SSCH - Solidity Smart Contract Hacking
Learn how to hack and develop secure smart contracts in our 2 days course
Last updated
Learn how to hack and develop secure smart contracts in our 2 days course
Last updated
PENETRATION TESTS
PentestsLET'S MEET
Book 15 minutes with one of our experts@ dcodx.com
Knowledge of the topics below is only recommended but not mandatory for this course.
Blockchain
Blocks and transactions
Smart contracts
Proof of work and proof of stake
Gas
Basic understanding of decentralized applications and their applicability
2 days full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 8+ labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.
The list below contains some of the vulnerabilities that we will identify and fix in the labs:
Any user can cash out the money from the smart contract
Users can buy the subscription also with any wei amount
Any user can check the amount of money stored in the contract address
Reentrancy vulnerability
Block Timestamp Manipulation Vulnerability
Tx.origin: Authorization bypass
Integer Overflow and Underflow
BatchTransfer Overflow (CVE-2018–10299)
Unprotected SELFDESTRUCT
DelegateCall vulnerabilities
....more
| Module | Topic | Time |
|---|
Davide Cioccia
Registration Closed on Wed June 22
Intro to ETH and smart contracts | Ethereum |
Bitcoin vs Ethereum |
A bit of history |
The Four stages of development |
POW vs POS |
Sharding |
Beacon Chain |
Docking |
Smart Contracts |
Smart Contracts |
Ethereum Smart Contracts |
EVM |
Bytecode analysis |
Accounts, Transactions and Gas |
Storage, Memory and Stack |
Truffle and Remix IDE |
LAB: Our first smart contract and its vulnerabilities |
Smart Contracts part 2 |
Types, Enum and Events |
Mappings |
Inheritance |
Reentrancy vulnerability: the DAO hack |
LAB: Steal all my money (Reentrancy) |
Interfaces |
Block Timestamp |
LAB: Manipulation Vulnerability |
Authorization |
Authorization in Smart Contracts |
Open Zeppelin Contracts |
Modifiers |
LAB: Authorization done properly |
LAB: Tx.origin: Authorization bypass |
DoS |
SELFDESTRUCT |
DoS With Block Gas Limit |
DoS with Failed Call |
More vulnerabilities |
Integer Overflow and Underflow |
LAB: Transfer your funds, or mine |
LAB: BatchTransfer Overflow (CVE-2018–10299) |
Libraries |
Embedded vs Linked libraries |
LAB: Delegatecall vs Call |
LAB: Secure your calls |
Security auditing |
Manual vs automated |
No code? reverse engineer a contract |
Tools: mythril |
Tools: slither |
The SCW registry |
Reporting |
Hack them all |
Final Smart Contract Hacking CTF |
