Code Podcast

7: $300M worth of bugs

Code Podcast

Link to the website: https://codepodcast.com/posts/2018-03-12-episode-7-300m-worth-of-bugs/ Imagine – your company's code and data are exposed. How long will it take for malicious hackers to find vulnerabilities? To steal users' personal information? For developers that build on Ethereum that situation is not a distant possibility, it's an everyday reality. All the code, the state and the calls to their programs are publicly accessible and live forever on the blockchain. Add to it the fact that their code will manipulate money. Getting rid of *all* the bugs and holes becomes crucial. In this episode we'll talk about software that finds bugs in other software. Specifically ways of verifying Ethereum smart contracts. The story begins in the summer of 2017 when someone is able to steal $30M worth of ether. --- Episode was produced by [Andrey Salomatin](https://flpvsk.com). ## Support the podcast If you get value from the podcast, please consider supporting us on https://codepodcast.com/patreon Alternatively, you can also send us eth to this address: 0x730075d42c3BC0EA38c23A6D0D9611E9d78C5Af0 ## Guests * [Santiago Palladino](https://twitter.com/smpalladino) * [Matt Condon](https://twitter.com/mattgcondon) * [Yoichi Hirai](https://twitter.com/pirapira) ### Links * [Ethereum](https://ethereum.org/) * [Ethereum Development Tutorial](https://github.com/ethereum/wiki/wiki/Ethereum-Development-Tutorial) * [Parity](https://www.parity.io/) * EVM-compatible languages * [Solidity](https://github.com/ethereum/solidity) * [Serpent](https://github.com/ethereum/serpent) * [Vyper](https://github.com/ethereum/vyper) * [Bamboo](https://github.com/pirapira/bamboo) * Wiki: ["Abstract interpretation"](https://en.wikipedia.org/wiki/Abstract_interpretation) * Symbolic execution * Article ["Introducing Mythril: A framework for bug hunting on the Ethereum blockchain"](https://hackernoon.com/introducing-mythril-a-framework-for-bug-hunting-on-the-ethereum-blockchain-9dc5588f82f6) * [Manticore](https://github.com/trailofbits/manticore) * Wiki: ["Formal Verification"](https://en.wikipedia.org/wiki/Formal_verification) * [The Hydra Project](https://thehydra.io/) ### Links: Santiago * [OpenZeppelin website](https://openzeppelin.org/) * [OpenZeppelin Slack](https://slack.openzeppelin.org/) * [ZepellinOS](https://zeppelinos.org/) * Article ["The Parity Wallet Hack Explained"](https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7) ### Links: Matt * [XLNT website](https://xlnt.co/) * Article ["Getting Up to Speed on Ethereum"](https://medium.com/@mattcondon/getting-up-to-speed-on-ethereum-63ed28821bbe) * Article ["Announcing the Steak Network"](https://medium.com/truebit/announcing-the-steak-network-c3d44290d53d) ### Links: Yoichi * Gist ["Formal Verification of Ethereum Contracts"](https://github.com/pirapira/ethereum-formal-verification-overview) * [Bamboo](https://github.com/pirapira/bamboo) * [A Lem formalization of EVM and some Isabelle/HOL proofs](https://github.com/pirapira/eth-isabelle) * Video ["Formal verification of EVM bytecodes"](https://www.youtube.com/watch?v=Mzh4fyoaBJ0) * Video ["Formal Verification of Smart Contracts"](https://www.youtube.com/watch?v=cCUGMAnCh7o) ### Music [Mid-Air!](https://soundcloud.com/mid_air)

Next Episodes

Code Podcast

Announcement: Patreon Launch @ Code Podcast

📆 2018-03-09 01:00 / 00:01:11


Code Podcast

6: Don't make me write UI! @ Code Podcast

📆 2017-04-28 09:05 / 00:40:32



Code Podcast

5: Type Systems @ Code Podcast

📆 2017-02-14 17:04 / 00:50:00


Code Podcast

4: How to Design Software @ Code Podcast

📆 2016-08-01 21:20 / 00:33:45