Smart Contract Honeypots for Profit (and probably Fun)
Ben Schmidt, Polyswarm
Summary: Ethereum smart contracts have bugs: a lot of them. So many, in fact, that attackers have flocked to exploit them, but occasionally they lose money themselves. Malicious contracts that look vulnerable but are exploitative are a rising trend, and this talk will discuss how they work and what they do.
Abstract: Ethereum honeypot contracts combine the oldest of cons with the newest of tech. As it turns out, it’s still easy to con someone who thinks they’re a conman. These malicious contracts share one trait in common: they almost always try to look like they were designed by a beginner. As such, they are a great place to learn about some of the pitfalls that can befall a new entrant to the space, and serve as an interesting (and often entertaining) case study into the wild-west world of smart contract security. By exploring a few of the more interesting cases of not-so-vulnerable contracts, the audience can gain a deeper understanding of how smart contract security works in practice, and maybe how to beat a few scammers at their own game.
Ben is the Chief Security Officer at PolySwarm, where we are building a decentralized threat intelligence marketplace on the Ethereum blockchain. He has talked extensively in the past on writing secure smart contracts, and is responsible for securing the security-critical contracts that the PolySwarm marketplace relies on.