Part 1 : Hunting Vulnerabilities in Smart contracts

  • Independent Information Security Consultant focusing on security assessments (applications, infrastructures and smart contracts)
  • Previously worked as bug bounty hunter with Multiple organizations like Microsoft (MSRC), Google, Zoho etc
  • here is my personal portfolio https://www.ad3sh.com

So first how smart contracts works ? 🤔

The best way to understand that is by imagining a vending machine. Each and every step that you take acts like a trigger for the next step to execute itself. So, let’s examine the steps that you will take while interacting with the vending machine:

:)

Step 1: You give the vending machine some money.

Step 2: You punch in the button corresponding to the item that you want.

Step 3: The item comes out and you collect it.

Each and every one of those steps is directly related to the previous step. There is one more factor to think about, and it is an integral part of smart contracts. You see, in your entire interaction with the vending machine, you (the requestor) were solely working with the machine (the provider).

There were absolutely no third parties involved.

So, now how would this transaction have looked like if it happened in the Ethereum network?

Suppose you just bought something from a vending machine in the Ethereum network, how will the steps look like then?

Step 1: You give the vending machine some money and this gets recorded by all the nodes in the Ethereum network and the transaction gets updated in the ledger.

Step 2: You punch in the button corresponding to the item that you want and record of that gets updated in the Ethereum network and ledger.

Step 3: The item comes out and you collect it and this gets recorded by all the nodes and the ledger.

Alright, so now that you know what a smart contract is, let’s get into the Security Vulnerabilities

Part 2 is for security vulnerabilities

how can we identify vulnerabilities in smart contracts ?

vulnerabilities like reentrancy, integer overflow/underflow etc…

DASP Top 10 Vulnerabilities

BugBounty Platforms

thanks for reading I hope this series will be helpful :)

Listed in Top 100 most respected hackers in the world by Microsoft at the BlackHat conference in America 2018