Smart Contract Security: Are Funds Safe on the Blockchain?
Join us on the 16th of October (Tue) for a discussion on the risks of Smart Contract Security followed by a live demonstration of testing a new way to audit a contract with A.I all showcased by Agua AI.
Introduction:
Smart Contracts are the crux of all DApps and Token Sales. They’re essentially programs designed to execute automatically and enforce a set of rules autonomously. And they’re totally unchangeable once deployed on the blockchain— a quality that makes smart contracts uniquely reliable and trustless, but also a precarious minefield.
Coding for the blockchain is a relatively new field, without many security standards, documentation, or best practices to draw on. It’s also the ultimate test of defensive software engineering—Smart contracts like the ERC-20 token standard have held digital assets worth over US $3.8 billion in 2017, and US $4.7 billion up until march in 2018 making them a target for attackers. The usual software development cycle of a continuous write-release-fix loop falls short when it comes to the blockchain. Smart contracts need to be constructed 100% right in one shot, able to withstand years of security attacks with code you can’t really modify. They have to be extensively planned, considering all logical permutations, accommodating all possible exceptions, and meticulously implemented.
Get the order of code wrong (as in the case of The DAO hack) or forget to initialize something (as in the Parity Freeze) and you could have an ‘unchangeable’ disaster on your hands, immortalized on the immutable blockchain.
Prompted by this fear, security audits are thankfully becoming the industry standard, and a way for projects to gain contributor trust. Unfortunately, these assets are not always as secure as we wish, as a multitude of hacks and bugs prove. This puts a significant burden on the crypto community. Hacks discourage institutional investors and make regulators more wary of blockchain technology in general.
We will discuss at length the current landscape of smart contract security and will demonstrate how AI can automate the smart contract QA process.
About the speakers:
Yash is a self-taught hacker, software engineer, and trader. He has worked at Stanford Medicine, where he worked towards overhauling the database for the world's largest biosample repository and introduced digital cataloguing methods that yielded a substantial increase in efficiency over existing hardware methods. Yash started mining Bitcoin in 2011, and set up a private fund in Los Angeles to trade cryptocurrencies and their delta-one derivatives in 2017, where he also built trading models using Bayesian Regression techniques and sentiment analysis. A seasoned developer, Yash has won multiple blockchain hackathons, and received a grant from Peter Thiel's 1517 fund to develop his ETHDenver winning project, XOR, into a startup which later went on to become a part of Consensys. He is the founder and CEO of Conduit Research, a research firm dedicated to building quantitative strategies for crypto, as well as high-performance analytics and trading platforms.
Abhinav Narayanan has been a programmer since a young age learning how to hack systems and has always had an infatuation with how genomics and machines intertwine (e.g AI). Abhinav spent a short time at MIT studying Computer Science and Molecular Biology. As he was studying, he sold biotech research to inStem out of Indian Institute of Science having to do with Pain Detector using Microwave Radiometry, in-vitro Alzheimers Cure using gene-editing (e.g CRISPr, TALENs, and Insulysin), using Anti-Proliferative properties for the Diagnosis of Lung Carcinoma, etc.) He spent time at the MIT Media Lab focusing on security of race conditions in code and most recently Microsoft where he was working as a Security Machine Learning Engineer on a special project creating a new framework for Hadoop. He is currently the founder and CEO of Agua AI, an artificial intelligence-driven automated security vulnerability patching solution.