SSCH - Solidity Smart Contract Hacking
Learn how to hack and develop secure smart contracts in our 2 days course
Last updated
Learn how to hack and develop secure smart contracts in our 2 days course
Last updated
Knowledge of the topics below is only recommended but not mandatory for this course.
Blockchain
Blocks and transactions
Smart contracts
Proof of work and proof of stake
Gas
Basic understanding of decentralized applications and their applicability
2 days full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 8+ labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.
The list below contains some of the vulnerabilities that we will identify and fix in the labs:
Any user can cash out the money from the smart contract
Users can buy the subscription also with any wei amount
Any user can check the amount of money stored in the contract address
Reentrancy vulnerability
Block Timestamp Manipulation Vulnerability
Tx.origin: Authorization bypass
Integer Overflow and Underflow
BatchTransfer Overflow (CVE-2018–10299)
Unprotected SELFDESTRUCT
DelegateCall vulnerabilities
....more
Intro to ETH and smart contracts
Ethereum
Bitcoin vs Ethereum
A bit of history
The Four stages of development
POW vs POS
Sharding
Beacon Chain
Docking
Smart Contracts
Smart Contracts
Ethereum Smart Contracts
EVM
Bytecode analysis
Accounts, Transactions and Gas
Storage, Memory and Stack
Truffle and Remix IDE
LAB: Our first smart contract and its vulnerabilities
Smart Contracts part 2
Types, Enum and Events
Mappings
Inheritance
Reentrancy vulnerability: the DAO hack
LAB: Steal all my money (Reentrancy)
Interfaces
Block Timestamp
LAB: Manipulation Vulnerability
Authorization
Authorization in Smart Contracts
Open Zeppelin Contracts
Modifiers
LAB: Authorization done properly
LAB: Tx.origin: Authorization bypass
DoS
SELFDESTRUCT
DoS With Block Gas Limit
DoS with Failed Call
More vulnerabilities
Integer Overflow and Underflow
LAB: Transfer your funds, or mine
LAB: BatchTransfer Overflow (CVE-2018–10299)
Libraries
Embedded vs Linked libraries
LAB: Delegatecall vs Call
LAB: Secure your calls
Security auditing
Manual vs automated
No code? reverse engineer a contract
Tools: mythril
Tools: slither
The SCW registry
Reporting
Hack them all
Final Smart Contract Hacking CTF
Davide Cioccia
Registration Closed on Wed June 22
