Hack In The Block - Back To Basics

OVERVIEW Blockchains are disrupting finance (DeFi), collectibles (NFTs) and even governance (DAOs). This is all possible with smart contracts, where code is law and execution is final. However, immutability is a double-edged sword: a hack is just as permanent as any other event. Because of this, smart contracts must be treated with the same security mindset as any mission-critical system: a single vulnerability can cost hundreds of millions of dollars, if not more. In this course, we introduce the origins of smart contracts and how blockchains enabled decentralized trustless applications. We discuss blockchain fundamentals, such as basics of consensus protocols (Proof-of-Work, Proof-of-Stake, Tendermint), and how public, decentralized transaction systems add a new dimension to application security. We will then dive into smart contracts on Ethereum using Solidity, the most popular smart contract programming language. We will examine the fundamentals of the Ethereum Virtual Machine (EVM) to understand smart contract storage and execution flow. We will then get familiar with tooling, primarily web3 and Truffle, to deploy and test smart contracts on local networks, testnets, and mainnet. Once we are familiar with the basics, we will understand common vulnerabilities through simulating prominent smart contract hacks with hands-on exercises. We will begin by discussing simpler attacks, such as integer overflow and reentrancy, and build up to complex business-logic vulnerabilities, such as oracle manipulation, flash loans, and other economic attacks that can drain hundreds of millions in value from vulnerable protocols. We will leverage Solidity security tooling, such as Slither and Mythril, to automatically detect and remediate smart contract vulnerabilities. Armed with advanced smart contract security knowledge, we will then dive into the Dapp ecosystem, examining various DeFi protocols, such as Uniswap and Aave, and understanding how we can integrate them into attacks. We will also examine how NFTs are susceptible to various attacks and manipulations, as well as how NFTs can be used for attacks. Finally, we'll talk about the future of blockchain security: how to both optimize your attacks and defend your smart contracts. We'll survey the landscape of opportunities in blockchain security, from bug bounties to careers. By the end of the course, you'll have a thorough and robust understanding of smart contract security, from the node to the application level, and be able to build and attack any smart contract with confidence.