Smart Contract Honeypots for Profit (and probably Fun) presented at toorcon2018SanDiego 2018

by Ben Schmidt,

Summary : Ethereum smart contracts have bugs: a lot of them. So many, in fact, that attackers have flocked to exploit them, but occasionally they lose money themselves. Malicious contracts that look vulnerable but are exploitative are a rising trend, and this talk will discuss how they work and what they do.Ethereum honeypot contracts combine the oldest of cons with the newest of tech. As it turns out, it’s still easy to con someone who thinks they’re a conman. These malicious contracts share one trait in common: they almost always try to look like they were designed by a beginner. As such, they are a great place to learn about some of the pitfalls that can befall a new entrant to the space, and serve as an interesting (and often entertaining) case study into the wild-west world of smart contract security. By exploring a few of the more interesting cases of not-so-vulnerable contracts, the audience can gain a deeper understanding of how smart contract security works in practice, and maybe how to beat a few scammers at their own game.