{"id":14979,"date":"2024-02-22T02:58:10","date_gmt":"2024-02-22T02:58:10","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/"},"modified":"2024-02-29T03:25:28","modified_gmt":"2024-02-29T03:25:28","slug":"hackable-sol-smart-contract-hacking-in-solidity-auh2024","status":"publish","type":"product","link":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/","title":{"rendered":"Hackable.sol: Smart contract hacking in Solidity"},"content":{"rendered":"<h4><strong><span style=\"color: #993300\">ATTEND IN-PERSON<\/span>: <\/strong><strong>Onsite at Abu Dhabi<\/strong><\/h4>\n<div class=\"page\" title=\"Page 1\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<div class=\"page\" title=\"Page 1\">\n<div class=\"layoutArea\">\n<div class=\"column\">\n<h4><strong>DATE: 25-26 Nov 2024<\/strong><\/h4>\n<h4><strong>TIME: 09:00 to 17:00 GST\/GMT+4<\/strong><\/h4>\n<table style=\"height: 146px\" width=\"599\">\n<tbody>\n<tr>\n<td><strong>Date<\/strong><\/td>\n<td><strong>Day<\/strong><\/td>\n<td style=\"text-align: left\"><strong>Time<\/strong><\/td>\n<td><strong>Duration<\/strong><\/td>\n<\/tr>\n<tr>\n<td>25 Nov<\/td>\n<td>Monday<\/td>\n<td>09:00 to 17:00 GST\/GMT+4<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<tr>\n<td>26 Nov<\/td>\n<td>Tuesday<\/td>\n<td>09:00 to 17:00 GST\/GMT+4<\/td>\n<td>8 Hours<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h5><\/h5>\n<hr \/>\n<h5 style=\"text-align: center\"><strong><em><span style=\"color: #993300\">Renewed CTF with recent exploits and attacks<\/span><\/em><\/strong><\/h5>\n<hr \/>\n<h5><span style=\"font-size: 16px\">Smart Contracts are getting more and more interest from the security community, driven mostly by the big payout for smart contract security auditing and the continuous exploitation of vulnerabilities in smart contracts, web3 and DeFi applications. The financial implications of smart contract vulnerabilities are substantial. Smart contracts often handle large amounts of value, and successful exploitation can lead to significant financial losses for users and project developers. With the increased regulatory scrutiny on blockchain and cryptocurrency projects, security audits and compliance with industry standards become imperative.<\/span><\/h5>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<p>Some of the scenarios we will go through:<\/p>\n<p>&#8211; Any user can cash out the money from the smart contract<br \/>\n&#8211; Abuse business logic to pay with 0 ETH<br \/>\n&#8211; Reentrancy vulnerabilities<br \/>\n&#8211; Block Timestamp Manipulation Vulnerability<br \/>\n&#8211; Tx.origin: Authorization bypass.<br \/>\n&#8211; Hash collision and integrity attack<br \/>\n&#8211; Integer Overflow and Underflow<br \/>\n&#8211; BatchTransfer Overflow (CVE-2018\u201310299)<br \/>\n&#8211; Unprotected SELFDESTRUCT<br \/>\n&#8211; Take ownership of a vulnerable contract<br \/>\n&#8211; DelegateCall vulnerabilities<br \/>\n&#8230;.more<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<h5><strong>Key Learning Objectives<\/strong><\/h5>\n<p>&#8211; Identify, exploit and create automated D16proof of concept of smart contract vulnerabilities exploitations<br \/>\n&#8211; Implement secure smart contracts<br \/>\n&#8211; Perform smart contract security audits<\/p>\n<h5><\/h5>\n<h5><strong>What will the students get<\/strong><\/h5>\n<p>&#8211; 15 hands-on labs<br \/>\n&#8211; Final CTF<br \/>\n&#8211; Handbook with step by step solutions of the labs<br \/>\n&#8211; List of resources used during the course<\/p>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n<h5><strong>Topics Covered<\/strong><\/h5>\n<p><strong>Intro to Ethereum and smart contracts<\/strong><\/p>\n<ul>\n<li>Course introduction<\/li>\n<li>Bitcoin vs Ethereum<\/li>\n<li>ETH history: The Four stages of development<\/li>\n<li>POW vs POS<\/li>\n<li>Sharding and Beacon Chain<\/li>\n<li>Docking<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Smart Contracts part 1<\/strong><\/p>\n<ul>\n<li>Smart Contracts basics<\/li>\n<li>Ethereum Smart Contracts and Solidity<\/li>\n<li>EVM main functionalities<\/li>\n<li>Accounts, Transactions and Gas in Ethereum<\/li>\n<li>Storage, Memory and Stack in the EVM<\/li>\n<li>Remix IDE: setup the environment<\/li>\n<li>LAB: Functions visibility in Solidity<\/li>\n<li>LAB: Our first smart contract<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Smart Contracts part 2<\/strong><\/p>\n<ul>\n<li>Types, Enum and Events<\/li>\n<li>Mappings<\/li>\n<li>Inheritance<\/li>\n<li>Modifiers<\/li>\n<li>SCW registry: the Smart Contracts CWE<\/li>\n<li>Reentrancy vulnerability: the DAO hack<\/li>\n<li>LAB: Steal all my money (Reentrancy attack)<\/li>\n<li>The Open Zeppelin ReentrancyGuard Smart Contract<\/li>\n<li>Interfaces<\/li>\n<li>LAB: Block Timestamp Manipulation Vulnerability<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Authorization in Solidity<\/strong><\/p>\n<ul>\n<li>Authorization in Smart Contracts<\/li>\n<li>The Open Zeppelin Authorization Contracts<\/li>\n<li>LAB: Authorization done properly<\/li>\n<li>LAB: Tx.origin: Authorization bypass<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>DoS attacks<\/strong><\/p>\n<ul>\n<li>SELFDESTRUCT<\/li>\n<li>DoS With Block Gas Limit<\/li>\n<li>DoS with Failed Call<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>More vulnerabilities<\/strong><\/p>\n<ul>\n<li>Integer Overflow and Underflow<\/li>\n<li>LAB: Integer Overflow exploitation to drain smart contracts<\/li>\n<li>LAB: BatchTransfer Overflow (CVE-2018\u201310299)<\/li>\n<li>Libraries<\/li>\n<li>Introduction to embedded and linked libraries<\/li>\n<li>LAB: Delegatecall vs Call<\/li>\n<li>LAB: Exploiting Proxy contracts and Delegate calls<\/li>\n<li>LAB: Hash collision<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Security auditing<\/strong><\/p>\n<ul>\n<li>Manual vs automated audit.<\/li>\n<li>Introduction to Smart Contract reverse engineering<\/li>\n<li>LAB: Tools: mythril<\/li>\n<li>LAB: Tools: slither<\/li>\n<li>How to build a comprehensive security auditing report<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Introduction to Smart Contract reverse engineering<\/strong><\/p>\n<ul>\n<li>Exploring the bytecode<\/li>\n<li>Storage and Memory allocation<\/li>\n<li>The EVM OPCODEs and instructions<\/li>\n<li>LAB: Identify DELEGATE calls<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Hack them all<\/strong><\/p>\n<ul>\n<li>Final Smart Contract Hacking Challenge&#8221;<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>ATTEND IN-PERSON: Onsite at Abu Dhabi DATE: 25-26 Nov 2024 TIME: 09:00 to 17:00 GST\/GMT+4 Date Day Time Duration 25 Nov Monday 09:00 to 17:00 GST\/GMT+4 8 Hours 26 Nov Tuesday 09:00 to 17:00 GST\/GMT+4 8 Hours Renewed CTF with recent exploits and attacks Smart Contracts are getting more and more interest from the security [&hellip;]<\/p>\n","protected":false},"featured_media":14978,"template":"","meta":{"_acf_changed":false},"product_cat":[58,90,92,57],"product_tag":[],"class_list":{"0":"post-14979","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-2-day-training","7":"product_cat-auh2024","8":"product_cat-auh2024-training","9":"product_cat-in-person","11":"first","12":"outofstock","13":"featured","14":"shipping-taxable","15":"purchasable","16":"product-type-simple"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hackable.sol: Smart contract hacking in Solidity - HITBSecConf2024 - Abu Dhabi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackable.sol: Smart contract hacking in Solidity - HITBSecConf2024 - Abu Dhabi\" \/>\n<meta property=\"og:description\" content=\"ATTEND IN-PERSON: Onsite at Abu Dhabi DATE: 25-26 Nov 2024 TIME: 09:00 to 17:00 GST\/GMT+4 Date Day Time Duration 25 Nov Monday 09:00 to 17:00 GST\/GMT+4 8 Hours 26 Nov Tuesday 09:00 to 17:00 GST\/GMT+4 8 Hours Renewed CTF with recent exploits and attacks Smart Contracts are getting more and more interest from the security [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Abu Dhabi\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-29T03:25:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1709\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/\",\"name\":\"Hackable.sol: Smart contract hacking in Solidity - HITBSecConf2024 - Abu Dhabi\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg\",\"datePublished\":\"2024-02-22T02:58:10+00:00\",\"dateModified\":\"2024-02-29T03:25:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#primaryimage\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg\",\"contentUrl\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg\",\"width\":2560,\"height\":1709},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shop\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/shop\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hackable.sol: Smart contract hacking in Solidity\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/\",\"name\":\"HITBSecConf2024 - Abu Dhabi\",\"description\":\"Nov 25 - 28, Abu Dhabi, UAE\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackable.sol: Smart contract hacking in Solidity - HITBSecConf2024 - Abu Dhabi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/","og_locale":"en_US","og_type":"article","og_title":"Hackable.sol: Smart contract hacking in Solidity - HITBSecConf2024 - Abu Dhabi","og_description":"ATTEND IN-PERSON: Onsite at Abu Dhabi DATE: 25-26 Nov 2024 TIME: 09:00 to 17:00 GST\/GMT+4 Date Day Time Duration 25 Nov Monday 09:00 to 17:00 GST\/GMT+4 8 Hours 26 Nov Tuesday 09:00 to 17:00 GST\/GMT+4 8 Hours Renewed CTF with recent exploits and attacks Smart Contracts are getting more and more interest from the security [&hellip;]","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/","og_site_name":"HITBSecConf2024 - Abu Dhabi","article_modified_time":"2024-02-29T03:25:28+00:00","og_image":[{"width":2560,"height":1709,"url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/","name":"Hackable.sol: Smart contract hacking in Solidity - HITBSecConf2024 - Abu Dhabi","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#primaryimage"},"image":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#primaryimage"},"thumbnailUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg","datePublished":"2024-02-22T02:58:10+00:00","dateModified":"2024-02-29T03:25:28+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#primaryimage","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg","contentUrl":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-content\/uploads\/sites\/23\/2024\/02\/Davide-Cioccia-product2-scaled-2.jpg","width":2560,"height":1709},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/product\/hackable-sol-smart-contract-hacking-in-solidity-auh2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/"},{"@type":"ListItem","position":2,"name":"Shop","item":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/shop\/"},{"@type":"ListItem","position":3,"name":"Hackable.sol: Smart contract hacking in Solidity"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/","name":"HITBSecConf2024 - Abu Dhabi","description":"Nov 25 - 28, Abu Dhabi, UAE","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product\/14979"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/media\/14978"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/media?parent=14979"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product_cat?post=14979"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/conference.hitb.org\/hitbsecconf2024auh\/wp-json\/wp\/v2\/product_tag?post=14979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}