 We'll say it for a slight but yeah first. It's really nice to be here, and I'm thankful to be invited to speak here today So why am I speaking about smart contract security? Could be seen as bit ironic for some but Actually, I work for Ethereum since about two over two years now And actually my job was to prevent hard forks so to say because I was working on Consensus tests and working on getting all the clients to sink and vote thousands of tests and Would be so bold to say that I prevented a lot of hard forks in terms of client consensus and Now through recent experiences. I learned the hard way How important smart contact smart contact security is and that's why I wanted to talk about it today See so you know about the Dow and I was mainly responsible for writing Dow smart contract so On 17th June there was an attack robbing 3.5 million ether out of this small contract by using the re-entry exploit We have heard about this before this conference. I will not go into details how this works But those were the lines of code in the Dow itself Basically, there was this one function with 12 year old with 12 reward for which was vulnerable to this exploit So what can we learn from all of this? There's a lot of things has been said yesterday And I mean I will repeat some of them of course, but give my personal perspective on some of those things first of all cap smart contracts It's very early days and we lack experience Meaning we just need to learn some lessons before to know which kind of bugs we can do if you just look at the Version numbers of the current software You can get a feeling of how early it is some solidity actually has not been released yet as a 1.0 version Froncher has been launched for about a year ago So it's all very early days. We have a the number of operating decent life application is also still very low Retaliq suggested in a blog post that for example right now a cap of about ten million dollars seems about right It's an it's an individual decision But of course would have been nice if the Dow would have had such a cap But of course nobody did know that it would rise to such a size. So next one Formal proof verification. I will not go into this. We have heard about a lot of this yesterday, but yes very important topic I hope you make to could make continuous progress on this topic invariant checks so basically you can Right see that your smart contact has certain invariants such as for the doubt This would have been that a total supply is smaller than the balance plus reward tokens and then after every function You can check if the invariant still hold It's reduces of course the risk then this is a Interesting topic centralization. Of course, we want to build decentralized application That's our main goal and one of the weaknesses So you to say if the Dow was that it was really decentralized that we had no control Nobody had any control over it and this was the problem and in the end because nobody could save the Dow Only the community by doing a hot fork, which of course is a horrible option to do So we need to go stepwise from centralization to decentralization If you think about a theorem, we had Olympic testnet Then we had the front shirt testnet that we had those canneries I had one of those keys are basically two out of four keyholders could more or less switch off the miners If they would listen to the canneries we had have homestead that we have this difficulty increase which means we need to have a hard fork in about a year or so and That's only a couple of people able to Code up the next version of ethereum So it's also kind of centralized so and we will go step-to-step to more decentralization For the Dow that have been curators They have been given a lot of power except of the function split out because this was a function meant to As a fails day for malicious curators, so that's why I didn't have control over this function couldn't do anything There's all the other dollars digital down make a down other thousand in progress Which start centralized and will go into decentralization then the question is of course who can control for a doubt It was some token holders It could be central trust authorities and there are small but the slides don't show it up here right now But it could be something a community multi-seq it could be something like a stake vote that you built in something A smart contract with a certain amount of ether holders vote for it stop something So there are certain ways of controlling this, but I think we need to go step by step But also I think it's important that we really want to build decentralized application and do not use the dow is an excuse to only build centralized applications although it's good to start like this I don't think it should end like this. We should move forward to full decentralization one day Okay, let's see if this works. Yeah Established security patterns meaning learning we didn't know about the call stack depth attack It's called stack depth attack. We know about the block gas limit. So don't have arbitrary links loops We know about we anti exploit now We know about that either send to a contract without it's possible to send either to a contract without any Contract invocation. So even if you use this modify or payable Or you don't use it at any function you try to avoid getting either as a contract You cannot avoid it because you can use the suicide opcode to set transfer ether to a contract without executing any code for example Specified the right amount of gas then versus call depending on what you exactly you want to do You have to be careful with the block timestamp because it can be manipulated Transaction origin versus message sender for example can be used for pitching attacks and Much more actually it's better the slides are not really working because there are links coming up It's just there are some very good resources. One is from the consensus website best smart contractors best break Best practice of smart contracts or something like this you find on the consensus website. It's a really nice overview of All the things we need to learn and what you have learned up to now also the solidity Documentation has a section about and security consideration, which is very good and very helpful We should as a community learn and put all those things together so we can teach other developers what to look out for If you can get to the next slide Yes, updateable contracts. So the Dow had a possibility of updating the contract through a road it did take a two weeks debating time and Dow 1.1 so to say was work in progress, but it was too late So it is I would advise you when you smile when you write smart contracts to have an option to update them The question is only who can update them in the beginning. It can be you of course Centralized it can be the token holders if you have some in your application depending on what you are building and Again could be a multi-sig maybe a community multi-sig. There are different ways of doing this But it's important to have at least this option of being able to update contracts time delays are also something important when you With someone can restore either or to take either out of a small contract if you have a time delay This gives an option if you implemented some authority to do something to act in case of the Dow There was no such authority and the least resort was this hot this awful hot fork so therefore if you have time delays and this authority implemented then this can work nicely together to reduce the risk of a smart contract of Course minimal complexity There are statistics out there which saying they are 15 up to 50 bucks per thousand lines of code for a website It's okay. You can fix it, but for a smart contract. It's really bad. So of course we need a much much more security for smart contracts than we need for normal stuff So this also means not everything needs decentralization and needs to be in a smart contract only put in what you really need The core elements of a decentralized application everything else can be maybe a swarm whisper or even other techniques Yeah, and the other thing is to reuse trusted proven code That's can you also be dangerous, but for example the standard token contract, which was also used in the Dow Which worked just nice You have the foundation multi-sig which seems to hold up till now So means also looks safe and maybe there will be even a Dow standard framework one day just to reusable safe code It's also calm is a danger because if then you someone finds a bug in this kind of code It will affect a lot of applications So therefore you also need to be careful with those things But I think we as a community need to build trusted libraries which are reviewed by many of us to for other developers to use see If you can get to the next idea better tools you have heard about form proof application We need better compiler warnings. I think this is all work in progress. We need improved ID We have seen remixed last yesterday, which looks really nice and promising We need trusted libraries. We did best practices literature, which is also work in progress And we also may need some yeah the centralization which can be done by master keys Or maybe maybe we can do decentralizes escape hatches or other things which we can use in smart contracts for now as So to say a trusted source of information who can update contracts or do certain things or stop a contract from working So as a conclusion, I would say it is very early days and we all need to be very very careful but I think There is of course a lot of lessons to be learned from this But being here the last couple of days got me really excited to see what came out of this We have a lot of security experts from academics We have a lot of media attention of people looking at this looking at the right things developers being much more careful now and Also nice to see a lot of developers coming up to me and say You basically saved my project because I had the same bug in there, but I could fix it now And so I think a lot of future applications decent as applications and smart contracts will avoid all of these issues and We can really move into a pride future although being careful in the beginning and it was Really astonishing for me to see how this community is moving on. I think this was a really nice Experience to talk to many of you the last couple of days and I also want to say a personal. Thank you I mean the last couple of month Thank you, thank you very much I can only really say thank you the last couple of months have been Person for me my personal life also as a company horrible of course But it's only because of the people sitting here because of the lot of the aetherian community that I can stand here today and Give this talk and I just want to say thank you very much