Adesh Kolte

Feb 5, 2021

2 min read

Part 1 : Hunting Vulnerabilities in Smart contracts

  • Independent Information Security Consultant focusing on security assessments (applications, infrastructures and smart contracts)
  • Previously worked as bug bounty hunter with Multiple organizations like Microsoft (MSRC), Google, Zoho etc
  • here is my personal portfolio https://www.ad3sh.com

So first how smart contracts works ? 🤔

The best way to understand that is by imagining a vending machine. Each and every step that you take acts like a trigger for the next step to execute itself. So, let’s examine the steps that you will take while interacting with the vending machine:

:)

Step 1: You give the vending machine some money.

Step 2: You punch in the button corresponding to the item that you want.

Step 3: The item comes out and you collect it.

Now look at all those steps and think about it. Will any of the steps work if the previous one wasn’t executed?

Each and every one of those steps is directly related to the previous step. There is one more factor to think about, and it is an integral part of smart contracts. You see, in your entire interaction with the vending machine, you (the requestor) were solely working with the machine (the provider).

There were absolutely no third parties involved.

So, now how would this transaction have looked like if it happened in the Ethereum network?

Suppose you just bought something from a vending machine in the Ethereum network, how will the steps look like then?

Step 1: You give the vending machine some money and this gets recorded by all the nodes in the Ethereum network and the transaction gets updated in the ledger.

Step 2: You punch in the button corresponding to the item that you want and record of that gets updated in the Ethereum network and ledger.

Step 3: The item comes out and you collect it and this gets recorded by all the nodes and the ledger.

Every transaction that you do through the smart contracts will get recorded and updated by the network. What this does is that it keeps everyone involved with the contract accountable for their actions. It takes away human malice by making every action taken visible to the entire network.

Alright, so now that you know what a smart contract is, let’s get into the Security Vulnerabilities

Part 2 is for security vulnerabilities

how can we identify vulnerabilities in smart contracts ?

vulnerabilities like reentrancy, integer overflow/underflow etc…

DASP Top 10 Vulnerabilities

DASP - TOP 10

also known as or related to race to empty, recursive call vulnerability, call to the unknown This exploit was missed in…

www.dasp.co

BugBounty Platforms

Bug Bounty Programs

 The following are ongoing bug bounty programs, either focused on, or including smart contracts in their scope. Issues…

consensys.github.io

thanks for reading I hope this series will be helpful :)

Smart Contracts
Infosec
Bug Bounty
Bug Hunting
Blockchain Security

--

--

More from Adesh Kolte

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adesh Kolte

Adesh Kolte

567 Followers

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech