search
Blog Website

SSCH - Solidity Smart Contract Hacking

Learn how to hack and develop secure smart contracts in our 2 days course

hashtag
Prerequisites

Knowledge of the topics below is only recommended but not mandatory for this course.

  • Blockchain

  • Blocks and transactions

  • Smart contracts

  • Proof of work and proof of stake

  • Gas

  • Basic understanding of decentralized applications and their applicability

hashtag
Abstract

2 days full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 8+ labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.

hashtag
Some of the scenarios we will go through

The list below contains some of the vulnerabilities that we will identify and fix in the labs:

  • Any user can cash out the money from the smart contract

  • Users can buy the subscription also with any wei amount

  • Any user can check the amount of money stored in the contract address

  • Reentrancy vulnerability

  • Block Timestamp Manipulation Vulnerability

  • Tx.origin: Authorization bypass

  • Integer Overflow and Underflow

  • BatchTransfer Overflow (CVE-2018–10299)

  • Unprotected SELFDESTRUCT

  • DelegateCall vulnerabilities

  • ....more

hashtag
Syllabus

Module
Topic
Time

Intro to ETH and smart contracts

Ethereum

Bitcoin vs Ethereum

A bit of history

The Four stages of development

POW vs POS

Sharding

Beacon Chain

Docking

Smart Contracts

Smart Contracts

Ethereum Smart Contracts

EVM

Bytecode analysis

Accounts, Transactions and Gas

Storage, Memory and Stack

Truffle and Remix IDE

LAB: Our first smart contract and its vulnerabilities

Smart Contracts part 2

Types, Enum and Events

Mappings

Inheritance

Reentrancy vulnerability: the DAO hack

LAB: Steal all my money (Reentrancy)

Interfaces

Block Timestamp

LAB: Manipulation Vulnerability

Authorization

Authorization in Smart Contracts

Open Zeppelin Contracts

Modifiers

LAB: Authorization done properly

LAB: Tx.origin: Authorization bypass

DoS

SELFDESTRUCT

DoS With Block Gas Limit

DoS with Failed Call

More vulnerabilities

Integer Overflow and Underflow

LAB: Transfer your funds, or mine

LAB: BatchTransfer Overflow (CVE-2018–10299)

Libraries

Embedded vs Linked libraries

LAB: Delegatecall vs Call

LAB: Secure your calls

Security auditing

Manual vs automated

No code? reverse engineer a contract

Tools: mythril

Tools: slither

The SCW registry

Reporting

Hack them all

Final Smart Contract Hacking CTF

hashtag
Related events

Logo#solidity #hacking #training #webinar #blockchain #sharethispost | DCODX | 19 commentslinkedinchevron-right
Link to the webinar

hashtag
Reserve a spot

chevron-right📅 23-24 June (9.30AM - 1.30PM CET) - BETAhashtag

👨‍🏫 Davide Cioccia

💺Registration Closed on Wed June 22

hashtag
More info? Contact us at [email protected]

Last updated