Smart Contract Phishing, Attack & Defense by Tejaswa Rastogi

(c) Beth Macdonald / Unsplash

Tejaswa Rastogi (Razzor) did a nice talk on smart contract phishing. He covers some interesting attack vectors, as well as defense mechanisms. 

  • Homoglyph injections, e.g. employing look-alike characters for malicious functions. That fake deposit function is not actually depositing your funds...
  • Library sideloading, e.g. calling (malicious) external libraries through DELEGATECALL wich undoubtedly results in an unpleasant surprise (you lose your funds).
  • Metadata injections, e.g. hiding malicious functionality (backdoors) in smart contract metadata. Metadata apparently(?) is not included in the contract verification process of Etherscan.

The more you know... 👀

Photo by Beth Macdonald on Unsplash