Introduction on Smart Contract and ERC Token Exploits for Bug Bounty

$1,000.00

Duration

1 days

Delivery Method

in-person

Level

beginner

Seats Available

20

Duration

1 days

Delivery Method

in-person

Level

beginner

ATTEND IN-PERSON: Onsite at Abu Dhabi

DATE: 27 Nov 2024

TIME: 09:00 to 17:00 GST/GMT+4


New module from the Hackable.sol smart contract hacking in Solidity training. Never thought before 

This one-day workshop aims to provide participants with an understanding of technical security exploits associated with ERC tokens and dApps, get familiar with bug bounty platforms for smart contracts security, and delve into the top exploited vulnerabilities.

 

What will the students get
  • Hands-on labs
  • Final CTF
  • Handbook with step by step instructions for the labs

 

Topics Covered

Blockchain and dApps security
– Web3 bug hunting impressive payouts
– Deep dive in the latest hacks (updated to 2023)

 

Introduction to Smart Contracts
– Overview of ERC Tokens in the Ethereum ecosystem
– Fungible Non-Fungible and mixed tokens: ERC20, ERC-721 and ERC 1155
– Token structure, key components and lifecycle
– OpenZeppelin contracts and interfaces

 

Our first smart contract:
– Develop and deploy a simple smart contract
– Identify possible vulnerabilities

 

Understanding the major security vulnerabilities
– Reentrancy attacks: the Check-Effect interaction (CEI)
– Authorization in ERC tokens
– DoS attacks

 

Build a smart contract security testing arsenal
– static analysis: slither and mythril
– mutation testing tools
– fuzz testing tools

 

Bug bounty platforms and CTF
– Introduction to the most common bug bounty platforms
– CTF and vulnerable smart contract to practice

Why You Should Take This Course

  • Practical Expertise: Get familiar wiht the world of web3 security and the current standards.
  • Develop,exploit and secure your first smart contract in a safe environment
  • Expand your bug bounty capabilities
  • Improve your bug hunters skills with web3 hacking techniques
  • Get access to huge payouts for smart contract vulnerabilities disclosure

Who Should Attend

  • Developers
  • Security professionals that wat to get familiar with WEB3 hacking
  • Smart contract developers

Key Learning Objectives

  • Get familiar with tools and techniques for smart contract security and exploitation

  • Conduct code review of smart contracts written in Solidity

  • Identify vulnerable smart contract patterns
  • Prerequisite Knowledge

    • Knowledge about object oriented programming (any language)
    • Basic knowledge about blockchain and smart contracts

    Hardware / Software Requirements

    • Laptop with at least 8 GB of RAM
    • Browser
    • GitHub account

    Your Instructor

    Davide Cioccia is the founder of DCODX, an ethical hacking, and security training firm focusing on DevSecOps and web3. Speaker and trainer at multiple international conferences like Black Hat, HITB, OWASP AppSec, DevSecCon and DEF CON. He is also a conftributor of the OWASP Mobile Testing Guide and chapter lead of DevSecCon Netherlands.