On the 29th of October, HackenProof has hosted a security meetup during DevCon4 as a part of Prague Blockchain Week. We discussed the current state of security threats in smart contracts and showcased tools that can improve the level of security in smart contracts and blockchain protocols. We were very pleased to see that more than 50 blockchain and security enthusiasts have turned up for the event. A clear sign that security is important to the community of blockchain developers. At the #blockchainhackers security meetup, HackenProof has gathered top smart contract security experts in a single room, including representatives from Trail of Bits, ConsenSys, ChainSecurity, Mythril Platform, Hacken, SolidStamp, SmartDec, Solidified, IEEE and many others!
Agenda of the event:
We’ve had 5 talks given by smart contract security experts:
HackenProof is currently developing several open source tools that would help smart contract auditors around the world. Pavlo has showcased blockchain vulnerability scoring system, aka BVSS, Smart Contract Secure Development Guidelines, aka SCSDG and HackenProof blockchain vulnerability database. We’d like to state that both BVSS and SCSDG tools are still “work in progress”, so feedback from developers would be highly appreciated. Presentation link.
- Symbolic Verification of Ethereum Smart Contracts – Petar Tsankov, Chief Science Officer at ChainSecurity
Petar has presented ChainSecurity Glyph, a dynamic smart contract verification system based on the newest research out of the ICE Lab at ETH Zurich in cooperation with ChainSecurity. This is a next-generation tool for smart contract audit. Peter explained how formal verification works and showcased that it is highly dependant on the manual skills of an auditor. Moreover, he stressed that there are no tools that can find all the vulnerabilities in a smart contract without auditor’s manual input. He explained that auto-tests are in no way a “silver bullet” that can solve the problem.
Ivan has presented a Smart Contract Vulnerability Classification developed within SmartDec to help educate developers and allow them to work with audit reports. Again, this is just the first version of the classification, so developers are welcome to comment and contact Ivan directly if they would like to contribute their knowledge and findings. Presentation link.
Evgenia has explained how a crowdsourced security approach can help blockchain projects enhance their security by leveraging the power of white hat hackers community. She went over the current state of the industry and explained how bug bounty platforms work, how much are blockchain projects spending on bounties, and how to launch a bug bounty program. Presentation link.
SmartDec has recently created a new tool for Vyper (smart contracts programing language) called SmartCheck. It’s a static code security analyzer for smart contracts. Evgeny has explained how it works and demonstrated functionality of the product. Presentation link.
We’d like to stress the fact, that this meetup is just the beginning. We plan to continue gathering smart contract security experts and are already planning our next meetup and will be announcing it soon. Please follow us on Twitter and Facebook so that you can get the latest updates from HackenProof.