Blockchain and the Disruption of Existing Models

At Security Innovation we are fascinated by the prospects of Blockchain technology. Whether it be in finance, commerce, Internet services, or any of the other applicable sectors, we are excited by the potential for Blockchain to provide new efficiencies and disrupt existing models. 

New applications of Blockchain technology are being researched and discovered each day. For companies that are investigating use cases of this exciting new technology, it is more important than ever that security be their top priority. Since the consequences of an insecure Blockchain application will often result in immediate financial loss, it is critical that developers of blockchain applications are fully prepared to identify and prevent common vulnerabilities in these platforms.

Distributed Apps (DApps)

One specific area we are most interested in is the use of programmable smart contracts. By writing front-end web applications called DApps (Distributed Apps) that interact directly with smart contracts, users will be able to conduct commerce in a new decentralized fashion never before possible.

With any new technology comes new threats as well.  With smart contracts in particular, the risk of deploying a vulnerable contract is even more pronounced by the ease in profiting from a successful exploit. Additionally, due to the immutable nature of these contracts, ensuring vulnerabilities are prevented before deployment is all the more crucial.

Holding Software to a Higher Standard

One of the principles we hold dear at Security Innovation is to do the most good. We do this primarily through education and spreading security awareness.  When it comes to security, we see it as our mission to hold software to a higher standard.  

With that in mind, we are excited to announce the release of our new free interactive platform to help others learn about smart contract security, the Security Innovation Blockchain CTF.


With this platform, we have constructed a series of vulnerable smart contracts and DApps with real-life use cases, ranging from decentralized trust funds and open source lottery systems, to ICOs and automated royalty agreements. Each of these applications contain a vulnerability commonly found in smart contracts. Participants can practice exploiting these bugs to steal fake crypto-currencies and win points on our leaderboard. 

As with our CMD + CTRL cyber range offering, where we have brought gamification to actual live web applications for an engaging learning experience. Throughout Blockchain CTF we provide helpful hints and resources that assist users in learning more about the tools and methodologies used when developing, testing, and using DApps and smart contracts. 

In the spirit of decentralization, we have developed the platform as a client-side DApp with our smart contracts running on the Ethereum Testnet Blockchain. This means that there is no back-end server components aside from a few statically hosted scripts. All state is managed by the permission-less, decentralized network running the Ropsten Testnet Blockchain.


We are excited to be publicly releasing this project so that developers and testers everywhere can learn more about this exciting new technology and ensure that security is at the forefront of their efforts. Click on the button below to start playing.

But First....

You will need the following set-up to play or view the leaderboard.  Install the tool Metamask. It's an extension you can install to most browsers. You can get it at the following URL:
Once installed, click the icon in the corner of your browser and set it up by following the instructions provided. 
To play, you will also need to change the network in the top left corner of Metamask to point to "Ropsten".

 Have fun! And let us know what you think.




Get the Newsletter

Every two weeks we'll send you our latest articles along with usable insights into the state of software security.

Posts by Topic

View Full Topic List