Training Objectives

Blockchains are revolutionary technologies that allow for secure, distributed, decentralized information storage. Blockchains disrupt the finance industry via DeFi, governance via DAOs, and collectibles via NFTs. Over the past few years, the blockchain has taken the engineering landscape by storm. However, due to the relative newness of blockchain compared to traditional technologies, its use is still hindered by speculation, confusion, uncertainty, and risk.

Training level: Basic; Intermediate

Training Preview

In this course, we shall take a holistic look at security, from the theoretical foundations of the blockchain and smart contracts to finding and exploiting vulnerabilities in smart contracts.

First, this course will give you all the prerequisites to understand blockchain and smart contracts' architecture and major components. Then, we will create and set up a development and testing environment allowing us to efficiently build, deploy and debug smart contracts on the local test net. We will learn how to find vulnerabilities and exploit vulnerabilities in the local testing environment. We will also leverage security tooling, such as Slither and Mythril, to detect smart contract vulnerabilities automatically.

Some of the skills and techniques you will learn are:

• How to interact with and get data from public blockchains
• How to write smart contracts in Solidity
• How to find vulnerabilities in smart contract
• How to test and exploit vulnerabilities in smart contracts

Training Outline

• Definitions and Origins
• Types of Distributed Consensus
• Purposes and Uses Cases
• A brief introduction to Consensus mechanisms [Proof of Work/Mining/Proof of Stake]

• Introduction to Smart Contracts
• Smart Contract Use Cases and Platforms
• A brief history of smart contracts hacks

• Hashing Functions
• Wallets
• Mnemonic Keys

• Ethereum Architecture
• Ethereum block explorers
• Components of a Transaction
• API, Nodes, and Clients

• The Architecture and Concepts of Ethereum
• Tools for the Ethereum Blockchain

• Solidity language description
• The layout of State Variables in Storage
• Layout in Memory
• Contract ABI Specification
• Compiling a Contract
• Deploying a Contract
• Interacting with a Smart Contract

• Types of Vulnerabilities
• Transactions on Ethereum in depth
• Integer overflows and underflows
• Race conditions in ERC20
• Access controls
• Re-entrancy
• Transaction ordering dependence (TOD) and front running
• Library design flaws

• Introduction to static analysis using Slither/
• Introduction to dynamic analysis using Echidna
• Audits

• Exploiting Ethereum Smart Contracts (Ethernet)
• Case Study: The DAO Hack
• Understanding cross-bridges and their flaws
• Lessons from the Wormhole Exploit