Flawed mechanisms cause major issues in DEXs and Voting - Explained by Philip Daian @Devcon4

in devcon4 •  last year 


Smart Contract Security - Incentives Beyond the Launch

This was a wonderful presentation by Philip Daian. In my opinion one of the more important presentations at Devcon highlighting the realities of DEXs and front running. Philip highlights this activity in this presentation with some compelling research.

The detail provided on devcon presentation:

To mitigate security issues that were quickly evident in the deployment of smart contracts, developers have tried a wide variety of security techniques. Standard when deploying new contracts is manual review by an externally contracted company/individual, often with verification tools. In many ways this has been a success, reducing observed security incidents.

In this talk, we take a look at how unique incentives in smart contracts affect the process of securing them. Smart contracts are often non-upgradeable: enshrinement at release encourages security processes that end after a contract is deployed, leaving blind spots in long-term security guarantees against evolving threats. Pressure to ship often leaves critical guarantees out-of-scope of external reviews, and auditor incentives discourage detailed, fundamental criticisms of contracts' protocols.

We explore flawed mechanisms whose obvious security flaws cost users millions today, even though such flaws are often out of launch audit scope. We empirically quantify the size of this problem, highlighting major issues with all smart contract voting and all decentralized exchange protocols. We conclude by exploring systemic risk, discussing mechanisms whose flaws could one day go beyond affecting their users to threaten the stability of all dapps. We conclude with lessons learned for security conscious dapp developers.

Core Video Credits & Large Slides:
https://slideslive.com/38911427/devcon4-day-1
The Content starts at 5:11:17

===================================================
Video brought to you by BitsBeTrippin
===================================================

To support BBT in content and future events:

Ravencoin = RMR8YEZr1BQ3FVhfXmxvNZ9ErSdDgcwvcj
Bitcoin = 1QHADdYwmMgVoaYqqY3SE8ummr4euHqzUv
Litecoin = LVemKU6GTccpCSaLp4JwXPXbDT1RBbDWbQ
Ethereum = 0xF897EaFdb787AcD4Da5e2EB5003E42dc1Ef86d39
ETC= 0x89b455cfd5adb8ba4a69fd6bd082b3d61efe160f
Dash = Xrk5429K5GUHkQJkDcUQ1ZtwSGwwRstxK4
Doge = DJeTVqyNVsd493iyWzbuUM11xDwsRAtzLy
Zcash = t1KgQi4aAKJYh6QJ1rFxczWv9gqdtXPDYKh

We are not a fly by night channel, have been serving the space since early 2013!

Paypal: paypal.me/bitsbetrippin
-~--~~~--~-
Mail Me Something!
BitsBeTrippin
P.O. BOX 508
Troy, IL 62294
United States

-~--~~~--~-
Follow BitsBeTrippin
► Website - https://www.bitsbetrippin.io
► Facebook - https://www.facebook.com/groups/BitsB...
► Twitch -

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.youtube.com/watch?v=SomXtPZHaP0