04-07, 14:35–14:55 (Europe/Zurich), Surge Stage
We will show how EIP-1153, despite introducing a useful primitive for Dapp developers, breaks some security assumptions made by Vyper and Solidity smart contracts, leading to reentrancy attacks. We will also discuss mitigations.
Takeaway the audience should expect to learn from the session:
Solidity’s transfer and Vyper’s send functions are no longer reentrancy-safe. Existing contracts are not affected, but need to be careful when interacting with new contracts.
Pietro Carta, a blockchain security engineer at ChainSecurity, specializes in smart contract audits in Solidity and Vyper. He also discovered and responsibly disclosed a critical vulnerability on live code, protecting over $10M in user assets.
Pietro holds a bachelor's degree in computer science and a Master's degree in Data Science from EPFL. He boasts prior experience both in academia and in industry, on the one hand as as a Data Science Consultant for the prestigious UCL university, as a Research Assistant for EPFL, and on the other hand as a CTO and software developer in FinTech companies.
Here's a link to one of his talks: https://www.youtube.com/watch?v=TAo2JG9SUOQ