Security Course 201
This is the second course in our Smart Contract Security curriculum. You can check out the first course at https://pro.eattheblocks.com/p/smart-contract-security-101 which covered different vulnerabilities such as overflow and underflow, reentrancy and denial of service attacks while this second course is designed to go one step further by focusing on the aftermath of smart contract development, most specifically with regards to audits.
One of the most pressing problems for smart contract deployment is security and as such it is paramount we understand how to develop a smart contract in the safest way possible. But going one step further, this is not enough. We need to be able to audit our own smart contract code using various automated tools and also manual revisions.
Since the large percentage of the contracts represent real money, we, as developers need to be on top of everything and should always be up-to-date on the most known vulnerabilities and know how old hacks worked so as not to repeat those same errors within our own smart contracts.
There are both pros and cons to using the automated analysis tools and/or auditing the code manually for any vulnerabilities. It is good practice to also optimize for gas so users don't end up paying too much when interacting with our smart contracts.
Lastly, the course goes through the various stages of a professional audit and what it entails and by the end of it will make you an expert on how to apply the same knowledge in evaluating your own smart contract code.
In this course, you will learn:
- Introduction to Audits
- Understanding security in a Blockchain Application
- How does an attack on a Smart Contract work?
- Best practices and security patterns
- Manual Audits and using tests to audit the code
- Automated Analysis Tools vs Manual revisions
- Gas Optimization and tools to measure gas costs
- Review of Public Audits
- Stages of a Professional Audit
We will use:
- Solidity Basics:
- Solidity Types
- Function Declarations
- How Inheritance works
- Blockchain Basics:
- Gas fees, Gas limits
- EOA vs Contracts
- Transactions vs Calls
- Hardhat Basics:
- How to deploy and interact with a smart contract
- Basic Testing
- Hardhat Configuration
- Smart Contract Security 101 Course:
Hi my name is Arturo and I work as a Blockchain Dev / Auditor at Coinfabrik.
I use my background in financial risk management, math, physics and computer science to help our clients and partners build stable and state of the art web3 solutions.
Start3.1. Summary of an audit (7:59)
Start3.2. Exercise - Manual Audit of Staking contract (0:19)
Start3.3. Solution - Manual Audit of Staking contract (3:23)
Start3.4. Classification of vulnerabilities (3:18)
Start3.5. Exercise - Using tests to audit code (0:22)
Start3.6. Solution - Using tests to audit code (9:28)