Evolution of Smart Contract Security in the Ethereum EcosystemA lot has changed in the smart contract development ecosystem in the year since DEVCON2. Our perspective as leaders of the smart contract security community OpenZeppelin shows us that the industry is maturing. We give a brief overview of how security patterns and practices have evolved in the past months, dive into some details of recent developments, and talk about promising projects and their plans for the future.
Manuel Araoz, CTO at Zeppelin Solutions and Lead Developer of OpenZeppelin
Designing Future-proof Smart Contract SystemsExploring techniques to build more modular smart contract systems that allow for more graceful upgrades and gas savings using delegate calls.
Cofounder and Tech Lead, Aragon
The Future of Token Contracts: MiniMe, Governance, LiquidPledging & ERC223The standard vanilla ERC-20 token has been heavily used in the Ethereum ecosystem, but the innovative application of tokens has not been explored nearly enough.
In this talk i will explore:
– The MiniMe token and its many applications, especially in decentralized governance.
– The current status in the ERC223 token standard and my opinion on the path forward.
– LiquidPledging, an innovative solution for fund management.
Speaker: Jordi Baylina
– Currently developing smart contracts for the non-profit Giveth.io platform. Promoting the the DAO-ification of society.
– WHG leader (secured 10% of ether’s totalSupply in TheDAO hack & 210 million dollars worth of ether & tokens in the Parity Multisig Hack)
– Author of the MiniMe Token, Liquid Pledging, Liquid Democracy for TheDAO, and other widely used smart contracts.
Panel: USCC – The Underhanded Solidity Coding ContestPanelists: João Gabriel Carvalho, Richard Moore, Martin Swende
Moderator: Nick Johnson
The Melon security approachMelonport is striving to build a vibrant and successful developer ecosystem of Melon module builders. An important part of that ecosystem is the security and behaviour of smart contracts that make up Melon modules as well as how they interact with the Melon core and each other. In this presentation, we’ll demonstrate our ongoing technical efforts to assist Melon module developers in creating safe, secure smart contracts and touch on the importance of getting the auditing process right and how others can learn from our experience.
Melonport Chairman & Co-Founder
Enter the Hydra – An Experimental Approach to Smart Contract SecurityIn this talk, we will demonstrate a new approach to secure smart contract development that we believe has the potential to remove a large class of implementation bugs that has plagued the ecosystem. We will discuss connections to other topics in secure smart contract development and announce an effort to build the most secure Ethereum contract ever launched on the mainnet!
Philip Daian is a Computer Science graduate student pursuing a PhD at Cornell University. He specializes in smart contracts and smart contract security, as well as the confidentiality properties of distributed ledger technology. He brings experience in the formal verification and automotive domains. Before coming to Cornell, he worked with runtime verification and formal methods, first collaborating with the FSL on several projects as an undergraduate at the University of Illinois at Urbana-Champaign and later moving to the private sector. He looks forward to building the next generation of efficient and open financial cryptosystems.
KEVM: Overview and Progress ReportSince the IC3 Crypto Boot Camp, we have been extending the KEVM semantics in several directions. At the time, we only supported the VMTests from the Ethereum Test Suite, it was somewhat difficult to write properties and proofs about programs in EVM, and EVM-PRIME was a simple demonstrative toy language. This session will cover the progress so far in addressing these issues, as well as our goals and intentions for the semantics moving forward. In particular, we are focused on providing tools to ease the process of writing and proving specifications about programs written in high-level languages.
Everett Hildenbrandt is a CS PhD student at University of Illinois Urbana-Champaign studying formal methods and programming languages. He is focused on improving the scalability of symbolic reasoning for applications in both distributed and physical systems. In the context of blockchain systems, he is interested in formalizing the semantics of both the underlying languages used and the consensus protocols. To this end, he recently led the KEVM project which developed an executable mathematical model of the EVM in the K Framework.
Oyente: Development updateOyente: An Analysis Tool for Smart Contracts. https://github.com/melonproject/oyente
Loi Luu is a researcher working on cryptocurrencies, smart contract security and distributed consensus algorithms.
Securify: Not Your Grandma’s Smart Contract VerificationWe present Securify (www.securify.ch), the first push-button security auditing tool for Ethereum smart contracts that is fully automated, easily extensible to new security vulnerabilities, and provides strong security guarantees. The core technical idea behind Securify is to soundly extract deep semantic information from the smart contract using automated abstract reasoning. This information is then used to ensure the absence of critical security vulnerabilities, such as reentrant calls, unprivileged storage accesses, and many others. Securify precisely analyzes real-world smart contracts within seconds, and handles any language that compiles to Ethereum bytecode.
Quentin Hibon is a member of the blockchain security team at the Software Reliability Lab, ETH Zurich. He works on Securify, the first push-button security auditing tool for Ethereum smart contracts, and develops new generation systems for automated analysis and testing of smart contracts. He holds a Master of Science in Engineering from Ecole Polytechnique (France).
Morphing Smart Contracts with BambooAn Ethereum contract language called Bamboo mitigates common mistakes. A Bamboo program textually displays all states and transitions. A program runs always one-pass without loops or functions. Runtime checks never allow reentrant execution. Erlang folks might like the syntax. OCaml people, I need you.
Ethereum Formal Verification Engineer; Research, Testing
Panel: Formal VerificationPanelists: Phil Daian, Everett Hildenbrandt, Yoichi Hirai, Loi Luu
Moderator: Reto Trinkler
Hardening Smart Contracts with Hardware SecurityTrusted hardware is not your enemy – as threats against cryptocurrencies are evolving (from dumb malware sweeping private keys to smart attackers attacking the presentation layers of smart contracts), we’ll review during this presentation a short history of trusted hardware, how Open Source code can be designed today on modern trusted execution environments to provide a flexible and auditable environment to delegate the security critical parts of smart contracts, and the security compromises made when dealing with the opaque features of trusted hardware.