Skip to main content
Davide Cioccia - Hackable.sol: Smart Contract Hacking in Solidity €3,500 $3,800
Davide Cioccia - Hackable.sol: Smart Contract Hacking in Solidity €3,500 $3,800

Davide Cioccia - Hackable.sol: Smart Contract Hacking in Solidity €3,500 $3,800



Introduction to Ethereum and smart contracts
- Ethereum history and basics
- Proof Of Work vs Proof Of Stake
- Bitcoin vs Ethereum
- Sharding, Beacon Chain and Docking

Smart Contracts introduction part 1
- Smart Contracts basics
- Ethereum Virtual Machine and Solidity
- Accounts, Transactions and Gas
- Storage, Memory and Stack
- Smart Contract bytecode analysis
- LAB: Our first vulnerable smart contract

Smart Contracts introduction part 2
- Types, Enum and Events
- Storage and mappings
- Inheritance
- Reentrancy vulnerability: the DAO hack
- LAB: Steal all my money (Reentrancy)
- Interfaces
- LAB: Block Timestamp: the manipulation vulnerability

Authorization in Smart Contracts
- Authorization in Solidity
- The Open Zeppelin Contracts
- Modifiers
- LAB: Authorization done properly
- LAB: Tx.origin: Authorization bypass

Smart Contract DoS attacks
- DoS with Failed Call
- DoS With Block Gas Limit

More vulnerabilities
- Integer Overflow and Underflow
- LAB: Transfer your funds, or mine
- LAB: BatchTransfer Overflow (CVE-2018–10299)

Attacking Solidity libraries
- Introduction to embedded and linked libraries
- LAB: DelegateCall vs Call: how can this impact the security of the smart contract
- LAB: Secure your library calls: attacking DelegaCall to steal funds

Security auditing
- Manual vs automated
- Security auditing tools: mythril, slither, semgrep

Introduction to Smart Contract reverse engineering
- Exploring the bytecode
- Storage and Memory allocation
- The EVM OPCODEs and instructions
- Identifying DELEGATECALLs

Solidity inline assembly
 - Introduction to Solidity inline assembly
 - Simple instructions
 - Stack, memory and storage variables

A deep dive in Reeentrancy attacks
- Classic reentrancy attack recap
- Cross function reentrancy
- Cross contract reentrancy
- Read-only reentrancy
- Detecting potential reentrancy and arbitrary exposure to external calls

Introduction to DeFi security and Web3
 - Tokens and DeFi hacks
 - NFTs and ERC-721 or ERC-1155
 - Exploiting a vulnerable NFT implementation

Creating exploits with Foundry
 - Introduction to Foundry
 - Our first PoC using Foundry
 - Fuzzing a smart contract

Creating Exploits with Ether.js
 - Introduction to Ether.js
 - Create exploits using Ether.js

Hack Them ALL
- Final Smart Contract Hacking CTF



DATE: November 11th-14th 2024
TIME: 8am to 5pm
VENUE: Holiday Inn Express, Canal De La Villette, Paris
TRAINER: Davide Cioccia

- 32 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included

-VAT included in the price.

Payment via wire is accepted.

Wire Instructions:

Bank Name:  Wells Fargo Bank
Bank Address:  420 Montgomery San Francisco, CA 94104
Account Name: Def Con Communications Inc
Routing number: 121000248
Account number: 2019560081

You'll receive confirmation within 1 business day.

Registration terms and conditions:

Trainings are refundable before September 15th, the processing fee is €230.

Trainings are non-refundable after October 1st, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.