Previous attacks on smart contracts, such as the DAO attack and the Parity attacks, have demonstrated that it is incredibly challenging to write correct and secure contracts. …


Image for post
Image for post
Photo by Asael Peña on Unsplash

In previous posts, we introduced Harvey, a fuzzer for Ethereum smart contracts, and presented two techniques to boost its effectiveness: input prediction and multi-transaction fuzzing.

Harvey is being developed by ConsenSys Diligence in collaboration with Maria Christakis from MPI-SWS. It is one of the tools that powers the MythX platform. Sign up for our beta to give it a try!

Starting with the DAO attack, reentrancy issues have been exploited several times over the last few years to hack smart contracts. In previous posts, we saw examples of how we can use Harvey to detect assertion violations in smart contracts.

In this post, we will explain how Harvey is able to detect other issues and in particular reentrancy issues. …


Image for post
Image for post

In previous posts, we introduced Harvey, a fuzzer for Ethereum smart contracts, and presented a novel input prediction technique to improve its effectiveness.

Harvey is being developed by ConsenSys Diligence in collaboration with Maria Christakis from MPI-SWS. It is one of the tools that powers the MythX analysis platform.

Most real-world contracts transition through many different states (e.g., one for each user bidding during an auction or betting in a game) during their lifetime and it is crucial not to focus a security analysis exclusively on the states reachable after one or very few transactions. …

About

Software Security Researcher at ConsenSys Diligence

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store