When’s the Fintech?
The WTF calendar lets you see upcoming Fintech events and keep up-to-date with what’s happening in the world of Fintech. We list conferences and ticketed events as well as meetups and informal gatherings.
Click ‘Find Events’ to search for events by month, or by keyword, eg. blockchain.
Now showing events in London but other locations coming soon!
- This event has passed.
Reasoning about Trace Vulnerabilities in Ethereum Smart Contracts for Developers
May 24, 2018 @ 18:30 - 21:00
Important! You must register on Eventbrite to attend our event.
Please note: this is a technical deep dive talk strictly for software engineers, software architects and computer science/software engineering students only.
TALK TITLE: Reasoning about Trace Vulnerabilities in Ethereum Smart Contracts
KEYWORDS: Ethereum, Smart Contracts, Program Analysis, Symbolic Execution
Smart contracts — stateful executable objects hosted on blockchains like Ethereum — carry billions of dollars worth of coins and cannot be updated once deployed.
In my talk, I will present a systematic characterisation of a new class of trace vulnerabilities, which result from analysing multiple invocations of a contract over its lifetime. We will discuss three example properties of such trace vulnerabilities: finding contracts that either lock funds indefinitely, leak them carelessly to arbitrary users, or can be killed by anyone. I will then describe the design and implementation of Maian, the first tool for precisely specifying and reasoning about trace properties, which employs inter-procedural symbolic analysis and concrete validator for exhibiting real exploits.
From nearly one million contracts in Ethereum blockchain, Maian flagged 34,200 (2,365 distinct) contracts as vulnerable, in 10 seconds per contract. On a subset of 3,759 contracts sampled for concrete validation and manual analysis, we reproduced real exploits at a true positive rate of 89%, yielding exploits for 3,686 contracts. Amongst others, Maian also found exploits for the infamous Parity bug that indirectly locked 200 million dollars worth in Ether.
This project is a joint work with Ivica Nikolić, Aashish Kolluri, Prateek Saxena, and Aquinas Hobor.
SPEAKER: Ilya Sergey
Dr Ilya Sergey does research in the area of programming languages, program analysis, and formal verification. In recent years, Ilya has mainly been concerned with developing scalable methods for building trustworthy concurrent and distributed software, but his earlier work was advancing the state of the art in static analysis for higher-order languages and programming language design. Prior to joining academia, Ilya has spent a part of his career in industry, working in JetBrains Inc., a world-leading company in creating integrated developement environments for software developers. He obtained his PhD in formal methods at KU Leuven (Belgium), and held a postdoctoral position at IMDEA Software Institute (Spain), before taking his current position as a Lecturer at University College London.
Room K6.29 (Anatomy Lecture Theatre), King’s College London, Strand, London, WC2R 2LS
24th of May, 2018
18:30 to 21:00