EatTheBlocks – Smart Contract Security 101 (2022)

Security Course 101
The objective of this course is to understand how to develop a smart contract in the safest way possible. For this, we need to keep in mind not only what we want to create in the contract, but how to generate security-focused code.
EatTheBlocks – Smart Contract Security 101 (2022)
To achieve this purpose, since the contracts in a large percentage represent real money, we need to be updated as developers on the most known vulnerabilities and know how old hacks worked so as not to repeat those same errors.
This course not only focuses on the most known vulnerabilities currently but is also good practices, explanation of patterns and problems of these, for example, conflicts when using upgradeable contracts or how to obtain random numbers within a deterministic blockchain.
All this knowledge will be useful not only to develop smart contracts but also to audit them. Therefore, it is a core knowledge of smart contracts.
What will you learn in this course?
In this course you will learn:

Understanding security in a Blockchain Application.
How does an attack on a Smart Contract work?
Known attacks and how to fix them (Reentrancy, Overflow, Replay Attack, DoS, weak randomness, and much more).
Best practices and security patterns.
Understand how three famous hacks happened.
How to test your contract
How to know the coverage of your test?

We will use:

Hardhat
Solidity
OpenZeppelin
Javascript
Ethers.js
Chainlink library
Chai.js
Coverage

Pre-requisites:

Web Development (Javascript, NodeJS)
Blockchain Development (Ethereum, Solidity, Hardhat)

Your Instructor

Julián Zamt & Santiago Moreno

https://www.linkedin.com/in/santiago-julian-moreno
CoinFabrik

Course Curriculum

1. Welcome

1.1. Introduction (3:24)
1.2. Understanding Security Importance (4:28)
1.3. Prerequisites
1.4. Resources
1.5. Q&A

2. Access Control

2.1. AgreedPrice (1:34)
2.2. AgreedPrice Tests (4:44)
2.3. Require Statement Solution (4:06)
2.4. Custom Modifier Solution (5:28)
2.5. Community Vetted Code (2:35)
2.6. Ownable Solution (3:09)
2.7. Q&A

3. Unencrypted Data

3.1. Unencrypted Data Introduction (0:51)
3.2. Vault Contract (2:35)
3.3. Storage Layout (2:07)
3.4. Peeking in the storage (4:12)
3.5. Conclusions (0:52)
3.6. Q&A

4. Overflow

4.1. Overflow Introduction (3:50)
4.2. SimpleToken (Victim) (2:07)
4.3. Exploit (5:35)
4.4. Overflow Soltuions (5:07)
4.5. Conclusions (1:33)
4.6. Q&A

5. Contracts Interactions

5.1. Contracts Interactions Introduction (1:46)
5.2. Call(), send(), transfer() (2:33)
5.3. SavingsAccount & Investor contracts (2:11)
5.4. Interactions Tests (6:40)
5.5. Q&A

6. Reentrancy

6.1. Introdiction (2:06)
6.2. SavingAccounts V2 & InvestorV2 (2:18)
6.3. Reentrancy Attack (5:39)
6.4. Reentrancy Solutions (4:40)
6.5. Q&A

7. Tx.origin

7.1. Introduction (2:20)
7.2. SmallWallet & Attacker (2:19)
7.3. Exploit (3:31)
7.4. Solution (1:28)
7.5. Q&A

8. Denial Of Service

8.1. Introduction (1:38)
8.2. Auction Contract (2:38)
8.3. Attack (5:34)
8.4. Solution – Auction V2 (6:06)
8.5. Q&A

9. Upgradeability

9.1. Introduction (1:58)
9.2. How Delegatecall Works (3:49)
9.3. Storage Collisions (7:58)
9.4. Custom Solution And Related Vulnerabilities (4:53)
9.5. Q&A

10. Weak Randomness

10.1. Introduction (1:44)
10.2. Lottery Contract (2:53)
10.3. The Path Of A Transaction (2:17)
10.4. Miner Attack (5:16)
10.5. Replicated Logic Attack (3:11)
10.6. Chainlink VRF (5:50)
10.7. Q&A

11. Replay Attacks

11.1. Introduction (1:48)
11.2. Signing a message off-chain with a wallet (1:33)
11.3. MultiSigWallet Contract (2:12)
11.4. Replay Attack on MultiSig (3:06)
11.5. Replay Attack Fix (2:52)
11.6. Q&A

12. Real Life Hacks

12.1. Introduction (0:50)
12.2. The DAO (5:22)
12.3. The King Of Ether (2:41)
12.4. Parity Multi Sig Wallet (5:49)

13. Conclusion

13.1. Conclusion (1:27)