I agree with the vast majority of @ncweaver’s talk but I think the “million dollar bounties” on smart contracts are a feature.https://www.youtube.com/watch?time_continue=240&v=xCHab0dNnj4 …
I didn’t watch it yet. It’s Hydra, right? I’m not as big a fan of multi-compilation as an exploit detection mechanism for smart contracts, but I am thankful that this research is being done.
-
-
Why not a fan?
-
Let’s get together and walk through it! I think we enumerated some downsides that were discounted in the paper.
-
Sure. Enumerated publicly or in closed discussion? Also, there are ways to achieve exploit gaps beyond multi-compilation (e.g. checking invariants/runtime monitoring). They're less satisfying in their ability to be analyzed.
-
We discussed it inside Trail of Bits, nowhere public. I’ll set something up with you when we’re all back in the office after
@InfiltrateCon! -
Sure, you have my info!
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.