Blockchain and Smart Contract Security
You will learn all topics relevant to securing, hacking, and using blockchain and smart contract technology. The course takes a detailed look at the technology that underpins multiple implementations of blockchain, the cryptography and transactions behind them, the various smart contract languages like Solidity and Rust, and the protocols built with them like NFTs, DeFi, and Web3
Course Key Learnings:
- Interact with and get data from public blockchains
- Exploit several types of smart contract vulnerabilities
- Test and exploit weak cryptography/entropy
- Discover and re-create private keys
- Understand what cryptojackers do and how to trace and track movements on blockchain
- Combat non-technical or social engineering types of attacks that adversaries use to access and steal from victims
Skills Gained:
- Compile and deploy smart contracts
- Exploit vulnerable smart contracts, nodes, and private keys
- Run automated security scans on smart contracts
- Use the latest blockchain tools for development, security, auditing, and exploiting
- Trace and discover blockchain transaction information
- Set up and protect a cryptocurrency wallet
- Crack partially exposed mnemonics keys
- Send transactions to blockchain
- Set up a local Ethereum blockchain for testing
- Join a cryptocurrency mining pool, or create your own mining node
- Run static analysis on EVM bytecode
- Interact with cryptocurrency on main and test networks
- Investigate, install, and prevent crypto-jacking malware
- Protect and defend against privacy attacks on blockchain
Course Content:
Module1: Blockchain and Smart Contract Fundamentals
Overview
The first course section begins by establishing the fundamentals of blockchain technology and how it is applied to real-world problems. We willl also look at smart contract technology and walk through examples of how it is applied today in various industries and market use cases. The most important technical aspects that make up blockchain architecture are discussed, along with examples and case studies.
Students will:
- Generate public and private key pairs used by blockchain
- Create different types of cryptocurrency wallets
- Deep-dive into the different consensus mechanisms like Proof of Work and Proof of Stake that make blockchain a decentralized system
- Learn how crypto currency mining works
- Investigate what happens during transactions
The section concludes with the common classifications of vulnerabilities and attacks. This lesson will feature scenarios and exercises to send and receive blockchain transactions, and students will see live transactions on the public chain through various block explorers. We will then spend time learning and using blockchain security tools that exploit private keys and users, and cover the common mistakes people make when using them.
Exercises
Lab 1.1: Use Metamask to Swap on a DeFi Exchange
Lab 1.2: Brute Force a Mnemonic Phrase to Access a Wallet
Lab 1.3: Recreate a Key to Investigate Multi-Chain Transactions
Lab 1.4: Join a Mining Pool and Create a Validator
Lab 1.5: Use Various Blockchain Clients to Discover Funds
Lab 1.6 Locate and Exploit an Exposed Private Key
Topics
Blockchain and Smart Contract Fundamentals
- Origin and Purpose
- Types of Blockchains
- Smart Contract Overview
- Common Use Cases
Blockchain Keys
- Wallets and Keys
- Mnemonic Keys (BIP-32/BIP-39)
- Attacks on Private Keys
- Case Study: Mnemonic Reconstruction
Blockchain Transactions
- Block Explorers
- BTC, EVM, Solana, Monero and other transactions
- Case Study: Poly Network Hack Transactions
Consensus Protocols
- Proof of Work
- Security Issues in Proof of Work
- Proof of Stake
- Security Issues in Proof of Stake
- Other Consensus Types
Blockchain Architecture
- BTC, EVM, Rust, Golang Clients, APIs, and SDKs
Blockchain Vulnerabilities and Attacks
- Network and Consensus Security Issues
- Smart Contract and Code Security Issues
- Wallet and Client Security Issues
- Centralization Security Issues
- User Security Issues
Module2: Smart Contract Hacking – Solidity
Overview
This course section focuses on the security aspects of the most widely used smart contract platform, Ethereum. Smart contracts differ in architecture from blockchains such as Bitcoin because of their multi-purpose implementations. Developers write smart contracts in languages such as Solidity, which often contain bugs and vulnerabilities. The vulnerabilities can be exploited on the public main-net and cause massive amounts of financial and reputational damage. We will introduce the Ethereum smart contract programming language, Solidity, and examine how to compile, deploy, and interact with smart contracts locally and remotely. We also discuss the common access control standards, and security libraries to use in Solidity. We explore how NFT (Non-Fungible Tokens) work, and the unique vulnerabilities that can be exploited.
After students are familiar with the development process from using tools like Truffle, Ganache, Brownie, and Hardhat to deep-dive into the common 7thereum vulnerabilities and walk through case studies of how they have been exploited in the past. Several tools and scanners, such as Slither, Mythril, and Remix, are provided for students to identify and validate these vulnerabilities. Methods of performing security audits, like formal verification and symbolic execution, are explained. Finally, after students learn how to identify a smart contract vulnerability, well attack and exploit a custom smart contract on a locally created Ethereum network deployed by the students.
Exercises
Lab 2.1: Identifying the Function Exploited on a Contract
Lab 2.2: Compiling and Deploying a Smart Contract
Lab 2.3: Exploiting a Vulnerable Smart Contract
Lab 2.4: Scanning a Contract for Vulnerabilities
Lab 2.5: Exploiting an NFT Contract to Mint a Coin
Topics
Solidity Basics
- Solidity Language Overview
- Storage, Memory, and CallData
- Function Selectors
- Interacting with EVM Smart Contracts
Compiling and Deploying Contracts
- The Solidity Compiler
- ABI, Bytecode, Gas, and Opcodes
- Networks and Frameworks for Auditing
- Deploying a Smart Contract
Smart Contract Security Issues
- Security Hacks on Ethereum
- Common Vulnerabilities and Attacks
- Case Study: The DAO Hack
- Case Study: The Party Multisig Hack
Auditing and Hacking Solidity Smart Contracts
- Static Analysis and Symbolic Execution
- Manual Testing and Formal Verification
- Security Testing and Auditing Tools
Contract Libraries and Standards
- ERC Standards
- Solidity Security Libraries
- Access Control and Contract Delegation Exploits
- Case Study: The Poly-Network Hack
NFT Vulnerabilities
- NFT Vulnerability Categories
- Case Study: Hacking an NFT Loot Bag
Module3:Smart Contract Hacking – Rust
Overview
Course section three focuses on the blockchains and contracts that are built with Rust. These blockchains are usually Proof-of-Stake systems, and have unique aspects due to the programming language used. We introduce the Rust programming language, which is a memory efficient high-level language, and we learn about the code specific vulnerabilities that can be found. We use tools to help find exploitable bugs, like cargo. Then we deep-dive into specific technologies built with rust in the blockchain ecosystem, like Solana, CosmWasm, and Substrate. New vulnerabilities, like taking over accounts, PDAs, SPL, and unique Rust-based hacks are all explained and demonstrated.
After the technical blockchain fundamentals are established and have become familiar to students, the course builds on that knowledge with a focus on security topics scoped to blockchain systems such as the Bitcoin network. Students learn the security principles that make blockchain different from traditional technology systems, and then begin to discover some of the weaknesses in a blockchain system and how they are attacked.
Exercises
Lab 3.1: Web Application Hacking with Rust
Lab 3.2: Substrate Exploit – SANS Kitties
Lab 3.3: Exploiting Solana Account Type Confusion
Lab 3.4: Setup and Interact with a Local CosmWasm Blockchain
Lab 3.5: Compile and Deploy a CosmWasm Smart Contract
Lab 3.6: Exploit a Vulnerable CosmWasm Smart Contract
Topics
Rust Overview
- What is Rust
- Rust Security
- Rust Developer Tools
Substrate
- Substrate Architecture
- Substrate Vulnerabilities
CosmWasm
- What is CosmWasm?
- CosmWasm Architecture
- CosmWasm Tools and Chains
- CosmWasm Vulnerabilities
Solana
- Solana Architecture
- Proof of history
- PDAs and SPLs
- Solana Security Issues
- Solana Programs
Module4: Exploiting DeFi Protocols
Overview
Throughout course section four you learn about the innovative and unique way smart contracts democratize financial services. DeFi is a complex environment of interworking components. We go through the most relevant DeFi protocols that make up those components, the terminology, and how they operate. Protocols discussed are DEXs, Automated Market Makers, lending and borrowing platforms, stablecoins, derivatives, yield farms, oracles, and prediction markets. Each of these DeFi protocols have unique attack types that combine both economic-based and code-based exploitation. Attacks through flash loans, oracle manipulation, and governance proposals are all discussed, with examples. This section is more about the business logic rather than the tools or platforms, and we use several labs that exploit DeFi protocols across several different blockchains.
Exercises
Lab 4.1: Exploit a Vulnerable AMM
Lab 4.2: Perform a Flash Loan Attack
Lab 4.3: Deploy and Interact with a Chainlink Oracle
Lab 4.4: Perform a Governance Attack on EVM
Lab 4.5: Exploit a Yield Farm on Solana
Topics
The Concepts, Benefits and Risks in DeFi
- DeFi vs. CeFi
- Protocols Overview
- Environmental Risks and DeFi Attacks
- Security Incident Timeline
Decentralized Exchanges (DEX)
- Key Terminology
- Automated Market Makers (AMMs)
- Aggregators
- DEX Issues and Exploits
- Case Study: DEX Liquidity Pool Hack
Lending and Borrowing
Key Terminology
- AAVE and Compound Protocols
- Issues and Risks
- Flash Loans
- Case Study: Flash Loan Attack
Stable Coins, Derivatives, and Synthetic Assets
- Types of Stable Coins and Derivatives
- Security Risks
- Case Study: Terra UST and Luna Collapse
Governance and Oracles
- Oracle Purpose and Designs
- Oracle Attacks
- Governance Overview and Key Terms
- Governance Attacks
- Case Study: Beanstalk Farms Malicious Governance
Emerging DeFi Protocols and Risks
- DEX Aggregators
- Prediction Markets
- Decentralized Insurance
- Yield Farms and Yield Aggregators
Module5: Cross-Chain, Defense, and Compliance
Overview
We start this course section by looking at common vulnerabilities of cross-chain and bridges. These are critical infrastructure components that are constantly attacked, and they have high value and impact. We discuss the adversaries on blockchain, the patterns they use to attack and steal funds, and defining a framework for these patterns to help us defend against it.
We then look at some of the tools used for monitoring and protecting smart contracts. You analyze how privacy, anonymity, and personal identity can be compromised if a blockchain user is not authenticated and how to protect again these issues. Finally, we take a look at how the blockchain is used maliciously and the current compliance and regulatory landscape of blockchainand some tools used.
We also take a deep dive on how privacy can be compromised and used by adversaries or government agencies to monitor and identify user activity. Dark net markets have been one of the most notorious uses of cryptocurrencies, and this course section also provides information on how these markets differ from the normal Internet and why they are used for illegal purposes. We also examine privacy crypto like Monero, as well as the regulations enforced by agencies to prevent criminal activity.
Exercises
Lab 5.1: Crash a Cross-Chain Bridge
Lab 5.2: Detect a Front-Running Attack
Lab 5.3: Verify a Smart Contract with Tenderly
Lab 5.4: Monitor a Wallet for Malicious Activity Using Forta
Lab 5.5 Install a Crypto-Miner Malware Agent
Lab 5.6: Use OSINT to Discover Hidden Bitcoin Funds
Topics
Cross-chain
- What is Cross-chain?
- Bridges
- Cross-chain and Bridge Vulnerabilities
- Case Study: ThorChain Vulnerabilities in the BiFrost
- Chain-bridge
Blockchain Threats and Adversary Tactics
- Blockchain Threat Actors
- Case Study: Rug Pull Anatomy
- ATT&CK Matrix for DeFi
- Tornado Cash and Money Laundering
Blue Team for Blockchain
- Incident Response Process Overview and Key Terms
- Tools for Defending DeFi
Attacks on Privacy
- Blockchain-Based Attacks
- Non-Blockchain-Based Attacks
- Defenses for Privacy
Malicious Uses of Blockchain
- Ransomware and Crypto-Lockers
- Case Study: WannaCry Ransomware
- ICO Scams, and Ponzi Schemes
- Case Study: PlusToken
- Crypto-jacking
- Case Study: CoinHive
Regulatory Compliance and Investigation
- The Current Regulatory Environment
- TOR, Monero, and Dark Net Markets
- Case Study: Operation Disruptor
- OSINT and Blockchain Forensics
- Monero
International Student Fee: 1,250 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
Stay connected even when you’re apart
👬🏻Join our WhatsApp Channel – Get discount offers
🧮 500+ Free Certification Exam Practice Question and Answers
Internships, Freelance and Full-Time Work opportunities
👫🏻 Join Internships and Referral Program (click for details)
👫🏻 Work as Freelancer or Full-Time Employee (click for details)
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Courses
Social Engineering for Security Professionals
Combating Supply Chain Attacks with Product Security Testing
Build Blockchain Training – Basic to Advance
Introduction to Bitcoin, Blockchain and Crypto Currencies Diploma Course