Stefan Beyer on Smart Contract Audits
What We Discuss With Stefan Beyer
With the launch of Ethereum in 2014, for the first time ever, we could program decentralized applications that run on a blockchain.
But in order to become mainstream, their inherent security is of paramount importance. If poorly coded, these smart contracts are vulnerable to hacking. With a significant amount of funds locked into these smart contracts, the losses can be irreversible for the investors.
Smart contracts can be transformative but the only way to get there is if people know with certainty that money cannot be stolen from their smart contract. One way to mitigate the risk of having smart contracts exploited by hackers is by having smart contracts audits.
In this episode, we discuss;
- Smart contract audits and common mistakes for developers writing smart contracts;
- Planning a smart contract audit and how should the client prepare;
- The evolution of smart contracts and new concerns faced by auditors;
- Vulnerabilities of smart contracts leading to hacks;
- Where to start to become a smart contract auditor and blockchain programming languages available;
- And many more…
Connect with
Stefan
Shownotes
Introduction into smart contract audits
- Stefan shares how he started working with distributed systems before Bitcoin, consensus protocols and smart contracts security [3:08]
- What is a smart contract (with vending machine analogy) ? [5:27]
- Are smart contracts legally binding as compared to how traditional contracts are (Is code law) ? [7:46]
- What is a smart contract audit ? [10:50]
- Why is the concept of immutability important when it comes to deploying smart contracts, and how is it different to traditional software update? [12:04]
- Should smart contract audits be performed as a one-off exercise only or is it recurring? [14:05]
- Do all smart contracts need an audit and what is Stefan’s risk assessment approach? [15:45]
- What are the requirements to make smart contract audits publicly available? [16:56]
- Stefan shares the common mistakes of developers when writing smart contracts [18:31]
Preparation for smart contract audits and their evolution/new concerns
- Stefan explains the scenario to implement protocols on smart contracts [20:09]
- What does Stefan expect from the client in terms of preparation [20:49]
- How much time it takes to perform a smart contract audit [22:41]
- Stefan shares the standard tools developers have at their disposal to identify vulnerabilities with the source code [23:01]
- Do audits provide with 100% assurance that smart contracts are free from vulnerabilities [25:00]
- Stefan explains how smart contracts have evolved in terms of their complexity from 2017 to today [27:35]
- What is composability and what do flash loans mean in Defi [29:17]
- The famous DAO hack of 2016 and what can developers learn from exploits [31:44]
- What industries is OAK Security, the company founded by Stefan, looking to work with ? [36:27]
Smart contract audit education
- How to become a smart contract auditor? [39:09]
- Why is self learning important since programming languages like Substrate and Solidity are not taught in universities [41:13]
- Should someone specialize in a single programming language or diversify? [42:11]
- Stefan’s opinion on whether everyone should have a basic understanding of coding [43:56]
- Predictions of smart contracts in 5 years time [44:42]
- Stefan summarises the smart contract security and his message to developers [45:59]