$3,299.00
Date | Day | Time | Duration |
26 Aug | Monday | 0900-17:00 ICT/GMT+7 | 8 Hours |
27 Aug | Tuesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
28 Aug | Wednesday | 0900-17:00 ICT/GMT+7 | 8 Hours |
Leveraging years of extensive research and invaluable insights, the Verichains team has compiled experience into this comprehensive training course. Participants will learn how to systematically categorize and analyze vulnerabilities of the past smart contracts, gaining a thorough understanding of these concepts. By the end of the course, participants will have acquired the necessary skills to audit smart contract and develop their own exploits. This will also enable them to effectively address vulnerabilities in their own codebase and mitigate potential risks.
This course offers a comprehensive and practical learning experience based on industry insights and lessons from top Web3 security auditors. You’ll gain invaluable insights from experts who have discovered critical security vulnerabilities in key Web3 technologies like Smart contracts, MPC and ZKP, preventing potential losses amounting to billions of USD. Additionally, these experts have played key roles in incident response for major Web3 attack incidents, surpassing 1 billion USD in damages.
This practical hacking course incorporates CTF-style hands-on challenges, allowing learners to understand concepts through practical experiments.
Attacking Bridge contracts
– Access control vulnerabilities
– Signature issues
– ecrecover() issues
– Replay attack
Attacking Vault, Staking contracts
– Rounding issues
– Inflation in ERC4626
– Real flashloan attack via reentrancy
– DoS unexpected revert
– Incorrect handle of rewards
– Incorrect handle of locktime in tokenized vault
Attacking AMM Dex, Router contracts
– Incorrect handling of fee tokens
– Price manipulation attacks
– Arbitrary call (controlable target or calldata or both)
– Incorrect token approvals
– Phantom function vulnerability
Attacking GameFi: NFT ecosystem
– Reentrancy
– Signature attacks
– Front-running attacks
– Random number generation attacks
Attacking Governance contracts
– Security issue with selfdestruct
– Re-deploy contract with the same address
– Contract upgradeable issues
(Extra) Common vulnerabilities in Move contract (Aptos/Sui)
Tin Tran (@ngoctinbk) is a security researcher with over 7 years of experience, specializing in the core technology of blockchain and the security of web3 smart contracts. He has conducted multiple audits for large-scale projects, including Binance, Wemix, Sky Mavis, and more.
He has also presented at many web3 security events hosted by Chainlink, Web3 Space, Viction, and Binance.
Thien Tran, also known as @th13vn, is an experienced Blockchain Security Researcher.
His technical background involves analyzing real-world hacks and reproducing attacks. He has worked with various programming languages to develop security solutions for smart contracts, with a specific focus on securing Solidity and Sui Move. Additionally, he enjoys writing technical articles and sharing his skills with the community.
Thanh Nguyen (@redragonvn) serves as the co-founder of Verichains, leading a world-class security and cryptography research team to deliver cutting-edge solutions for a safer, more secure Web3 ecosystem. Verichains is renowned for its expertise in investigating and mitigating major Web3 hacks, having identified critical flaws within the core of Multi-Party Computation (MPC) and Zero-Knowledge Proofs (ZKP) implementations by major vendors, impacting billions of dollars across the industry.
Doctor Nguyen Anh Quynh is a regular speaker at numerous industrial cybersecurity conferences such as BlackHat USA/Europe/Asia/Middle East, DEFCON, Recon, HackInTheBox, Zeronights, H2HC, NULL, etc. He has also presented his research in academic venues such as Usenix, IEEE, ACM, LNCS. His contribution to the field lays the foundation for various innovative works in the cybersecurity industry and academia. As a passionate coder, Dr. Nguyen is the founder and maintainer of several open-source reversing projects: Capstone (http://capstone-engine.org), Unicorn (http://unicorn-engine.org) & Keystone (http://keystone-engine.org).