SlideShare una empresa de Scribd logo

Smart contract vulnerability classification by Ivan Ivanitskiy, Chief Analytics Officer at SmartDec

HackenProof
HackenProof

SmartDec is presenting a smart contract vulnerability classification system to educate developers around the world.

Ingeniería
1 de 15
Descargar para leer sin conexión
Smart contract vulnerability classification #blockchainhackers, Prague, 29.10.2018 Evgeny Marchenko Ivan Ivanitskiy SmartDec Lead Developer marchenko@smartdec.net SmartDec Chief Analytics Officer ivanitskiy@smartdec.net Twitter: @IvanIvanitskiy
• static code analysis • smart contracts audits (>100) • smart contracts development SmartCheck: tool.smartdec.net Blog: blog.smartdec.net Website: smartdec.net Twitter: @SmartDecTeam SmartDec #blockchainhackers, Prague, 29.10.2018
A code issue: • To fix or not to fix? • Bug or vulnerability? • Severity? • Name? Problem Thus, we needed standardization! #blockchainhackers, Prague, 29.10.2018
• no hierarchy • no explanation • items of different nature • items of different frequency Standardization So, it’s not enough! #blockchainhackers, Prague, 29.10.2018
o to work with: • issues • hacks • tools rules o to educate developers o to improve audit experience o to compare standardizations What do we need? So, we need classification! #blockchainhackers, Prague, 29.10.2018
• classifies • is self-explanatory • gives high-level understanding Good classification So we made our classification! #blockchainhackers, Prague, 29.10.2018
Classification structureclassification class (nature) type group (feature) issues #blockchainhackers, Prague, 29.10.2018
Classes blockchain language model #blockchainhackers, Prague, 29.10.2018
Classes blockchain language model …? #blockchainhackers, Prague, 29.10.2018
Class: blockchain contract interaction block content manipulation message structure gas limitations #blockchainhackers, Prague, 29.10.2018 ether transfer
Class: blockchain contract interaction reentrancy (SWC-107) The DAO block content manipulation front-running ERC20 approve() message structure gas limitations #blockchainhackers, Prague, 29.10.2018 ether transfer
Class: language storage access uninitialized storage pointer (SWC-109) internal control flow arithmetic over/underflow (SWC-101) batchTransfer() #blockchainhackers, Prague, 29.10.2018
Class: model trust overpowered owner KickICO privacyauthorization constructor name Rubixi #blockchainhackers, Prague, 29.10.2018 economy
Is it good?  classifies  is self-explanatory  gives high-level understanding Help us! • use it • comment • commit github.com/smartdec/classification #blockchainhackers, Prague, 29.10.2018
Classification of smart contracts vulnerabilities Evgeny Marchenko Ivan Ivanitskiy SmartDec Lead Developer marchenko@smartdec.net SmartDec Chief Analytics Officer ivanitskiy@smartdec.net Twitter: @IvanIvanitskiy #blockchainhackers, Prague, 29.10.2018

Recomendados

Static Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDec
Static Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDecStatic Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDec
Static Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDec
HackenProof
 
Introduction to Blockchain Tests Workshop at The National Software Testing C...
Introduction to Blockchain Tests Workshop at The National Software Testing C... Introduction to Blockchain Tests Workshop at The National Software Testing C...
Introduction to Blockchain Tests Workshop at The National Software Testing C...
Rafaela Azevedo
 
Magento technical resources
Magento technical resourcesMagento technical resources
Magento technical resources
Magetips
 
Prosenjit Saha MIT Course Certificate
Prosenjit Saha MIT Course CertificateProsenjit Saha MIT Course Certificate
Prosenjit Saha MIT Course Certificate
Prosenjit Saha
 
AI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQSAI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQS
Kari Kakkonen
 
Code Security with GitHub Advanced Security
Code Security with GitHub Advanced SecurityCode Security with GitHub Advanced Security
Code Security with GitHub Advanced Security
Luis Fraile
 
Code Review
Code ReviewCode Review
Code Review
rantav
 
DSDT Meetup March 2019
DSDT Meetup March 2019DSDT Meetup March 2019
DSDT Meetup March 2019
DSDT_MTL
 

Recomendados

Static Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDec
Static Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDecStatic Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDec
Static Analysis for Vyper by Evgeny Marchenko, Lead Developer at SmartDec
HackenProof
 
Introduction to Blockchain Tests Workshop at The National Software Testing C...
Introduction to Blockchain Tests Workshop at The National Software Testing C... Introduction to Blockchain Tests Workshop at The National Software Testing C...
Introduction to Blockchain Tests Workshop at The National Software Testing C...
Rafaela Azevedo
 
Magento technical resources
Magento technical resourcesMagento technical resources
Magento technical resources
Magetips
 
Prosenjit Saha MIT Course Certificate
Prosenjit Saha MIT Course CertificateProsenjit Saha MIT Course Certificate
Prosenjit Saha MIT Course Certificate
Prosenjit Saha
 
AI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQSAI improves software testing by Kari Kakkonen at TQS
AI improves software testing by Kari Kakkonen at TQS
Kari Kakkonen
 
Code Security with GitHub Advanced Security
Code Security with GitHub Advanced SecurityCode Security with GitHub Advanced Security
Code Security with GitHub Advanced Security
Luis Fraile
 
Code Review
Code ReviewCode Review
Code Review
rantav
 
DSDT Meetup March 2019
DSDT Meetup March 2019DSDT Meetup March 2019
DSDT Meetup March 2019
DSDT_MTL
 
Future of Work in Engineering
Future of Work in EngineeringFuture of Work in Engineering
Future of Work in Engineering
Sergii Shanin
 
Stratos tokens presentation 2020
Stratos tokens presentation 2020Stratos tokens presentation 2020
Stratos tokens presentation 2020
ChristerHagman2
 
The Future is Here. The Future is Code.
The Future is Here. The Future is Code.The Future is Here. The Future is Code.
The Future is Here. The Future is Code.
Amazon Web Services
 
Code review
Code reviewCode review
Code review
Raquel Pau
 
AI and ChatGPT for Automated Code Review & Quality Assurance.pdf
AI and ChatGPT for Automated Code Review & Quality Assurance.pdfAI and ChatGPT for Automated Code Review & Quality Assurance.pdf
AI and ChatGPT for Automated Code Review & Quality Assurance.pdf
snakconsultancy
 
JArchitect Benefits
JArchitect BenefitsJArchitect Benefits
JArchitect Benefits
CoderGears
 
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Catalin Gheorghiu
 
Code Review
Code ReviewCode Review
Code Review
Lukas Rypl
 
Your Open Source Program Office
Your Open Source Program OfficeYour Open Source Program Office
Your Open Source Program Office
Gil Yehuda
 
Protection and Verification of Security Design Flaws
Protection and Verification of Security Design FlawsProtection and Verification of Security Design Flaws
Protection and Verification of Security Design Flaws
Hdiv Security
 
On to code review lessons learned at microsoft
On to code review lessons learned at microsoftOn to code review lessons learned at microsoft
On to code review lessons learned at microsoft
Michaela Greiler
 
Series A Deck
Series A DeckSeries A Deck
Series A Deck
Upekkha default
 
AI-and-ChatGPT-for-Automated-Code-Review.pptx
AI-and-ChatGPT-for-Automated-Code-Review.pptxAI-and-ChatGPT-for-Automated-Code-Review.pptx
AI-and-ChatGPT-for-Automated-Code-Review.pptx
snakconsultancy
 
Short pitch presentatation ntitle #blockchain
Short pitch presentatation ntitle #blockchainShort pitch presentatation ntitle #blockchain
Short pitch presentatation ntitle #blockchain
Game-Consultant.com
 
Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity
Peter Gfader
 
Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?
Romain Gaucher
 
Technology Vision 2020: The Analytics Angle with SAS
Technology Vision 2020: The Analytics Angle with SASTechnology Vision 2020: The Analytics Angle with SAS
Technology Vision 2020: The Analytics Angle with SAS
accenture
 
Writing Code for Humans, not Computers
Writing Code for Humans, not ComputersWriting Code for Humans, not Computers
Writing Code for Humans, not Computers
René Cacheaux
 
From c# Into Machine Learning
From c# Into Machine LearningFrom c# Into Machine Learning
From c# Into Machine Learning
Dev Raj Gautam
 
Bugbounty Programs - Codemotion
Bugbounty Programs - CodemotionBugbounty Programs - Codemotion
Bugbounty Programs - Codemotion
Omar BV
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
KOUSTAV SARKAR
 

Más contenido relacionado

Similar a Smart contract vulnerability classification by Ivan Ivanitskiy, Chief Analytics Officer at SmartDec

The Future is Here. The Future is Code.
The Future is Here. The Future is Code.The Future is Here. The Future is Code.
The Future is Here. The Future is Code.
Amazon Web Services
 
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Catalin Gheorghiu
 
Protection and Verification of Security Design Flaws
Protection and Verification of Security Design FlawsProtection and Verification of Security Design Flaws
Protection and Verification of Security Design Flaws
Hdiv Security
 
Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity
Peter Gfader
 

Similar a Smart contract vulnerability classification by Ivan Ivanitskiy, Chief Analytics Officer at SmartDec (20)

Future of Work in Engineering
Future of Work in EngineeringFuture of Work in Engineering
Future of Work in Engineering
 
Stratos tokens presentation 2020
Stratos tokens presentation 2020Stratos tokens presentation 2020
Stratos tokens presentation 2020
 
The Future is Here. The Future is Code.
The Future is Here. The Future is Code.The Future is Here. The Future is Code.
The Future is Here. The Future is Code.
 
Code review
Code reviewCode review
Code review
 
AI and ChatGPT for Automated Code Review & Quality Assurance.pdf
AI and ChatGPT for Automated Code Review & Quality Assurance.pdfAI and ChatGPT for Automated Code Review & Quality Assurance.pdf
AI and ChatGPT for Automated Code Review & Quality Assurance.pdf
 
JArchitect Benefits
JArchitect BenefitsJArchitect Benefits
JArchitect Benefits
 
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
Mkdotnet Codecamp 2012 - Microsoft Tag applications or “barcodes” in our appl...
 
Code Review
Code ReviewCode Review
Code Review
 
Your Open Source Program Office
Your Open Source Program OfficeYour Open Source Program Office
Your Open Source Program Office
 
Protection and Verification of Security Design Flaws
Protection and Verification of Security Design FlawsProtection and Verification of Security Design Flaws
Protection and Verification of Security Design Flaws
 
On to code review lessons learned at microsoft
On to code review lessons learned at microsoftOn to code review lessons learned at microsoft
On to code review lessons learned at microsoft
 
Series A Deck
Series A DeckSeries A Deck
Series A Deck
 
AI-and-ChatGPT-for-Automated-Code-Review.pptx
AI-and-ChatGPT-for-Automated-Code-Review.pptxAI-and-ChatGPT-for-Automated-Code-Review.pptx
AI-and-ChatGPT-for-Automated-Code-Review.pptx
 
Short pitch presentatation ntitle #blockchain
Short pitch presentatation ntitle #blockchainShort pitch presentatation ntitle #blockchain
Short pitch presentatation ntitle #blockchain
 
Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity Achieving Technical Excellence in Your Software Teams - from Devternity
Achieving Technical Excellence in Your Software Teams - from Devternity
 
Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?
 
Technology Vision 2020: The Analytics Angle with SAS
Technology Vision 2020: The Analytics Angle with SASTechnology Vision 2020: The Analytics Angle with SAS
Technology Vision 2020: The Analytics Angle with SAS
 
Writing Code for Humans, not Computers
Writing Code for Humans, not ComputersWriting Code for Humans, not Computers
Writing Code for Humans, not Computers
 
From c# Into Machine Learning
From c# Into Machine LearningFrom c# Into Machine Learning
From c# Into Machine Learning
 
Bugbounty Programs - Codemotion
Bugbounty Programs - CodemotionBugbounty Programs - Codemotion
Bugbounty Programs - Codemotion
 

Último

Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
Epec Engineered Technologies
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Último (20)

Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdf
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086Minimum and Maximum Modes of microprocessor 8086
Minimum and Maximum Modes of microprocessor 8086
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 

Smart contract vulnerability classification by Ivan Ivanitskiy, Chief Analytics Officer at SmartDec