Introducing "moriarty", a tool for automated smart contract symbolic execution vulnerability discovery and exploit synthesis presented at Kiwicon20138AD 2018

by Caleb "alhazred" Anderson,

Summary : "In the grim future of 2018, there is only war... and the cypherpunks won. if Timothy May was actually dead he'd be cackling in his grave by now. Bitcoin billionaires, smart contracts, end-to-end encryption, onion routing, obscure darkweb forums full of Bulgarian fraud pimps touting their latest autoshop software... it's certainly an exciting time to be alive. Ethereum is a cryptocurrency designed for the execution of ""smart contracts"", where code controls the flow of finance from one account to another. Putting programs in direct control of millions of non-repudible crypto-dollars... what could possibly go wrong? "Moriarty"" is a tool for the vulnerability analysis of ethereum smart contracts, where only one vulnerability actually counts --- stealing cold hard cash. Using the dark arts of symbolic execution, Moriarty can automatically find vulnerabilities and synthesise exploits ""on the fly"". Additionally, Moriarty sweeps the entire ethereum blockchain & contract space in order of potential income to maximise profit, in a purely proof-of-concept kind of way. This presentation will discuss the engineering of such a tool from first principles, along with tips, tricks and optimizations as yet unknown in ""other"" more generic symbolic execution frameworks. As we used to say back in the day, ""for information reasons only"".