Reasoning about Trace Vulnerabilities in Ethereum Smart Contracts for Software Engineers!
Organized by
Please note: this is a technical deep dive talk strictly for software engineers, software architects and computer science/software engineering students only. We will therefore review all registrations and we will send you an email to confirm your seat. We require each attendee to register on Eventbrite to attend this event. Please complete the registration form provided. Security at the venue will not allow entry to anyone without a valid ticket. Registration will be required upon arrival. This is a private event and we have the right to refuse entry. As always, our developer deep dive event is popular and advised you to secure your ticket early.
This event is brought to you by The Blockchain Connector and workonblockchain.com.
TALK TITLE: Reasoning about Trace Vulnerabilities in Ethereum Smart Contracts
KEYWORDS: Ethereum, Smart Contracts, Program Analysis, Symbolic Execution
ABSTRACT:
Smart contracts — stateful executable objects hosted on blockchains like Ethereum — carry billions of dollars worth of coins and cannot be updated once deployed.
Im my talk, I will present a systematic characterisation of a new class of trace vulnerabilities, which result from analysing multiple invocations of a contract over its lifetime. We will discuss three example properties of such trace vulnerabilities: finding contracts that either lock funds indefinitely, leak them carelessly to arbitraryusers, or can be killed by anyone. I will then describe the design and implementation of Maian, the first tool for precisely specifying and reasoning about trace properties, which employs inter-procedural symbolic analysis and concrete validator for exhibiting real exploits.
From nearly one million contracts in Ethereum blockchain, Maian flagged 34,200 (2,365 distinct) contracts as vulnerable, in 10 seconds per contract. On a subset of 3,759 contracts sampled for concrete validation and manual analysis, we reproduced real exploits at a true positive rate of 89%, yielding exploits for 3,686 contracts. Amongst others, Maian also found exploits for the infamous Parity bug that indirectly locked 200 million dollars worth in Ether.
This project is a joint work with Ivica Nikolić, Aashish Kolluri, Prateek Saxena, and Aquinas Hobor.
SPEAKER: Ilya Sergey
SHORT BIO:
Dr Ilya Sergey does research in the area of programming languages, program analysis, and formal verification. In recent years, Ilya has mainly been concerned with developing scalable methods for building trustworthy concurrent and distributed software, but his earlier work was advancing the state of the art in static analysis for higher-order languages and programming language design. Prior to joining academia, Ilya has spent a part of his career in industry, working in JetBrains Inc., a world-leading company in creating integrated developement environments for software developers. He obtained his PhD in formal methods at KU Leuven (Belgium), and held a postdoctoral position at IMDEA Software Institute (Spain), before taking his current position as a Lecturer at University College London.
Location:
London. Exact location to be confirmed. Please make sure you sign up with your correct email ID for updates on exact location of the venue.
Date: 24th of May, 2018
Schedule:
18:30 – 19:00 Registration & Networking
19:00 - 19:10 Intro from The Blockchain Connector & workonblockchain.com
19:10 - 19:15 Lightning intro from the audience. We are providing an opportunity to our audience to present for two minutes. The topic must focus around a blockchain based product/platform you are building. Please inquire by sending an email to antonio@theblockchainconnector.com
19:15 - 20:15 Main presentation by Ilya Sergey
20:15 - 21:00 Q&A session led by Mustafa Al-Bassam
21:00 Networking at a nearby pub.
Bio: Mustafa Al-Bassam is a PhD researcher at the Information Security Research Group of the Department of Computer Science at University College London, where his research interests include the intersections of peer-to-peer systems, distributed ledgers and information security. He is also an advisor to Cognosec, an information security services company.
EVENT ORGANIZER
Antonio Sabado is the founder of The Blockchain Connector and workonblockchain.com, a training and recruitment company focusing entirely on Blockchain technology. If you are hiring or looking for your next job opportunity in the blockchain space, please get in touch. Antonio has 10+ years experience working closely with global Investment Banks placing and managing highly skilled eTrading Technology professionals. Antonio has an extensive network, ranging from mid to senior level technology and business professionals across various sectors. He is an organiser of several Blockchain focused events in London aimed at software developers and business users.
The Blockchain Connector’s goal is to build a blockchain developer community by helping regular developers become blockchain developers. We host regular hands-on developer workshops, technical deep dive sessions and hackathons. We train and recruit developers on behalf of start-ups and global firms working on Blockchain related projects. We are also planning a series of Blockchain focused seminars for business users/non-technical users to take place in London.
Hackathons:
We have the resources to organise and mentor blockchain based hackathons. Contact us if you are a blockchain based company who would like to sponsor one of our hackathons or you would like us to lend you a helping hand with organising a hackathon.
Developer Training:
We have the resources and expertise to offer companies a blockchain developer focused training on site anywhere in the world. Alternatively, developers can join our monthly hands-on developer workshop in London. Please reach out to antonio@theblockchainconnector.com for further details.
Hiring:
We have the network to help you build your development team. Contact us if you are a company looking to hire or a developer looking for your next job opportunity. Our developer centric on-line hiring platform coming soon on www.workonblockchain.com
Volunteer Developers:
We have access to developers who are looking to contribute to open source projects on a volunteer basis. Contact us if you have an Ethereum based project that require volunteer developers. Alternatively, contact us if you are a developer looking to gain commercial blockchain development experience.
Sponsorship and speaking opportunities:
We are always open to hear from potential speakers, researchers and academics to present at our developer focused events and we are open to hear from companies looking for sponsorship opportunities.
Future events:
The central place we advertised our events our on Eventbrite. Advisable to bookmark our Eventbrite Homepage to access our future blockchain related events.
Contact:
If you have any question, please contact us on antonio@theblockchainconnector.com or +44 7923 521 833.
Web: https://www.theblockchainconnector.com/
Twitter: https://twitter.com/bc_workshop
LinkedIn: https://www.linkedin.com/company/15221081/
Join our developer focused meetup group held monthly in London. This meetup group is strictly for software engineers, software architects and computer science/software engineering students only. Technical talk made for a technical audience. Join us on https://www.meetup.com/Blockchain-Workshop-for-Developers/
Location
Dates
From 24th May 2018 - 06:30 PM
to 24th May 2018 - 09:00 PM
to 24th May 2018 - 09:00 PM