COMMSEC: Bugs in Blocks

Date

August 24, 2023

Time

10:30

Track

CommSec Track

Love it or hate it, blockchain has become a playground for techies. The chains also fuel criminal ecosystems through major hacking incidents.

Blockchain bugs present unique challenges for developers and security testers. In this talk, we shed light on the most common bug types found in one of the main blockchain frameworks and provide insights and tools to find them.

Drawing from several hundred blockchain security issues we reported, we identified five common bug types. We discuss the potential impact of each type and provide practical tips for testing blockchain systems.

To help you get started on finding bugs in blocks, we released a fuzzer for Substrate-based chains. During the talk, we demo the fuzzer and showcase typical bugs.

Chief Scientist

SRLabs

Karsten is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them. Karsten is the Chief Scientist at SRLabs in Berlin where his professional work includes testing telcos for hacking issues.