Ethereum Smart Contract Security



Instructors: Chris Masden
Dates:  June 5 to 8  2023
Capacity: 20






Smart contracts are still a relatively new target surface area for vulnerability research with new bug classes and exploitation techniques. Smart contracts lack traditional protection mechanisms to hinder exploitation such as CFG, DEP, PXN, or different hypervisor protections/mitigations. With the growing popularity of DeFi and other dApps, smart contract security is one of the largest problems in the Ethereum space.



DESCRIPTION



This course will do a deep dive into different bug classes and how to exploit and protect against them. Exploitation of blockchain fundamentals such as Maximum Extractable Value (MEV) or other types of bot activity will also be examined


This is a hands-on course where students will fork the Ethereum blockchain and replicate historical hacks. This class will touch on classic vulnerabilities such as integer under/overflow but will mainly focus on newer concepts such as:


- Understanding what MEV is and how to participate


- How to perform arbitrage with flash loans


- How to exploit data structures in the EVM


- Exploring calldata vulnerabilities such as method ID collisions


- Exploiting incorrect usage of transaction variables


- Exploiting upgradeability methods for smart contracts


- Exploiting on-chain voting/governance mechanisms 



LEARNING OBJECTIVES


- Exploit Reentrancy Bugs


- Exploit proxy contracts that don’t follow best practices


- Exploit a contract that doesn’t use tx.origin correctly


- Write a front running transaction bot


- Understand the vulnerabilities associated with a centralized price oracle


- Understand and recreate flash loan attacks


- Fuzz smart contracts and triage results


- Understand how stack based VM’s work (EVM)


- Identify potential bug classes of a stack based VM (EVM)


- Understand what types of bugs that static analyzers are good at identifying as well as the types of bugs that it cannot identify


- Write custom static analysis scripts


- Be able to pursue bug bounties



Who should attend?


- Solidity/Web3 developers


- Security Researchers


- Smart Contract Auditors



Prerequisites


Beginner level javascript knowledge.


Bio


Chris Masden is currently a smart contract auditor. He was previously employed as a security researcher at ManTech and Oceans Edge. He transitioned from a traditional VR role that focused on ARM/ARM64 platforms to the exciting world of blockchain research. He brings traditional vulnerability research knowledge and expertise to this new emerging technology.


 



To Register

Click here to register.