Link to the website: https://codepodcast.com/posts/2018-03-12-episode-7-300m-worth-of-bugs/Imagine – your company's code and data are exposed. How long will it take for malicious hackers to find vulnerabilities? To steal users' personal information?For developers that build on Ethereum that situation is not a distant possibility, it's an everyday reality. All the code, the state and the calls to their programs are publicly accessible and live forever on the blockchain. Add to it the fact that their code will manipulate money. Getting rid of *all* the bugs and holes becomes crucial.In this episode we'll talk about software that finds bugs in other software. Specifically ways of verifying Ethereum smart contracts.The story begins in the summer of 2017 when someone is able to steal $30M worth of ether.---Episode was produced by [Andrey Salomatin](https://flpvsk.com).## Support the podcastIf you get value from the podcast, please consider supporting us on https://codepodcast.com/patreonAlternatively, you can also send us eth to this address: 0x730075d42c3BC0EA38c23A6D0D9611E9d78C5Af0## Guests* [Santiago Palladino](https://twitter.com/smpalladino)* [Matt Condon](https://twitter.com/mattgcondon)* [Yoichi Hirai](https://twitter.com/pirapira)### Links* [Ethereum](https://ethereum.org/)* [Ethereum DevelopmentTutorial](https://github.com/ethereum/wiki/wiki/Ethereum-Development-Tutorial)* [Parity](https://www.parity.io/)* EVM-compatible languages* [Solidity](https://github.com/ethereum/solidity)* [Serpent](https://github.com/ethereum/serpent)* [Vyper](https://github.com/ethereum/vyper)* [Bamboo](https://github.com/pirapira/bamboo)* Wiki: ["Abstractinterpretation"](https://en.wikipedia.org/wiki/Abstract_interpretation)* Symbolic execution* Article ["Introducing Mythril: A framework for bug hunting on the Ethereum blockchain"](https://hackernoon.com/introducing-mythril-a-framework-for-bug-hunting-on-the-ethereum-blockchain-9dc5588f82f6)* [Manticore](https://github.com/trailofbits/manticore)* Wiki: ["Formal Verification"](https://en.wikipedia.org/wiki/Formal_verification)* [The Hydra Project](https://thehydra.io/)### Links: Santiago* [OpenZeppelin website](https://openzeppelin.org/)* [OpenZeppelin Slack](https://slack.openzeppelin.org/)* [ZepellinOS](https://zeppelinos.org/)* Article ["The Parity Wallet HackExplained"](https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7)### Links: Matt* [XLNT website](https://xlnt.co/)* Article ["Getting Up to Speed on Ethereum"](https://medium.com/@mattcondon/getting-up-to-speed-on-ethereum-63ed28821bbe)* Article ["Announcing the SteakNetwork"](https://medium.com/truebit/announcing-the-steak-network-c3d44290d53d)### Links: Yoichi* Gist ["Formal Verification of EthereumContracts"](https://github.com/pirapira/ethereum-formal-verification-overview)* [Bamboo](https://github.com/pirapira/bamboo)* [A Lem formalization of EVM and some Isabelle/HOL proofs](https://github.com/pirapira/eth-isabelle)* Video ["Formal verification of EVM bytecodes"](https://www.youtube.com/watch?v=Mzh4fyoaBJ0)* Video ["Formal Verification of Smart Contracts"](https://www.youtube.com/watch?v=cCUGMAnCh7o)### Music[Mid-Air!](https://soundcloud.com/mid_air)