SSCH - Solidity Smart Contract Hacking
Learn how to hack and develop secure smart contracts in our 2 days course
Prerequisites
Knowledge of the topics below is only recommended but not mandatory for this course.
Blockchain
Blocks and transactions
Smart contracts
Proof of work and proof of stake
Gas
Basic understanding of decentralized applications and their applicability
Abstract
2 days full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 8+ labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.
Some of the scenarios we will go through
The list below contains some of the vulnerabilities that we will identify and fix in the labs:
Any user can cash out the money from the smart contract
Users can buy the subscription also with any
wei
amountAny user can check the amount of money stored in the contract address
Reentrancy vulnerability
Block Timestamp Manipulation Vulnerability
Tx.origin: Authorization bypass
Integer Overflow and Underflow
BatchTransfer Overflow (CVE-2018–10299)
Unprotected SELFDESTRUCT
DelegateCall vulnerabilities
....more
Syllabus
Module | Topic | Time |
---|---|---|
Intro to ETH and smart contracts | Ethereum | |
Bitcoin vs Ethereum | ||
A bit of history | ||
The Four stages of development | ||
POW vs POS | ||
Sharding | ||
Beacon Chain | ||
Docking | ||
Smart Contracts | ||
Smart Contracts | ||
Ethereum Smart Contracts | ||
EVM | ||
Bytecode analysis | ||
Accounts, Transactions and Gas | ||
Storage, Memory and Stack | ||
Truffle and Remix IDE | ||
LAB: Our first smart contract and its vulnerabilities | ||
Smart Contracts part 2 | ||
Types, Enum and Events | ||
Mappings | ||
Inheritance | ||
Reentrancy vulnerability: the DAO hack | ||
LAB: Steal all my money (Reentrancy) | ||
Interfaces | ||
Block Timestamp | ||
LAB: Manipulation Vulnerability | ||
Authorization | ||
Authorization in Smart Contracts | ||
Open Zeppelin Contracts | ||
Modifiers | ||
LAB: Authorization done properly | ||
LAB: Tx.origin: Authorization bypass | ||
DoS | ||
SELFDESTRUCT | ||
DoS With Block Gas Limit | ||
DoS with Failed Call | ||
More vulnerabilities | ||
Integer Overflow and Underflow | ||
LAB: Transfer your funds, or mine | ||
LAB: BatchTransfer Overflow (CVE-2018–10299) | ||
Libraries | ||
Embedded vs Linked libraries | ||
LAB: Delegatecall vs Call | ||
LAB: Secure your calls | ||
Security auditing | ||
Manual vs automated | ||
No code? reverse engineer a contract | ||
Tools: mythril | ||
Tools: slither | ||
The SCW registry | ||
Reporting | ||
Hack them all | ||
Final Smart Contract Hacking CTF |
Related events
Reserve a spot
More info? Contact us at info@dcodx.com
Last updated