SSCH - Solidity Smart Contract Hacking
Learn how to hack and develop secure smart contracts in our 2 days course
Knowledge of the topics below is only recommended but not mandatory for this course.
- Blockchain
- Blocks and transactions
- Smart contracts
- Proof of work and proof of stake
- Gas
- Basic understanding of decentralized applications and their applicability
2 days full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 8+ labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.
The list below contains some of the vulnerabilities that we will identify and fix in the labs:
- Any user can cash out the money from the smart contract
- Users can buy the subscription also with any
weiamount - Any user can check the amount of money stored in the contract address
- Reentrancy vulnerability
- Block Timestamp Manipulation Vulnerability
- Tx.origin: Authorization bypass
- Integer Overflow and Underflow
- BatchTransfer Overflow (CVE-2018–10299)
- Unprotected SELFDESTRUCT
- DelegateCall vulnerabilities
- ....more
Module | Topic | Time |
|---|---|---|
Intro to ETH and smart contracts | Ethereum | |
| Bitcoin vs Ethereum | |
| A bit of history | |
| The Four stages of development | |
| POW vs POS | |
| Sharding | |
| Beacon Chain | |
| Docking | |
Smart Contracts | | |
| Smart Contracts | |
| Ethereum Smart Contracts | |
| EVM | |
| Bytecode analysis | |
| Accounts, Transactions and Gas | |
| Storage, Memory and Stack | |
| Truffle and Remix IDE | |
| LAB: Our first smart contract and its vulnerabilities | |
Smart Contracts part 2 | | |
| Types, Enum and Events | |
| Mappings | |
| Inheritance | |
| Reentrancy vulnerability: the DAO hack | |
| LAB: Steal all my money (Reentrancy) | |
| Interfaces | |
| Block Timestamp | |
| LAB: Manipulation Vulnerability | |
Authorization | | |
| Authorization in Smart Contracts | |
| Open Zeppelin Contracts | |
| Modifiers | |
| LAB: Authorization done properly | |
| LAB: Tx.origin: Authorization bypass | |
DoS | | |
| SELFDESTRUCT | |
| DoS With Block Gas Limit | |
| DoS with Failed Call | |
More vulnerabilities | | |
| Integer Overflow and Underflow | |
| LAB: Transfer your funds, or mine | |
| LAB: BatchTransfer Overflow (CVE-2018–10299) | |
Libraries | | |
| Embedded vs Linked libraries | |
| LAB: Delegatecall vs Call | |
| LAB: Secure your calls | |
Security auditing | | |
| Manual vs automated | |
| No code? reverse engineer a contract | |
| Tools: mythril | |
| Tools: slither | |
| The SCW registry | |
| Reporting | |
Hack them all | | |
| Final Smart Contract Hacking CTF | |
DCODX on LinkedIn: #Solidity #Hacking #training
linkedin
Link to the webinar