Smart Contract Security Newsletter #31

We will be at the following upcoming events, email us if you’d like to meet up!

Distilled News

Interview with samczsun — ConsenSys Diligence

We don’t normally do interviews on our blog, but Sam Sun has been on such a hot streak lately finding bugs in critical smart contracts, so we needed an excuse to talk to him about what drives him, and what his bug hunting process looks like.

His recent findings findings include critical issues in Curve Finance, and the Registry at the center of the Ethereum Name Service.

When I’m bored and/or procrastinating, I’ll flip through transactions on Etherscan — like, “This looks like an interesting target that it’s going to, I wonder…”

Advanced Smart Contract Security Verification in Remix — Bernhard Mueller

The Remix development environment provides users with a convenient and powerful way of checking the correctness of smart contracts via the MythX plugin. In this article, I’ll explain the basics and provide several examples including security tests of real-world smart contracts.

Critical Flaw in Trezor Hardware Wallets — Kraken

If you have your Trezor in a secure place, don’t worry you are safe. This attack vector requires physical access and modification to the hardware wallet. This attack relies on voltage glitching to extract an encrypted seed. vulnerability alert

If you have used, read this post. There are 98 users affected, only 12 of which have funds currently at risk (the others may have their privacy compromised though). The full disclosure with the details about the bug will be published in 2 weeks on Feb 14, 2020.

DApp Frontend Security — Embarklabs

Dapp developers rightly put a heavy emphasis on smart contract security, this contrasts with frontend security which is rarely discussed. This article is a good review of potential attack vectors in dapp frontends.

Ethereum 2.0 Security Considerations — Sigma Prime

We shared this awesome talk from DevCon5 previously, but it’s worth another watch as we get closer (knock on wood) to ETH 2.0.

Other Links

Smart Contract Security Newsletter #31 was originally published in ConsenSys Diligence on Medium, where people are continuing the conversation by highlighting and responding to this story.

—Source link—

What do you think?

DeFi breaks $1 Billion Total Value Locked (TVL)

Kyber Ecosystem Report #11