Sunday , May 19 2019
Home / Video / Ethereum Smart Contract Code Review #1 – Real World CTF 2018

Ethereum Smart Contract Code Review #1 – Real World CTF 2018



I assumed I do know ethereum good contract safety, however this problem punched me within the face. This was loopy. Within the first episode I introduce the problem and speak about numerous concepts I had.

half 2:

Problem Information + Resolution:
Remix:
EVM Opcodes:
Ethereum plugin for Binary Ninja:

-=[ ? Stuff I use ]=-

→ Microphone:*
→ Graphics pill:*
→ Digicam#1 for streaming:*
→ Lens for streaming:*
→ Join Digicam#1 to PC:*
→ Digicam#2 for electronics:*
→ Lens for macro photographs:*
→ Keyboard:*
→ Headphones:*

-=[ ❤️ Support ]=-

→ per Video:
→ per Month:

-=[ ? Social ]=-

→ Twitter:
→ Web site:
→ Subreddit:
→ Fb:

-=[ ? P.S. ]=-

All hyperlinks with “*” are affiliate hyperlinks.
LiveOverflow / Safety Flag GmbH is a part of the Amazon Affiliate Associate Programm.

#CTF #SmartContract

About beheer

Check Also

Binance Vs Ethereum, Bithumb Expansion, The Greatest News Ever & Bitcoin SV Coincidence

Help Me On Patreon! —————————————————————————- Shield And Retailer Your Crypto With A Ledger Nano: —————————————————————————– …

Binance Moves From Ethereum, 3 New XRP Pairs, Bakkt Update & South America Bitcoin Frenzy

Assist Me On Patreon! —————————————————————————- Shield And Retailer Your Crypto With A Ledger Nano: —————————————————————————– …

47 comments

  1. Good work! Tip: web3 is also available in python

  2. what I learned from this video is next to nothing! I licked it anyways !anyone has a good book to start with smart contracts an ETH ?

  3. I didn't understand most of it could you go over it again like with basic details

  4. don't understand a single thing. haha

  5. I didn't understand absolutely anything 🙁

  6. Internet want this kind of content
    That's failure too not only the heavens

  7. Glad you did this video. I've been interested in writing smart contracts and have done some surface-level research to gain some exposure but your video helped put a few things together. Thanks for the simple and clear explanations of your thought processes!

  8. I study IT-Sec in my masters and it's still way over my head. I understood about half of it.

  9. Clap from fellow hacker.

  10. This was such a ride! Please, part 2 as soon as you can! Got me curious :))) And understanding the algorithm and thought process of the dev is so much more important than the code language itself. The true sense of hacking.

  11. try 'cnpm' for China, it's a really useful mirror of npm that can easily be accessed in China.

  12. IS WORDPRESS HACKABLE LIKE THIS?

    I AM SO SORRY FOR ASKING THIS HERE FROM HIM BUT I AM VERY NEW TO PROGRAMMING AND WEB DEV .
    while looking for "make a WordPress php file live with brackets" i saw this video.

    Stop WordPress User Enumeration Vulnerability Via .htacess

    https://www.youtube.com/watch?v=G94mFxWZv7k

    I DONT KNOW WHAT TO SAY OR ASK IN THIS MATTER.

    CAN YOU HELP PLEASE LOOK INTO THIS THING……PLEASE PLEASE…..PLEASE…

    I JUST DONT WANT EXPERIENCED PEOPLE FONDLING AROUND WITH MY NEWBIE WEBSITE ONLINE WHICH FOR SURE WILL BE THERE TO SHOW MY BASIC WORK ONLY.

    CAN NOTHING BE SCURE?

  13. 13:50 Function calls via reduced name hashes instead of the actual names? With no collision checks… what?!

    Is it publicly documented in the manual and other Ethereum-for-Dummies-like stuff? If not, the whole design is seriously flawed and gives great opportunities for misrepresentation and fraud. Moreover, who knows what other surprises are dug inside that widespread system with no transaction revocation included.

    I'm seriously concerned that such product is suggested for casual and even business-related duties. Is there any way to mitigate the issue?

  14. Very cool video! Can't wait for part 2!

    Personal tip for anyone working with this in the future: If you install metamask (browser extension) and point it to the given API endpoint of the private network you can make transactions and all that from within Remix. You can select the wallets available in Metamask in the dropdown instead of the Javascript VM. That should help debugging such contracts quite a bit as you can check inputs and debug messages on the live network 🙂

  15. This gave me the motivation to learn more about smart contracts and how to use Solidity. It's actually really fun to learn! Thank you!

  16. yeah this is understandable,………. wait what… , whoa assembly…….ok now i'm lost

  17. 1 million eth… even on the actual main public chain that's gonna be worth $0 soon 😀

  18. Incredible work, thanks for the video.

  19. Great video! Couldn't understand a single sentence. Marvelous!

  20. Could you maybe make an introductory video about this topic? What the hell is ethereum, what the hell is a contract, who programs around with this, who uses it for what, what does it all mean? Normally I kind of get what you are talking about, this time I couldn't follow at all. I have absolutly no idea about what blockchain is or how it works. My mind hurts.

    Apart from me not understanding a word you said, the presentation was great as usual!

  21. This s the geekiest detective serie I never knew I needed in my life. Exciting!

  22. Hnnnnnnnnng.

    Cliff hanger ?

  23. not a bad video for someone who says they don't understand promises and stuff 🙂

  24. i see a lot of comments of people not understanding a single thing in a video. I'm usually like that with your other videos but this one, I know what you're talking about. can't wait for part 2

  25. Are you by any chance a student at the TU Berlin?

  26. I love these vidoes on smart contracts, would love to see more of them!

  27. Is there any more resources on this ctf challenge? Like the dump of the transactions from logger.js to run on a private node? I'd like to take a swing at this before the rest of your videos come out.
    nvm realised deploy.js does exactly this

  28. This sure gets the ladies wet

  29. What language is the contract code written in? Looks like javascript but not quite …TypeScript?

  30. I know ethereum,solidity,web3 all in some level…but still didnt able to get 80% of the code….man u r gr8..

  31. that is one heck of a function name “AcoraidaMonicaWantsToKeepALogOfTheWinner”

  32. This year's NSA code breaker challenge is Ethereum based as well, maybe this video will give me some hints ?

  33. TL;DR Address 0xcf… is the chain's "miner".

    I think this chain uses Clique PoA. Therefore 0xcf… is most likely the only sealer, considering it's the coinbase (the miner reward recipient).

    By the way, the "HomesteadBlock" and others in the genesis JSON refer to Ethereum hard forks. The current one the main network is in is called Metropolis Byzantium, having alot of features not present in the original chain. Mainnet uses chainid 1 (same for ETH Classic), testnets use other small integers, custom "devnet" chains use other ones.

    EDIT: I am likely wrong. It seems that a sealEngine key needs to be in the genesis file. However, that doesn't change the fact that 0xcf is the miner. The devnet uses Ethash, rather than Proof of Authority.

  34. Haha yeah, web3js is an absolute amazing piece of code. This is why I'm in the process of creating my JS library that uses WebAssembly for its cryptographic functions and I'm doing my best to use a little dependencies as possible 🙂 I'm happy to provide the links to my WIP github repos if anyone's interested.

  35. Guys where should i find the writeups