Skip to main content
Davide Cioccia - Hackable.sol: Smart Contract Hacking in Solidity $1,750 (Early $1,550)
Davide Cioccia - Hackable.sol: Smart Contract Hacking in Solidity $1,750 (Early $1,550)

Davide Cioccia - Hackable.sol: Smart Contract Hacking in Solidity $1,750 (Early $1,550)

$1,550.00

Name of Training:

Hackable.sol: Smart Contract Hacking in Solidity

Description:

Identify vulnerabilities in Smart Contracts written in Solidity

Training description:

A 2-day full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 12 labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.

Some of the scenarios we will go through:

The list below contains some of the vulnerabilities that we will identify and fix in the labs:

  • Any user can cash out the money from the smart contract
  • Users can buy the subscription also with any wei amount
  • Any user can check the amount of money stored in the contract address
  • Reentrancy vulnerability
  • Block Timestamp Manipulation Vulnerability
  • Tx.origin: Authorization bypass
  • Integer Overflow and Underflow
  • BatchTransfer Overflow (CVE-2018–10299)
  • Unprotected SELFDESTRUCT
  • DelegateCall vulnerabilities
  • ....more

Trainer(s) bio:

Davide Cioccia is the founder of dcodx, a cybersecurity firm focusing on bridging the gap between development and security, working together with development teams to create and promote the DevSecOps security culture.

He is one of the first contributors to the OWASP Mobile Security Testing Guide and member of the SANS advisory board and Chapter Lead of DevSecCon Netherlands. He is also a speaker at international security conferences like BlackHat, OWASP AppSec, DevSecCon, Hacktivity and regional OWASP security events, where he presented different approaches and tools to automate mobile security testing in CI/CD, detect and prevent phishing attacks and automate infrastructure security in the release cycles.

On the personal side he loves to play racket sports, from tennis to padel, from ping pong to beach tennis. So hit him up for a match if you are in the Netherlands.

https://www.devseccon.com/chapters/dsc-netherlands/
https://appsecus2018.sched.com/event/F02G/mobile-bdd-security-tests-on-steroids-a-new-framework-to-automate-mstg-and-masvs-in-your-cicd-pipeline
https://www.blackhat.com/eu-18/arsenal/schedule/presenters.html#davide-cioccia-36753

Trainer(s) social media links:

https://www.linkedin.com/in/davidecioccia/
https://twitter.com/davide107

Outline:

Intro to Ethereum and smart contracts 
Course introduction
Bitcoin vs Ethereum  
ETH history: The Four stages of development  
POW vs POS  
Sharding and Beacon Chain  
Docking 
Smart Contracts part 1
Smart Contracts basics
Ethereum Smart Contracts and Solidity
EVM 

Accounts, Transactions and Gas 
Storage, Memory and Stack  
VSCode and Remix IDE
LAB: Functions visibility in Solidity
LAB: Our first smart contract 
Smart Contracts part 2 
Types, Enum and Events 
Mappings 
Inheritance
Modifiers
SCW registry: the Smart Contracts CWE 
Reentrancy vulnerability: the DAO hack 
LAB: Steal all my money (Reentrancy attack)
The Open Zeppelin ReentrancyGuard Smart Contract 
Interfaces 
LAB: Block Timestamp Manipulation Vulnerability 
Authorization 
Authorization in Smart Contracts 
The Open Zeppelin Authorization Contracts
LAB: Authorization done properly 
LAB: Tx.origin: Authorization bypass 
DoS 
SELFDESTRUCT 
DoS With Block Gas Limit 
DoS with Failed Call 
More vulnerabilities 
Integer Overflow and Underflow 
LAB: Integer Overflow exploitation to drain smart contracts 
LAB: BatchTransfer Overflow (CVE-2018–10299) 
Libraries 
Introduction to embedded and linked libraries 
LAB: Delegatecall vs Call 
LAB: Exploiting Proxy contracts and Delegate calls 
Security auditing 
Manual vs automated audit.
Introduction to Smart Contract reverse engineering
LAB: Tools: mythril 
LAB: Tools: slither 

How to build a comprehensive security auditing report 
Hack them all  
Final Smart Contract Hacking Challenge 


Technical difficulty:

The course is for beginners/intermediate that have some knowledge about smart contracts

Knowledge of the topics below is only recommended but not mandatory for this course.
Blockchain
Smart contracts and Remix IDE
Basic understanding of decentralized applications and their applicability

Suggested Prerequisites:

The course starts from the basics of the blockchain and smart contracts.
Useful resources:

  - https://docs.soliditylang.org/en/v0.8.13/
  - https://ethereum.org/

What students should bring:

- Laptop with at least:
     8 GB RAM
- Chrome Browser

DATE: November 2nd - 3rd 2024
TIME: 8am to 5pm PDT
VENUE: The Meydenbauer Center
TRAINER: Davide Cioccia

- 16 hours of training with a certificate of completion.

- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.