The Open Web Application Security Project (OWASP) Los Angeles Chapter is teaming up with the Orange County, San Diego, SF Bay Area, and the Inland Empire chapters to bring you the FIFTH Annual AppSec California. The event is a one of a kind experience for information security professionals, developers, and QA and testing professionals, as they gather at the beach from around the world to learn and share knowledge and experiences about secure systems and secure development methodologies.

One and Two-day training sessions on various subjects by expert trainers kick off the conference on January 28th. World renown speakers follow on days three and four.

There will be four concurrent tracks throughout the day on both January 30 and 31, addressing a variety of topics to enhance knowledge.

Back To Schedule
Wednesday, January 31 • 2:00pm - 2:50pm
Predicting Random Numbers in Ethereum Smart Contracts

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Smart contracts are not only about ICOs - various lotteries, roulettes and card games are implemented in Solidity and can be played by anyone on the Ethereum blockchain. Autonomy of the blockchain limits the sources of entropy for random number generators. There is no common library that could help developers to create secure RNGs either.  That is why it is very easy to mess things up when implementing your own random number generator.

The talk features the analysis of the gambling smart contracts on the blockchain. As you will see many of them failed to implement a secure RNG which allows to predict the outcome and steal significant sums of money.  At the talk the examples of wrong RNG implementations found in the wild will be demonstrated. The attendees will also learn how to spot problems in RNGs as well as how to build a secure random number generator under blockchain limitations.

avatar for Arseny Reutov

Arseny Reutov

Head of Application Security Research, Positive Technologies Ltd
Arseny Reutov is a web application security researcher from Moscow, Russia. Arseny is the Head of Application Security Research at Positive Technologies Ltd where he specializes in penetration testing, the analysis of web applications, and, more recently, smart contracts audit. He... Read More →

Wednesday January 31, 2018 2:00pm - 2:50pm PST
Garden Terrace Room