Hackable.sol: Smart contract hacking in Solidity

USD $2,299.00

Attend In-person

Duration

2 days

Delivery Method

in-person

Level

all levels

Seats Available

20 Duration

2 days

Delivery Method

in-person

Level

all levels

ATTEND IN-PERSON: Onsite at Abu Dhabi

DATE: 25-26 Nov 2024

TIME: 09:00 to 17:00 GST/GMT+4

Date	Day	Time	Duration
25 Nov	Monday	09:00 to 17:00 GST/GMT+4	8 Hours
26 Nov	Tuesday	09:00 to 17:00 GST/GMT+4	8 Hours

Renewed CTF with recent exploits and attacks

Smart Contracts are getting more and more interest from the security community, driven mostly by the big payout for smart contract security auditing and the continuous exploitation of vulnerabilities in smart contracts, web3 and DeFi applications. The financial implications of smart contract vulnerabilities are substantial. Smart contracts often handle large amounts of value, and successful exploitation can lead to significant financial losses for users and project developers. With the increased regulatory scrutiny on blockchain and cryptocurrency projects, security audits and compliance with industry standards become imperative.

Some of the scenarios we will go through:

– Any user can cash out the money from the smart contract
– Abuse business logic to pay with 0 ETH
– Reentrancy vulnerabilities
– Block Timestamp Manipulation Vulnerability
– Tx.origin: Authorization bypass.
– Hash collision and integrity attack
– Integer Overflow and Underflow
– BatchTransfer Overflow (CVE-2018–10299)
– Unprotected SELFDESTRUCT
– Take ownership of a vulnerable contract
– DelegateCall vulnerabilities
….more

What will the students get

– 15 hands-on labs
– Final CTF
– Handbook with step by step solutions of the labs
– List of resources used during the course

Topics Covered

Intro to Ethereum and smart contracts

Course introduction
Bitcoin vs Ethereum
ETH history: The Four stages of development
POW vs POS
Sharding and Beacon Chain
Docking

Smart Contracts part 1

Smart Contracts basics
Ethereum Smart Contracts and Solidity
EVM main functionalities
Accounts, Transactions and Gas in Ethereum
Storage, Memory and Stack in the EVM
Remix IDE: setup the environment
LAB: Functions visibility in Solidity
LAB: Our first smart contract

Smart Contracts part 2

Types, Enum and Events
Mappings
Inheritance
Modifiers
SCW registry: the Smart Contracts CWE
Reentrancy vulnerability: the DAO hack
LAB: Steal all my money (Reentrancy attack)
The Open Zeppelin ReentrancyGuard Smart Contract
Interfaces
LAB: Block Timestamp Manipulation Vulnerability

Authorization in Solidity

Authorization in Smart Contracts
The Open Zeppelin Authorization Contracts
LAB: Authorization done properly
LAB: Tx.origin: Authorization bypass

DoS attacks

SELFDESTRUCT
DoS With Block Gas Limit
DoS with Failed Call

More vulnerabilities

Integer Overflow and Underflow
LAB: Integer Overflow exploitation to drain smart contracts
LAB: BatchTransfer Overflow (CVE-2018–10299)
Libraries
Introduction to embedded and linked libraries
LAB: Delegatecall vs Call
LAB: Exploiting Proxy contracts and Delegate calls
LAB: Hash collision

Security auditing

Manual vs automated audit.
Introduction to Smart Contract reverse engineering
LAB: Tools: mythril
LAB: Tools: slither
How to build a comprehensive security auditing report

Introduction to Smart Contract reverse engineering

Exploring the bytecode
Storage and Memory allocation
The EVM OPCODEs and instructions
LAB: Identify DELEGATE calls

Hack them all

Final Smart Contract Hacking Challenge”

Why You Should Take This Course

Practical Expertise: Gain hands-on experience identifying and exploiting vulnerabilities in smart contracts. Create exploits using JavaScript and Web3 IDE.

Secure Development Skills: Learn industry best practices to create secure smart contracts and implement defense strategies.

Career Readiness: Acquire professional auditing skills, positioning yourself for in-demand roles in blockchain security and advancing your career in the growing industry.

Who Should Attend

Developers
Security professionals
Smart contract developers

Key Learning Objectives

Identify, exploit and create automated D16proof of concept of smart contract vulnerabilities exploitations

Implement secure smart contracts

Perform smart contract security audits

Prerequisite Knowledge

Knowledge about object oriented programming (any language)
Basic knowledge about blockchain and smart contracts

Hardware / Software Requirements

Laptop with at least 8 GB of RAM
Browser
GitHub account

Your Instructor

No data was found

Hackable.sol: Smart contract hacking in Solidity

Duration

2 days

Delivery Method

in-person

Level

all levels

Seats Available

20

Duration

2 days

Delivery Method

in-person

Level

all levels

ATTEND IN-PERSON: Onsite at Abu Dhabi

DATE: 25-26 Nov 2024

TIME: 09:00 to 17:00 GST/GMT+4

Renewed CTF with recent exploits and attacks

What will the students get

Topics Covered

Why You Should Take This Course

Practical Expertise: Gain hands-on experience identifying and exploiting vulnerabilities in smart contracts. Create exploits using JavaScript and Web3 IDE.

Secure Development Skills: Learn industry best practices to create secure smart contracts and implement defense strategies.

Career Readiness: Acquire professional auditing skills, positioning yourself for in-demand roles in blockchain security and advancing your career in the growing industry.

Who Should Attend

Developers

Security professionals

Smart contract developers

Key Learning Objectives

Prerequisite Knowledge

Knowledge about object oriented programming (any language)

Basic knowledge about blockchain and smart contracts

Hardware / Software Requirements

Laptop with at least 8 GB of RAM

Browser

GitHub account

Your Instructor

HACK IN THE BOX LIMITED

Masdar City, United Arab Emirates