# SSCH - Solidity Smart Contract Hacking ![](https://3622500909-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LpsUccoL9AvW9-dz-sO%2Fuploads%2F6tRYld7lYgjBnJ2y8uAO%2Fsolidity.jpeg?alt=media\&token=e6f95a1e-e147-47a9-bce4-14ad42616d1a) ## Prerequisites Knowledge of the topics below is only recommended but not mandatory for this course. * Blockchain * Blocks and transactions * Smart contracts * Proof of work and proof of stake * Gas * Basic understanding of decentralized applications and their applicability ## Abstract 2 days full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 8+ labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools. ## Some of the scenarios we will go through The list below contains some of the vulnerabilities that we will identify and fix in the labs: * Any user can cash out the money from the smart contract * Users can buy the subscription also with any `wei` amount * Any user can check the amount of money stored in the contract address * Reentrancy vulnerability * Block Timestamp Manipulation Vulnerability * Tx.origin: Authorization bypass * Integer Overflow and Underflow * BatchTransfer Overflow (CVE-2018–10299) * Unprotected SELFDESTRUCT * DelegateCall vulnerabilities * ....more ## Syllabus | Module | Topic | Time | | ------------------------------------ | --------------------------------------------------------- | ---- | | **Intro to ETH and smart contracts** | Ethereum | | | | Bitcoin vs Ethereum | | | | A bit of history | | | | The Four stages of development | | | | POW vs POS | | | | Sharding | | | | Beacon Chain | | | | Docking | | | **Smart Contracts** | | | | | Smart Contracts | | | | Ethereum Smart Contracts | | | | EVM | | | | Bytecode analysis | | | | Accounts, Transactions and Gas | | | | Storage, Memory and Stack | | | | Truffle and Remix IDE | | | | **LAB:** Our first smart contract and its vulnerabilities | | | **Smart Contracts part 2** | | | | | Types, Enum and Events | | | | Mappings | | | | Inheritance | | | | Reentrancy vulnerability: the DAO hack | | | | **LAB:** Steal all my money (Reentrancy) | | | | Interfaces | | | | Block Timestamp | | | | **LAB**: Manipulation Vulnerability | | | **Authorization** | | | | | Authorization in Smart Contracts | | | | Open Zeppelin Contracts | | | | Modifiers | | | | **LAB:** Authorization done properly | | | | **LAB:** Tx.origin: Authorization bypass | | | **DoS** | | | | | SELFDESTRUCT | | | | DoS With Block Gas Limit | | | | DoS with Failed Call | | | **More vulnerabilities** | | | | | Integer Overflow and Underflow | | | | **LAB:** Transfer your funds, or mine | | | | **LAB:** BatchTransfer Overflow (CVE-2018–10299) | | | **Libraries** | | | | | Embedded vs Linked libraries | | | | **LAB:** Delegatecall vs Call | | | | **LAB:** Secure your calls | | | **Security auditing** | | | | | Manual vs automated | | | | No code? reverse engineer a contract | | | | Tools: mythril | | | | Tools: slither | | | | The SCW registry | | | | Reporting | | | **Hack them all** | | | | | Final Smart Contract Hacking CTF | | ​ ## Related events ![](https://3622500909-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LpsUccoL9AvW9-dz-sO%2Fuploads%2FBiPWe8q0gDq67TreK2gv%2FScreenshot%202022-02-12%20at%2013.39.07.png?alt=media\&token=2443bbd6-b604-40f5-b0e2-8d61031d074b) {% embed url="" %} Link to the webinar {% endembed %} ## Reserve a spot
📅 23-24 June (9.30AM - 1.30PM CET) - BETA :man\_teacher: Davide Cioccia :seat:**Registration Closed on Wed June 22**
### More info? Contact us at