DevCon2: Ethereum Security Overview
It is important to take steps to reduce both the likelihood and impact of attacks, which can range from zero day exploits to game theoretical attacks. For instance, small hot wallets limit the impact of an attack on hot wallet assets. Maintaining a cold wallet limits the likelihood of a successful attack on those assets.
One should remember that Dapps run in browsers, which have a huge attack surface, so steps such as not surfing the web with your Dapp browser and hosting assets on trusted servers, not CDNs should be taken to minimize attacks.
The EVM environment adds new scenarios to worry about in application code, like chain reorganizations. Developers must truly understand the EVM, and the Python implementation is a very readable codebase to get started. There are several ongoing EIPs to address security issues in smart contracts, and these are open discussions for anyone to participate in.
This series was a collaborative research project written by Bill Gleim, Simon de la Rouviere, Paul Kohlhaas, and Niran Babalola. It was crowdfunded by the Ethereum Movement, a decentralized nonprofit built on Benefactory.
