Part 1 : Hunting Vulnerabilities in Smart contracts
- Independent Information Security Consultant focusing on security assessments (applications, infrastructures and smart contracts)
- Previously worked as bug bounty hunter with Multiple organizations like Microsoft (MSRC), Google, Zoho etc
- here is my personal portfolio https://www.ad3sh.com
So first how smart contracts works ? 🤔
The best way to understand that is by imagining a vending machine. Each and every step that you take acts like a trigger for the next step to execute itself. So, let’s examine the steps that you will take while interacting with the vending machine:
Step 1: You give the vending machine some money.
Step 2: You punch in the button corresponding to the item that you want.
Step 3: The item comes out and you collect it.
Now look at all those steps and think about it. Will any of the steps work if the previous one wasn’t executed?
Each and every one of those steps is directly related to the previous step. There is one more factor to think about, and it is an integral part of smart contracts. You see, in your entire interaction with the vending machine, you (the requestor) were solely working with the machine (the provider).
There were absolutely no third parties involved.
So, now how would this transaction have looked like if it happened in the Ethereum network?
Suppose you just bought something from a vending machine in the Ethereum network, how will the steps look like then?
Step 1: You give the vending machine some money and this gets recorded by all the nodes in the Ethereum network and the transaction gets updated in the ledger.
Step 2: You punch in the button corresponding to the item that you want and record of that gets updated in the Ethereum network and ledger.
Step 3: The item comes out and you collect it and this gets recorded by all the nodes and the ledger.
Every transaction that you do through the smart contracts will get recorded and updated by the network. What this does is that it keeps everyone involved with the contract accountable for their actions. It takes away human malice by making every action taken visible to the entire network.
Alright, so now that you know what a smart contract is, let’s get into the Security Vulnerabilities
Part 2 is for security vulnerabilities
how can we identify vulnerabilities in smart contracts ?
vulnerabilities like reentrancy, integer overflow/underflow etc…
DASP Top 10 Vulnerabilities
DASP - TOP 10
also known as or related to race to empty, recursive call vulnerability, call to the unknown This exploit was missed in…
Bug Bounty Programs
The following are ongoing bug bounty programs, either focused on, or including smart contracts in their scope. Issues…
thanks for reading I hope this series will be helpful :)