Elusive Thoughts

 Introduction  As Crypto currency technologies are becoming more and more prevalent, as the time is passing by, and banks will soon start adopting them. Ethereum blockchain and other complex blockchain programs are relatively new and highly experimental. Therefore, we should expect constant changes in the security landscape, as new bugs and security risks are discovered, and new best practices are developed [1].This article is going to discuss how to perform a source code review in Ethereum Smart Contracts (SCs) and what to look for. More specifically we are going to focus in specific keywords and how to analyse them.  The points analysed are going to be: User supplied input filtering, when interacting directly with SC Interfacing with external SCs Interfacing with DApp applications SC formal verification Wallet authentication in DApp SC Programming Mindset When designing an SC ecosystem (a group of SCs, constitutes an ecosystem) is it wise to have some specific concepts ...

INTRODUCTION  Ethereum Smart Contracts and other complex blockchain programs are new, promising and highly experimental. Therefore, we should expect constant changes in the security landscape, as new bugs and security risks are discovered, and new best practices are developed [1].  This article is going to focus on threat modeling of smart contract applications. Threat modelling is a process by which threats, such as absence of appropriate safeguards, can be identified, enumerated, and mitigation can be prioritized accordingly. The purpose of threat model is to provide contract applications defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker.  Smart contract programming requires a different engineering mindset than we may be used to. The cost of failure can be high, and change can be difficult, ...