HACK THIS CONTRACT

Abstract

Smart contracts are computer programs on top of blockchains that can be executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value between two parties, the security of the contract program is of utmost importance. Despite prior work in the form of numerous blog posts, Internet discussion forums, DASP top 10, ConsenSys best practices and research papers has been done to tackle vulnerabilities in Ethereum smart contracts, the problem is that students only hear about them in the lecture or read about them online. However, they don’t have a concrete notion of what form they take or how they come about. This thesis describes the development process of an educational tool, ’Hack This Contract’ (website) aimed at helping students learn/identify security vulnerabilities in smart contracts and also motivate the need for secure smart contract development. Whilst, in the first half of development, additional contracts replicating the Parity Multisig Wallet Hack have been incorporated, analysis of students’ feedback has shifted the focus of the second half of development towards realizing the need for secure authentication mechanism and implementation of the same. Ultimately, I have shared my findings, experiences as well as challenges encountered during the design of such a system and discussed to what extent was ’Hack This Contract’ effective in addressing its goals.