How to Hack

Smart Contracts
Workshop @ 34C3
 Motivation
800

600

400

200

May June August October December

ETH / USD
 A What’s Blockchain?

B
A -> B

A -> B 1 BTC

1 BTC

A wants to send Transaction Transaction is broadcasted

Money to B is crafted to every party in the network

A -> B
1 BTC
A
A -> B B3
1 BTC
A -> B
A -> B B
1 BTC
1 BTC
B2

B1
A -> B
1 BTC
A -> B
1 BTC
B0
Transaction is validated Transaction in a Block Money from A -> B
by every party and added to Blockchain State changed in System
What’s Ethereum?

Ethereum = public global distributed virtual computer

 Computation on Ethereum

can deploy

can call

User Contract
Account Account
- has Balance
- has Balance

- owned by private Key - owned by user Account

• Deploy / Call is a transaction on the blockchain

• Contract Call initiates computation

• Each computational step costs ‚Gas‘ for the sender

• Ether = payment unit for computation

 Smart Contract Coding

Solidity: Similar to Javascript

Important built-ins primitive data types

transfer( ) := send funds to destination
address := account address

mapping := Array [address => uint]

msg.sender := return address

msg.value := return uint of ether amount

balance := return account balance

this := reference contract object

sha3( ) := return hash of input

solidity.readthedocs.io
 Smart Contract Example
contract creatorBalanceChecker {
address creator;
uint creatorbalance;

function creatorBalanceChecker() public {

creator = msg.sender;
creatorbalance = creator.balance;
}
function getContractAddress() constant returns (address)
{
return this;
}
function getCreatorBalance() constant returns (uint) {
return creatorbalance;
}
function getCreatorDotBalance() constant returns (uint)
{
return creator.balance;
}
function () payable { }

function kill() { suicide(creator); }

}
What can go wrong?
 Open your Laptops !

1. Install MetaMask Browser Add-on

2. ethernaut-devcon3.zeppelin.solutions

3. solidity.readthedocs.io