Blog

Ethereum Smart Contracts Vulnerabilities: Reentrancy

Reentrancy is probably the most famous Ethereum vulnerability, and it surprised everyone when discovered for the first time. It was first unveiled during a multimillion dollar heist which led to a hard fork of Ethereum. Reentrancy occurs when external contract calls are allowed to make new calls to the calling contract before the initial execution is complete. This means that the contract state may change in the middle of its execution, as a result of a call to an untrusted contract or the use of a low level function with an external address. One of the major dangers of calling external contracts is that they can take over the control flow. In a reentrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways.

Weiterlesen...

Ethereum Smart Contracts Vulnerabilities: Integer Overflow and Underflow

Arithmetic Underflow and Overflow Overview

The Ethereum Virtual Machine (EVM) specifies fixed-size data types for integers. This means that an...

Weiterlesen...

Ethereum Smart Contracts Visualisation Tools: Surya, Solgraph, Slither, Piet, Sol2UML and Sol Function Profiler

Visualisation tools are a key part of the smart contract development and documentation process, as they display high-level information about the...

Weiterlesen...

Smarts Contracts Security Tools Comparison: MythX, Mythril, Securify v2.0 and Slither

Ethereum Smart Contracts Security Tools

While the rise of blockchain provides a unique opportunity to create smart contracts for digital assets such...

Weiterlesen...

Smarts Contracts Security: An overview of vulnerabilities and hacks

Blockchain and Web3 vs Web2

A blockchain, as utilised by Bitcoin, is a global distributed ledger that uses cryptographic functions to verify...

Weiterlesen...

Leveraging dynamic and static analysis to collect key information of native libraries in mobile apps

Within the IT security industry, mobile security analysts frequently choose to analyse an android application by only looking at its Java decompiled...

Weiterlesen...

Detecting suspicious *.ch-domains using deep neural networks

We have recently witnessed the advent of artificial intelligence, machine and deep learning technologies, which have led to a tremendous amount of interest from almost every other area of science, technology and business. The area of cyber-security is no exception. It is however interesting, that most security vendors and consultants keep a cloak of silence around specific AI-enabled cyber-security use cases and thus specific examples of how AI and machine learning are used in the context of cyber-security are rather scarce.

Weiterlesen...

Best Practice for Effective Cyber Incident Response

Although a cyber-attack can be devastating, the vast majority of organisations are ill prepared. Even armed with a good prevention plan and a great...

Weiterlesen...

CySec Stories: How a 100-year old lady helped me decrypt the Costa Rican ID Card

Let me share a funny story on how I discovered the key to decrypt Costa Rica's ID card with the help of a 100-year-old lady that was 5,000 kilometers away from me.

Weiterlesen...

Microsoft Exchange Vulnerability: The Importance of Early Detection

In recent weeks, we have seen first-hand the importance of having early detection capabilities, the correct implementation of security measures,...

Weiterlesen...