Smart Contract Security / Solidity Security & how to change the bytecode of a deployed contract

Рет қаралды 6,306

Ethereum Engineering Group

Күн бұрын

Пікірлер: 25

@bouchiriliass5819 5 ай бұрын

Amazing talk, I used to get bored in classes but yours is amazing

@jamalspeling 2 жыл бұрын

The master Peter Robinson!

@patricksfeir6947 2 жыл бұрын

The real Top G

@SoftwareOnTheRoad 2 жыл бұрын

Excelent content, as always!! 👏👏

@chipi6158 2 жыл бұрын

Thanks

@ppswapofficial 2 жыл бұрын

very informative talk thank you!

@EthereumEngineeringGroup 2 жыл бұрын

Everyone, please be aware that phishing attack comments have been posted on this video. Please do not click on any links in comments. Don't send anyone Eth based on comments!

@validyor 2 жыл бұрын

Wow, excellent content !

@AnonymousSkimaHarvey 2 жыл бұрын

Great content as always 🙏 however at 16:35 I am not sure about this statement ? For example I don’t see you do JUMPs ?

@EthereumEngineeringGroup 2 жыл бұрын

This i sort of related to the thoughts about what bugs the compile could introduce. With inline assembler, you can do some really "nasty" things, such as jumps to any location (which will then fail if there isn't a JUMPDEST)

@AnonymousSkimaHarvey 2 жыл бұрын

@@EthereumEngineeringGroup Sorry I meant I dont think you can so JUMPs within assembly? For example I dont think you can call other internal functions within assembly?

@EthereumEngineeringGroup 2 жыл бұрын

@@AnonymousSkimaHarvey hmmmm that is going to be a challenge, but one I think I could pull off. I will have a go, and if I can get it to work, will make a video explainer.

@AnonymousSkimaHarvey 2 жыл бұрын

@@EthereumEngineeringGroup Thank you. Interested in getting your feedback if you cant :)

@90sfeverwithcbj19 2 жыл бұрын

Thanks

@SoftwareOnTheRoad 2 жыл бұрын

My mind was blown at 1:31:10 I thought you were going to show us the classic honeypot with the internal transaction tricks, but it was far worse !!! (or better?) For sure somebody is going to use that code in malicious ways, new scams for sure.

@crypto_peng 2 жыл бұрын

45:11 hi, if any contract can call this contract with the funds. Is there any other way avoid this based on modifier? Thanks.

@EthereumEngineeringGroup 2 жыл бұрын

I think you mean, is there any way to change the modifier to stop the re-entrancy issue. Assuming the function needs to be externally available, then I don't think so.

@crypto_peng 2 жыл бұрын

1:09:55 do you think the method like that as Fomo3D is not able to be controlled any more?

@EthereumEngineeringGroup 2 жыл бұрын

I think that the blocks are bigger and the cost of transactions is much higher. Given this, the cost of such an attack is much, much larger. Saying all of that, it the time window was too small, then an attacker could try to do a block stuffing attack.

@crypto_peng 2 жыл бұрын

Would you like to have sharing with some protocol code in practice? nice

@EthereumEngineeringGroup 2 жыл бұрын

Code is here: github.com/drinkcoffee/EthEngGroupSolidityExamples/tree/master/security/contracts

@harpalsinhjadeja5571 2 жыл бұрын

how can we be part of the zoom call? 😅

@EthereumEngineeringGroup 2 жыл бұрын

Join the meet-up: www.meetup.com/ethereum-engineering/

@EthereumEngineeringGroup 2 жыл бұрын

Further to the section on Front Running, I have created a post on Eth Research. Comments are appreciated: ethresear.ch/t/front-running-prevention-in-contracts-with-a-proof-submission-reward-model/13594