Hello Steemians! I am fortunate to be able to visit Black Hat Asia conference this year and I will like to share some of the things I learned from the event. First of all, let me share a few pictures that I took during the event.
Black Hat conferences are well known within the cybersecurity industry. This year's Black Hat Asia was held at Marina Bay Sands from 20th to 23rd Mar 2018. I attended the last two days where all the briefing sessions were held.
There isn't a central theme for Black Hat Asia and various topics ranging from IoT security, nation-state cyber warfare, mobile device security and etc. But something that got me a little excited was how often cryptocurrencies were mentioned during the event and there was even a full briefing session on smart contract security. The briefing focused on the best practice around smart contract programming and what are the potential vulnerabilities if smart contracts are not written correctly.
Several vulnerabilities were discussed and one of which is termed as "Reentrancy" which is due to race conditions and that ethereum is recursive. When coded incorrectly, it is possible to make multiple withdrawals from a smart contract even though the sender's address balance is only deducted once. This resulted in the heist of 3.5 million ether in 2016.
Poor coding might also lead to Denial of Service. The infamous case was the Parity wallet issue where over 500,000 ether were locked forever. There were other vulnerabilities discussed and more information on the common vulnerabilities can be found at dasp.co.
Importance of Blockchain security
In my opinion, the key to success for blockchains and cryptocurrencies is mass adoption. There are 2 important aspects in order to achieve mass adoption:
- User friendliness
- Security
The blockchain is designed to be secure at its core. But that is not enough as common users do not interact with the blockchain directly. They interact through wallets and dApps. Hence, it is important to ensure security on wallets, dApps and the underlying smart contracts. Each time the media publishes a cryptocurrencies related hack, consumers' confidence will take a hit and we will be one step further from mass adoption.
Fortunately, there are projects like Quantstamp that aim to make smart contracts more secure. I look forward to the day where we have secure and robust cryptocurrencies ecosystem. What do you think? Thanks!
