Facebook-f Twitter Youtube Linkedin
Cart

Hackable.sol: Smart contract hacking in Solidity

$2,299.00

REGISTER
Attend In-person

Duration

2 days

Delivery Method

in-person

Level

all levels

Seats Available

20

Duration

2 days

Delivery Method

in-person

Level

all levels

ATTEND IN-PERSON: Onsite at Abu Dhabi

DATE: 25-26 Nov 2024

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
25 Nov Monday 09:00 to 17:00 GST/GMT+4 8 Hours
26 Nov Tuesday 09:00 to 17:00 GST/GMT+4 8 Hours
Renewed CTF with recent exploits and attacks
Smart Contracts are getting more and more interest from the security community, driven mostly by the big payout for smart contract security auditing and the continuous exploitation of vulnerabilities in smart contracts, web3 and DeFi applications. The financial implications of smart contract vulnerabilities are substantial. Smart contracts often handle large amounts of value, and successful exploitation can lead to significant financial losses for users and project developers. With the increased regulatory scrutiny on blockchain and cryptocurrency projects, security audits and compliance with industry standards become imperative.

 

Some of the scenarios we will go through:

– Any user can cash out the money from the smart contract
– Abuse business logic to pay with 0 ETH
– Reentrancy vulnerabilities
– Block Timestamp Manipulation Vulnerability
– Tx.origin: Authorization bypass.
– Hash collision and integrity attack
– Integer Overflow and Underflow
– BatchTransfer Overflow (CVE-2018–10299)
– Unprotected SELFDESTRUCT
– Take ownership of a vulnerable contract
– DelegateCall vulnerabilities
….more

 

What will the students get

– 15 hands-on labs
– Final CTF
– Handbook with step by step solutions of the labs
– List of resources used during the course

 

Topics Covered

Intro to Ethereum and smart contracts

  • Course introduction
  • Bitcoin vs Ethereum
  • ETH history: The Four stages of development
  • POW vs POS
  • Sharding and Beacon Chain
  • Docking

 

Smart Contracts part 1

  • Smart Contracts basics
  • Ethereum Smart Contracts and Solidity
  • EVM main functionalities
  • Accounts, Transactions and Gas in Ethereum
  • Storage, Memory and Stack in the EVM
  • Remix IDE: setup the environment
  • LAB: Functions visibility in Solidity
  • LAB: Our first smart contract

 

Smart Contracts part 2

  • Types, Enum and Events
  • Mappings
  • Inheritance
  • Modifiers
  • SCW registry: the Smart Contracts CWE
  • Reentrancy vulnerability: the DAO hack
  • LAB: Steal all my money (Reentrancy attack)
  • The Open Zeppelin ReentrancyGuard Smart Contract
  • Interfaces
  • LAB: Block Timestamp Manipulation Vulnerability

 

Authorization in Solidity

  • Authorization in Smart Contracts
  • The Open Zeppelin Authorization Contracts
  • LAB: Authorization done properly
  • LAB: Tx.origin: Authorization bypass

 

DoS attacks

  • SELFDESTRUCT
  • DoS With Block Gas Limit
  • DoS with Failed Call

 

More vulnerabilities

  • Integer Overflow and Underflow
  • LAB: Integer Overflow exploitation to drain smart contracts
  • LAB: BatchTransfer Overflow (CVE-2018–10299)
  • Libraries
  • Introduction to embedded and linked libraries
  • LAB: Delegatecall vs Call
  • LAB: Exploiting Proxy contracts and Delegate calls
  • LAB: Hash collision

 

Security auditing

  • Manual vs automated audit.
  • Introduction to Smart Contract reverse engineering
  • LAB: Tools: mythril
  • LAB: Tools: slither
  • How to build a comprehensive security auditing report

 

Introduction to Smart Contract reverse engineering

  • Exploring the bytecode
  • Storage and Memory allocation
  • The EVM OPCODEs and instructions
  • LAB: Identify DELEGATE calls

 

Hack them all

  • Final Smart Contract Hacking Challenge”

Why You Should Take This Course

Practical Expertise: Gain hands-on experience identifying and exploiting vulnerabilities in smart contracts. Create exploits using JavaScript and Web3 IDE.
Secure Development Skills: Learn industry best practices to create secure smart contracts and implement defense strategies.
Career Readiness: Acquire professional auditing skills, positioning yourself for in-demand roles in blockchain security and advancing your career in the growing industry.

Who Should Attend

  • Developers
  • Security professionals
  • Smart contract developers

Key Learning Objectives

  • Identify, exploit and create automated D16proof of concept of smart contract vulnerabilities exploitations

  • Implement secure smart contracts

  • Perform smart contract security audits

    • Prerequisite Knowledge

    • Knowledge about object oriented programming (any language)
    • Basic knowledge about blockchain and smart contracts

    Hardware / Software Requirements

    • Laptop with at least 8 GB of RAM
    • Browser
    • GitHub account

    Your Instructor

    No data was found

    HACK IN THE BOX LIMITED

    Masdar City, United Arab Emirates