)
• Internally, Solidity performs a revert operation (instruction
0xfd) for a require-style exception and executes an invalid
operation (instruction 0xfe) to throw an assert-style
exception.
• In both cases, this causes the EVM to revert all changes
made to the state.
• The reason for reverting is that there is no safe way to
continue execution, because an expected effect did not
occur.
• Because we want to keep the atomicity of transactions, the
safest action is to revert all changes and make the whole
transaction (or at least call) without effect.
11/03/2020 ICBC2020 16
17. Assert
• The assert function should only be used to
test for internal errors, and to check
invariants.
• Properly functioning code should never reach
a failing assert statement;
– if this happens there is a bug in your contract
which you should fix.
– Language analysis tools can evaluate your contract
to identify the conditions and function calls which
will reach a failing assert.
11/03/2020 ICBC2020 17
18. Assert and Require
• assert-style exceptions consume all gas
available to the call,
• while require-style exceptions do not consume
any gas starting from the Metropolis release.
11/03/2020 ICBC2020 18
19. Revert
11/03/2020 ICBC2020 19
• The revert function is another way to trigger exceptions from
within other code blocks to flag an error and revert the
current call.
• The function takes an optional string message containing
details about the error that is passed back to the caller.
26. ERC20
• ERC20 is a technical standard used for smart
contracts on the Ethereum blockchain for
implementing tokens.
• ERC-20 token standard became popular with
crowdfunding companies working on initial
coin offering (ICO) cases due to simplicity of
deployment, together with its potential for
interoperability with other Ethereum token
standards.
11/03/2020 ICBC2020 26
28. ERC20(2)
• Alice allows Bob to transfer 100 of Alice’s
token by calling approve(Bob’s address, 100).
• After some time Alice decides to change the
approved token from 100 to 50, so she calls
approve(Bob’s address, 50).
• Before Alice’s second transaction was mined,
Bob calls transferFrom to transfer 100 Alice’s
tokens somewhere.
• If Bob’s transaction will be executed before
Alice’s then Bob has already transferred 100
tokens and now additionally has permission
to transfer 50 tokens.
• Before Alice notices that something went
wrong,
• Bob calls Transfer from to transfer 50 Alice’s
token to somewhere.
• Nondeterminism:
• Alice initially wanted to change the allowed
tokens from 100 to 50 but this change made
it possible for Bob to transfer 150 tokens.
Alice never wanted to allow Bob to spend
this much of her tokens.
11/03/2020 ICBC2020 28
29. 11/03/2020 ICBC2020 29
ACCESS (approve)* or
(approve)+((allowance) (transferFrom))* or
((allowance) (transferFrom))*
31. Gasless send
contract Sender {
function transferAmt() {
receiver.send(n);
print(“Successfully sent n ether
to receiver”);
}
}
contract Receiver {
uint x = 0;
function() { //Fallback function
}
}
33
◎ send: predefined amount of gas
i.e. 2300 which can’t be
changed
◎ Sufficient for Fallback function
without state change
◎ Insufficient for Fallback function
with state change
contract Sender {
function transferAmt() {
receiver.send(n);
print(“Successfully sent n ether
to receiver”);
}
}
contract Receiver {
uint x = 0;
function() {
x++;
}
}
Successful
◎ send: predefined amount of gas
i.e. 2300 which can’t be
changed
◎ Sufficient for Fallback function
without state change
Failed
contract Sender {
function transferAmt() {
receiver.send(n);
print(“Successfully sent n ether
to receiver”);
}
}
contract Receiver {
uint x = 0;
function() {
x++;
}
}
32. Gasless Send Solution
34
◎ Whenever there is a transfer of ether using send function, use guard
function for that send call
contract Sender {
function transferAmt() {
require(receiver.send(n), “Insufficient gas”);
print(“Successfully sent n ether
to receiver”);
}
}
contract Receiver {
uint x = 0;
function() {
x++;
}
}
FAIL
43. Type Cast Transformed
45
contract A {
function foo() {
print(“Calling foo of contract A”);
}
}
contract B {
function foo() {
print(“Calling foo of contract B”);
}
}
contract C{
function callFoo(A a) { //call foo() of A
require(a==Addr of A, “Calling apprpriate foo()”);
a.foo();
}
}
callFoo(addr of A): succeed
callFoo(addr of B): failed
44. 11/03/2020 ICBC2020 46
• SOLIDITY +
• DECLARATIONS
• IMPORT
• EXPORT
• ACCESS
• PARALLEL
• NONREENTRANT
• INVAR …
• contract Coin {
• // The keyword "public" makes variables
• // accessible from other contracts
• address public minter;
• mapping (address => uint) public balances;
• // Events allow clients to react to specific
• // contract changes you declare
• event Sent(address from, address to, uint amount);
• // Constructor code is only run when the contract
• // is created
• constructor() public {
• minter = msg.sender;
• }
• // Sends an amount of newly created coins to an address
• // Can only be called by the contract creator
• function mint(address receiver, uint amount) public {
• require(msg.sender == minter);
• require(amount < 1e60);
• balances[receiver] += amount;
• }
• // Sends an amount of existing coins
• // from any caller to an address
• function send(address receiver, uint amount) public {
• require(amount <= balances[msg.sender], "Insufficient balance.");
• balances[msg.sender] -= amount;
• balances[receiver] += amount;
• emit Sent(msg.sender, receiver, amount);
• }
• }
45. Merits of Solidity+
1. Solidity and Solidity+ executionally remain
unchanged without adding burden on the
programmer.
2. It only adds runtime checks to the program as
per declarations.
3. Allows programmer to debug at the source level
itself rather than EVM.
4. An informal framework for proof carrying smart
contracts, Adaptable for formal correctness as
well (model checking, theorem prover …)
11/03/2020 ICBC2020 47
47. Graph Generation
49
◎ In addition to the transformation into Solidity+, we generate a graph of a
Solidity program
◎ As pictures speak more than words, it makes easier for naive user to
understand the flow of a program
◎ After graph generation, we try to find out a pattern for a vulnerability and
make conclusive statement about the contract
50. Related Work
◎ Oyente [2]
○ Based on symbolic execution
○ Creates CFG for bytecode
◎ Mythril OSS [7]
○ Based on concolic execution, taint analysis and control flow checking
◎ Problems with the above approaches:
○ Neither sound nor complete
○ Several false alarms even in trivial contracts
○ Hard to recreate the intent from bytecode alone
52
51. Related Work
◎ F* [4]
○ Presents two tools which are based on shallow embedding in F*
○ Does not handle loops
○ Only a subset of Solidity is translated to F*
○ Reasoning may require manual proofs
◎ Why3 [8]
○ Supports only a small subset of entire syntax
○ Solidity to Why3 translation is not yet tested and can not be trusted
◎ ZEUS [3]
○ Based on abstract interpretation and symbolic model checking
○ Conducts policy checking based on user provided policies
53
52. Related Work
◎ Securify [5]
○ Derives semantic facts inferred by analyzing the contract’s dependency graph
○ Uses these facts to check a set of compliance and violation patterns
◎ Hirai et al. [9]
○ Used the Isabelle proof assistant and Lem language
○ Defined a formal model for the Ethereum Virtual Machine
○ Proved safety properties of smart contracts using existing interactive theorem provers
◎ Amani et al. [10]
○ Extended the existing EVM formalisation by Hirai et al.
○ Structured the bytecode sequences into basic blocks and created a program logic to
reason about these
54
53. Related Work
◎ KEVM [11]
○ A formal semantics of the EVM written using the K-framework
○ Properties are specified in Reachability Logic and verified with a separate analysis tool
◎ Grishchenko et al. [12]
○ Complete small-step semantics of EVM bytecode
○ Formalized in the F* proof assistant
○ Also formalized a number of security properties
◎ Jiao et al. [13]
○ Defined a small-step operational semantics for a subset of the Solidity language
○ Their work is executable in the K-framework
◎ All the above semantics are executable and were validated against the
official Ethereum test suite.
55