Blockchain and the Disruption of Existing Models
At Security Innovation we are fascinated by the prospects of Blockchain technology. Whether it be in finance, commerce, Internet services, or any of the other applicable sectors, we are excited by the potential for Blockchain to provide new efficiencies and disrupt existing models.
Distributed Apps (DApps)
One specific area we are most interested in is the use of programmable smart contracts. By writing front-end web applications called DApps (Distributed Apps) that interact directly with smart contracts, users will be able to conduct commerce in a new decentralized fashion never before possible.
With any new technology comes new threats as well. With smart contracts in particular, the risk of deploying a vulnerable contract is even more pronounced by the ease in profiting from a successful exploit. Additionally, due to the immutable nature of these contracts, ensuring vulnerabilities are prevented before deployment is all the more crucial.
Holding Software to a Higher Standard
One of the principles we hold dear at Security Innovation is to do the most good. We do this primarily through education and spreading security awareness. When it comes to security, we see it as our mission to hold software to a higher standard.
With that in mind, we are excited to announce the release of our new free interactive platform to help others learn about smart contract security, the Security Innovation Blockchain CTF.
With this platform, we have constructed a series of vulnerable smart contracts and DApps with real-life use cases, ranging from decentralized trust funds and open source lottery systems, to ICOs and automated royalty agreements. Each of these applications contain a vulnerability commonly found in smart contracts. Participants can practice exploiting these bugs to steal fake crypto-currencies and win points on our leaderboard.
As with our CMD + CTRL cyber range offering, where we have brought gamification to actual live web applications for an engaging learning experience. Throughout Blockchain CTF we provide helpful hints and resources that assist users in learning more about the tools and methodologies used when developing, testing, and using DApps and smart contracts.
In the spirit of decentralization, we have developed the platform as a client-side DApp with our smart contracts running on the Ethereum Testnet Blockchain. This means that there is no back-end server components aside from a few statically hosted scripts. All state is managed by the permission-less, decentralized network running the Ropsten Testnet Blockchain.
TRY SI BLOCKCHAIN CTF
We are excited to be publicly releasing this project so that developers and testers everywhere can learn more about this exciting new technology and ensure that security is at the forefront of their efforts. Click on the button below to start playing.
Have fun! And let us know what you think.