
This course includes our updated coding exercises so you can practice your skills as you learn.
See a demo
Explore smart contract security by examining code weaknesses and solutions, focusing on Solidity and EVM, with static and dynamic analysis tools and practical code samples.
Explore function default visibility in smart contracts, including private, internal, external, and public, and learn how explicit visibility impacts security and gas usage.
Identify the unchecked return value weakness in smart contracts and explain how validating the call result with boolean checks on low-level calls prevents attackers from manipulating subsequent logic.
Analyze how tx.origin differs from msg.sender and why using tx.origin for authorization creates vulnerabilities, and learn to mitigate with msg.sender checks and smart contract tunnels.
Slither enables vulnerability detection for Solidity smart contracts with high accuracy, integrates with Truffle, and offers printers like call graph and inheritance to visualize dependencies.
Explore how function type variables enable an arbitrary jump vulnerability when combined with assembly in smart contracts, and learn safe patterns and minimal assembly remediation to prevent abuse.
Explore Open Zeppelin, a widely used open-source smart contract library of utilities and templates under MIT license. Learn installation, importing contracts, and leveraging audits and defender for secure blockchain apps.
This is a course that focuses both on manually scanning the code vulnerabilities, and bugs through focusing on a large set of (around 40) vulnerabilities for smart contracts and also on automatic vulnerability analysis tools. It also includes several lectures which demonstrate and use security-related libraries which are specifically created to improve the security of smart contracts. The selected development language is Solidity. We have a "Solidity and Remix in a Nutshell Lecture" for students who have a background in other development languages but lack smart contract development experience. This would help them to understand the content and to be able to run provided code parts along with various explanations throughout the course dealing with language/platform-specific issues.
The security weaknesses addressed in this course include some popular weaknesses such as Reentrancy but also many others. We visit numerous terms as we explain these problems and related solutions. Whenever we encounter a pattern to solve a problem we explicitly mark this on our slides. We will be looking at code samples which will be provided from the course web site when we discuss the problems and solutions.
Finally, the tools and libraries which used in the course either to introduce new tools/libraries or as helper tools are Remix, Docker, VeriSol, DotNetTool, Oyente, Open Zeppelin Access Control, Open Zeppelin Tokens, Open Zeppelin, Manticore, and Slither.