Trainer Name: Chaitanya RK

Title: HackFi - hacking smart contracts

Duration: 3 Days

Dates: Sept. 6, 2022 To Sept. 8, 2022

Training Objectives

Blockchains are revolutionary technologies that allow for secure, distributed, decentralized information storage. Blockchains disrupt the finance industry via DeFi, governance via DAOs, and collectibles via NFTs. Over the past few years, the blockchain has taken the engineering landscape by storm. However, due to the relative newness of blockchain compared to traditional technologies, its use is still hindered by speculation, confusion, uncertainty, and risk.

Training level: Basic; Intermediate

Training Preview

In this course, we shall take a holistic look at security, from the theoretical foundations of the blockchain and smart contracts to finding and exploiting vulnerabilities in smart contracts.

First, this course will give you all the prerequisites to understand blockchain and smart contracts' architecture and major components. Then, we will create and set up a development and testing environment allowing us to efficiently build, deploy and debug smart contracts on the local test net. We will learn how to find vulnerabilities and exploit vulnerabilities in the local testing environment. We will also leverage security tooling, such as Slither and Mythril, to detect smart contract vulnerabilities automatically.

Some of the skills and techniques you will learn are:

  • How to interact with and get data from public blockchains
  • How to write smart contracts in Solidity
  • How to find vulnerabilities in smart contract
  • How to test and exploit vulnerabilities in smart contracts

Training Outline

Day 1
What Is Blockchain?
  • Definitions and Origins
  • Types of Distributed Consensus
  • Purposes and Uses Cases
  • A brief introduction to Consensus mechanisms [Proof of Work/Mining/Proof of Stake]
What Is a Smart Contract?
  • Introduction to Smart Contracts
  • Smart Contract Use Cases and Platforms
  • A brief history of smart contracts hacks
Keys, Wallets, and Cryptography
  • Hashing Functions
  • Wallets
  • Mnemonic Keys
Introduction to Ethereum
  • Ethereum Architecture
  • Ethereum block explorers
  • Components of a Transaction
  • API, Nodes, and Clients
Day 2
Smart Contract Security
The Smart Contract Lifecycle
  • The Architecture and Concepts of Ethereum
  • Tools for the Ethereum Blockchain
Introduction to Solidity
  • Solidity language description
  • The layout of State Variables in Storage
  • Layout in Memory
  • Contract ABI Specification
  • Compiling a Contract
  • Deploying a Contract
  • Interacting with a Smart Contract
Common security flaws with examples
  • Types of Vulnerabilities
  • Transactions on Ethereum in depth
  • Integer overflows and underflows
  • Race conditions in ERC20
  • Access controls
  • Re-entrancy
  • Transaction ordering dependence (TOD) and front running
  • Library design flaws
Day 3
Static and Dynamic testing
  • Introduction to static analysis using Slither/
  • Introduction to dynamic analysis using Echidna
  • Audits
Attacking and Exploiting Smart Contracts
  • Exploiting Ethereum Smart Contracts (Ethernet)
  • Case Study: The DAO Hack
  • Understanding cross-bridges and their flaws
  • Lessons from the Wormhole Exploit
Final Q & A

What to Bring?

  • A laptop that supports Docker
  • Please install Docker and make sure it runs Docker images

Training Prerequisites

  • Basic understanding of programming language
  • Solidity knowledge is a plus, but not required

Who Should Attend?

  • Blockchain and smart contract developers
  • Security engineers
  • Bug bounty hunters

What Attendees will get?

  • Training material
  • Access to trainer post-training

What to Expect?

  • Learn basics of blockchain and smart contracts
  • How to interact with and get data from public blockchains
  • How to write smart contracts in Solidity
  • How to find vulnerabilities in smart contract
  • How to test and exploit vulnerabilities in smart contracts

What not to Expect?

  • Guidance on crypto investment
  • Programming introduction

About the Trainer

Chaitanya (ant4g0nist), the co-founder of [WeFuzz](https://wefuzz.io), has over a decade of experience in Development and security. He focuses primarily on vulnerability research, fuzzing smart contracts, fuzzing Apple platforms (macOS/iOS), and blockchain security.

Chaitanya's interest lies in fuzzing, emulation, baseband, and exploit Development that resulted in numerous vulnerabilities leading to 0-click/1-click exploits (CVE-2015-3723, CVE-2016-1737, CVE-2016-1740, CVE-2017-7031). Chaitanya's work on blockchain development and security is backed by foundations and companies like Coinbase, Tezos, etc.

He has also contributed to developers and security communities by creating multiple open-source projects, some of them include: