Smashing Smart Contracts for Fun and Real Profit

This advanced Smart Contract Security Course aims to provide developers and auditors with the information and skills required to identify and mitigate vulnerabilities in web3 solutions: – Explore top common bugs in Defi, GameFi, Bridge,… smart contracts in EVM based blockchains. – Explain what/why/how question when carry out a security audit. – Common vulnerabilities in other popular smart contract languages (e.g Move contract in Aptos/Sui)

$3,299.00

Duration

3 days

Delivery Method

in-person

Level

professional

Seats Available

20

Duration

3 days

Delivery Method

in-person

Level

professional

ATTEND IN-PERSON: Onsite in Bangkok, Thailand

DATE: 26-28 August 2024

TIME: 09:00 to 17:00 ICT/GMT+7

Date Day Time Duration
26 Aug Monday 0900-17:00 ICT/GMT+7 8 Hours
27 Aug Tuesday 0900-17:00 ICT/GMT+7 8 Hours
28 Aug Wednesday 0900-17:00 ICT/GMT+7 8 Hours

The Web3 industry has suffered significant consequences from cyber-attacks, resulting in a staggering loss of $1.84 billion in 2023. Unfortunately, the situation in 2024 and beyond appears even more alarming. Despite the widespread awareness of common smart contract vulnerabilities, developers continue to repeat the same mistakes, while security auditors also often overlook them.

Leveraging years of extensive research and invaluable insights, the Verichains team has compiled experience into this comprehensive training course. Participants will learn how to systematically categorize and analyze vulnerabilities of the past smart contracts, gaining a thorough understanding of these concepts. By the end of the course, participants will have acquired the necessary skills to audit smart contract and develop their own exploits. This will also enable them to effectively address vulnerabilities in their own codebase and mitigate potential risks.

This course offers a comprehensive and practical learning experience based on industry insights and lessons from top Web3 security auditors. You’ll gain invaluable insights from experts who have discovered critical security vulnerabilities in key Web3 technologies like Smart contracts, MPC and ZKP, preventing potential losses amounting to billions of USD. Additionally, these experts have played key roles in incident response for major Web3 attack incidents, surpassing 1 billion USD in damages.

This practical hacking course incorporates CTF-style hands-on challenges, allowing learners to understand concepts through practical experiments.

 

Topics Covered / Agenda

 

Day 1:
Review basic concepts about blockchain and Ethereum smart contract.

Attacking Bridge contracts
– Access control vulnerabilities
– Signature issues
– ecrecover() issues
– Replay attack

 

Day 2:

Attacking Vault, Staking contracts
– Rounding issues
– Inflation in ERC4626
– Real flashloan attack via reentrancy
– DoS unexpected revert
– Incorrect handle of rewards
– Incorrect handle of locktime in tokenized vault

Attacking AMM Dex, Router contracts
– Incorrect handling of fee tokens
– Price manipulation attacks
– Arbitrary call (controlable target or calldata or both)
– Incorrect token approvals
– Phantom function vulnerability

 

Day 3:

Attacking GameFi: NFT ecosystem
– Reentrancy
– Signature attacks
– Front-running attacks
– Random number generation attacks

Attacking Governance contracts
– Security issue with selfdestruct
– Re-deploy contract with the same address
– Contract upgradeable issues

(Extra) Common vulnerabilities in Move contract (Aptos/Sui)

Why You Should Take This Course

This course offers a comprehensive and practical learning experience based on industry insights and lessons from top Web3 security auditors. You’ll gain invaluable insights from experts who have discovered critical security vulnerabilities in key Web3 technologies like Smart contracts, MPC and ZKP, preventing potential losses amounting to billions of USD. Additionally, these experts have played key roles in incident response for major Web3 attack incidents, surpassing 1 billion USD in damages.
By enrolling in this course, you’ll not only deepen your understanding of smart contract vulnerabilities but also acquire practical skills to write your own exploits. With a focus on real-world scenarios, the course covers the most commonly exploited security vulnerabilities in smart contracts. Whether you’re a developer or security enthusiast, this training equips you with the knowledge to proactively identify and mitigate risks in your Web3 projects, fostering a safer and more secure ecosystem.

Who Should Attend

Smart contract developers, Smart contract auditors, web3 security researchers

Key Learning Objectives

  • In-deep knowledge about web3 contract in different languages

  • Web3 security audit skills

  • Web3 secure coding skills

  • Foundry exploit/test scripting skills

  • Exploit transaction tracing skills
  • Prerequisite Knowledge

    • Entry-level Solidity knowledges
    • Entry-level Sui/Aptos move knowledges (optional)
    • Entry-level Sui/Aptos move knowledges (optional)

    Hardware / Software Requirements

    • Personal Laptop
    • Oracle VM VirtualBox

    Your Instructor

    Tin Tran (@ngoctinbk) is a security researcher with over 7 years of experience, specializing in the core technology of blockchain and the security of web3 smart contracts. He has conducted multiple audits for large-scale projects, including Binance, Wemix, Sky Mavis, and more.

    He has also presented at many web3 security events hosted by Chainlink, Web3 Space, Viction, and Binance.

    Thien Tran, also known as @th13vn, is an experienced Blockchain Security Researcher.
    His technical background involves analyzing real-world hacks and reproducing attacks. He has worked with various programming languages to develop security solutions for smart contracts, with a specific focus on securing Solidity and Sui Move. Additionally, he enjoys writing technical articles and sharing his skills with the community.

    Thanh Nguyen (@redragonvn) serves as the co-founder of Verichains, leading a world-class security and cryptography research team to deliver cutting-edge solutions for a safer, more secure Web3 ecosystem. Verichains is renowned for its expertise in investigating and mitigating major Web3 hacks, having identified critical flaws within the core of Multi-Party Computation (MPC) and Zero-Knowledge Proofs (ZKP) implementations by major vendors, impacting billions of dollars across the industry.

    Doctor Nguyen Anh Quynh is a regular speaker at numerous industrial cybersecurity conferences such as BlackHat USA/Europe/Asia/Middle East, DEFCON, Recon, HackInTheBox, Zeronights, H2HC, NULL, etc. He has also presented his research in academic venues such as Usenix, IEEE, ACM, LNCS. His contribution to the field lays the foundation for various innovative works in the cybersecurity industry and academia. As a passionate coder, Dr. Nguyen is the founder and maintainer of several open-source reversing projects: Capstone (http://capstone-engine.org), Unicorn (http://unicorn-engine.org) & Keystone (http://keystone-engine.org).