In the past year, we (Dedaub) have disclosed numerous vulnerabilities in deployed smart contracts and received 10 significant bug bounties totaling over $3M. The talk derives from this experience: I'll talk about the Dedaub tooling (including the contract-library.com code explorer) and a couple of Solidity patterns that have been behind high-value vulnerabilities we've identified. The main body of the talk, however, will focus on a simple question: "what can I do as a developer to make my smart contract auditor more efficient and effective?" This is not much different from asking "how can I write better code?" but I intend to give actionable advice, based on numerous audits (and instances of hair pulling).

In a way, this is an update of previous talks of the past 10 months or so. E.g., talks given at the Solidity Summit:
[ Ссылка ] ([ Ссылка ])
and at Chainlink SmartCon 2022:
[ Ссылка ]

The current proposal updates these talks with slightly different technical content: both because of new items, and because I'm keeping the elements that work best. (E.g., I had a talk at TrustX that turned out to be a bit "too technical". The above seem to be "just right".)

Yannis Smaragdakis

свернуть