The Initial Coin Offering (ICO) boom has been powered by smart contracts, making them a hotter and more lucrative target than ever before. One might expect that being well-funded by security-sensitive investors would be enough to save this technology from the security sins of its forebears. Unfortunately, smart contract security is poorly understood, even by some of the field’s most prolific and successful developers. However, the wider Ethereum community is working to change that. An amalgam of academics, security enthusiasts, and industry professionals have created the first generation of audit and development practices focused on defense of smart contracts, along with a nascent tool suite to augment them.
This talk presents a digestible but robust set of tools and practices used by the authors to find real vulnerabilities in real contracts during the course of their work as security consultants. Audience members who develop smart contracts will leave with a strong understanding of development and test best practices to make sure they are not the next to be “popped”, while those interested in auditing them will learn a battle-tested practicum for finding vulns in the wild.