Andreas Park PRO
Professor of Finance at UofT
Instructors: Andreas Park and Zissis Poulos
DeFi Security Risks
Risk is in every layer of the tech stack!
Known Smart Contract Vulnerabilities
https://consensys.github.io/smart-contract-best-practices/attacks/
Re-entrancy - The DAO hack
Re-entrancy - The DAO hack
fallback() with "evil" logic
The DAO
withdraw
send
receive() is missing!
It's happened before
Unprivileged Writes - The Parity Wallet hack
...
...
DeFi Exploits
Hacker remotely stole validator private keys
Bridge attack
Hacker minted WETH out of thin air on Solana's contract
Signatures were not verified! Bridge attack....hmmm
Smart Contract Scams
https://rekt.news/leaderboard/
Solutions?
Some options
@financeUTM
andreas.park@rotman.utoronto.ca
slides.com/ap248
sites.google.com/site/parkandreas/
youtube.com/user/andreaspark2812/
By Andreas Park