7: $300M worth of bugs
Link to the website: https://codepodcast.com/posts/2018-03-12-episode-7-300m-worth-of-bugs/
Imagine – your company's code and data are exposed. How long will it take for malicious hackers to find vulnerabilities? To steal users' personal information?
For developers that build on Ethereum that situation is not a distant possibility, it's an everyday reality. All the code, the state and the calls to their programs are publicly accessible and live forever on the blockchain. Add to it the fact that their code will manipulate money. Getting rid of *all* the bugs and holes becomes crucial.
In this episode we'll talk about software that finds bugs in other software. Specifically ways of verifying Ethereum smart contracts.
The story begins in the summer of 2017 when someone is able to steal $30M worth of ether.
---
Episode was produced by [Andrey Salomatin](https://flpvsk.com).
## Support the podcast
If you get value from the podcast, please consider supporting us on https://codepodcast.com/patreon
Alternatively, you can also send us eth to this address: 0x730075d42c3BC0EA38c23A6D0D9611E9d78C5Af0
## Guests
* [Santiago Palladino](https://twitter.com/smpalladino)
* [Matt Condon](https://twitter.com/mattgcondon)
* [Yoichi Hirai](https://twitter.com/pirapira)
### Links
* [Ethereum](https://ethereum.org/)
* [Ethereum Development
Tutorial](https://github.com/ethereum/wiki/wiki/Ethereum-Development-Tutorial)
* [Parity](https://www.parity.io/)
* EVM-compatible languages
* [Solidity](https://github.com/ethereum/solidity)
* [Serpent](https://github.com/ethereum/serpent)
* [Vyper](https://github.com/ethereum/vyper)
* [Bamboo](https://github.com/pirapira/bamboo)
* Wiki: ["Abstract
interpretation"](https://en.wikipedia.org/wiki/Abstract_interpretation)
* Symbolic execution
* Article ["Introducing Mythril: A framework for bug hunting on the Ethereum blockchain"](https://hackernoon.com/introducing-mythril-a-framework-for-bug-hunting-on-the-ethereum-blockchain-9dc5588f82f6)
* [Manticore](https://github.com/trailofbits/manticore)
* Wiki: ["Formal Verification"](https://en.wikipedia.org/wiki/Formal_verification)
* [The Hydra Project](https://thehydra.io/)
### Links: Santiago
* [OpenZeppelin website](https://openzeppelin.org/)
* [OpenZeppelin Slack](https://slack.openzeppelin.org/)
* [ZepellinOS](https://zeppelinos.org/)
* Article ["The Parity Wallet Hack
Explained"](https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7)
### Links: Matt
* [XLNT website](https://xlnt.co/)
* Article ["Getting Up to Speed on Ethereum"](https://medium.com/@mattcondon/getting-up-to-speed-on-ethereum-63ed28821bbe)
* Article ["Announcing the Steak
Network"](https://medium.com/truebit/announcing-the-steak-network-c3d44290d53d)
### Links: Yoichi
* Gist ["Formal Verification of Ethereum
Contracts"](https://github.com/pirapira/ethereum-formal-verification-overview)
* [Bamboo](https://github.com/pirapira/bamboo)
* [A Lem formalization of EVM and some Isabelle/HOL proofs](https://github.com/pirapira/eth-isabelle)
* Video ["Formal verification of EVM bytecodes"](https://www.youtube.com/watch?v=Mzh4fyoaBJ0)
* Video ["Formal Verification of Smart Contracts"](https://www.youtube.com/watch?v=cCUGMAnCh7o)
### Music
[Mid-Air!](https://soundcloud.com/mid_air)