How would you approach exploiting a derivatives market? We’ll explore how we secured a perpetuals market averaging north of $100m in daily volume. It’ll be a technical deep dive beyond traditional pentesting concerns, focusing on abusing game theory and economic models for profit. In the high-stakes world of smart contracts, a single overlooked flaw could result in an instantaneous multi-million dollar loss.

The talk will be based on experience gained through security reviews iosiro has performed of Synthetix’s Perpetual markets. The code, infrastructure, and assessment results are all public, so we can give deep insights into our learnings. The basic structure of the talk can be split into four sections. The first three sections are intended to provide attendees with the requisite context to engage with the security considerations in the final section.

Takeaways:
Gain knowledge about derivatives and perpetual markets.
Learn about the weird and wonderful attacks against these systems, along with the countermeasures implemented to protect against them.
See how one of the most popular DeFi / crypto applications works.
Develop an understanding of how to approach threat modeling smart contracts without needing any background in blockchain fundamentals.
See the difference between how a pentester and smart contract auditor might approach an assessment of this nature.

Notes:
The system is built for web3, but the talk will be more focused on the attack surface of a fully white-box financial application. Most of the blockchain-specific behavior will be abstracted away as many attacks could apply to traditional financial systems. This approach allows attendees to interact with a commonly used crypto product and understand threat modeling in the field, without understanding blockchain fundamentals like smart contracts and Solidity.
We are the sole security consultants working on this system and have reviewed several implementations over a few years. We have a comprehensive understanding of its inner workings and its threat model.
The system in question comprises a set of smart contracts deployed to Optimism, an Ethereum Layer-2 network.
A front-end for the current deployment of the perps market can be found here: https://kwenta.eth.limo/dashboard/mar...
Stats of the perps market can be found at: https://dune.com/synthquest/synthetix...

Filmed at BSides Cape Town 2023
AV Sponsored by BITM Cyber Security