Smart Contract Security - Incentives Beyond the Launch
Oct 31, 2018
Speakers
Philip Daian
Speaker · 0 followers
About
To mitigate security issues that were quickly evident in the deployment of smart contracts, developers have tried a wide variety of security techniques. Standard when deploying new contracts is manual review by an externally contracted company/individual, often with verification tools. In many ways this has been a success, reducing observed security incidents. In this talk, we take a look at how unique incentives in smart contracts affect the process of securing them. Smart contracts are often non-upgradeable: enshrinement at release encourages security processes that end after a contract is deployed, leaving blind spots in long-term security guarantees against evolving threats. Pressure to ship often leaves critical guarantees out-of-scope of external reviews, and auditor incentives discourage detailed, fundamental criticisms of contracts' protocols. We explore flawed mechanisms whose obvious security flaws cost users millions today, even though such flaws are often out of launch audit scope. We empirically quantify the size of this problem, highlighting major issues with all smart contract voting and all decentralized exchange protocols. We conclude by exploring systemic risk, discussing mechanisms whose flaws could one day go beyond affecting their users to threaten the stability of all dapps. We conclude with lessons learned for security conscious dapp developers.To mitigate security issues that were quickly evident in the deployment of smart contracts, developers have tried a wide variety of security techniques. Standard when deploying new contracts is manual review by an externally contracted company/individual, often with verification tools. In many ways this has been a success, reducing observed security incidents. In this talk, we take a look at how unique incentives in smart contracts affect the process of securing them. Smart contracts are ofte…
Categories
Cryptocurrency
Category · 456 presentations
Economics & Finance
Category · 755 presentations
About Ethereum
Next generation programming platform for decentralized applications.
Like the format? Trust SlidesLive to capture your next event!
Professional recording and live streaming, delivered globally.
Sharing
Recommended Videos
Presentations on similar topic, category or speaker
Connecting Decentralized Liquidity
Watch later
Will Design Ethics Save Software?
Watch later
Self-Sovereign Sexuality
Watch later
SWARM Team Update
Watch later
