Smart Contract Code Weaknesses and Solutions
What you’ll learn
Smart Contract Code Related Security Problems and How To Solve Them
Security Patterns and How They Help To Overcome Security Attacks or Eliminate Vulnerabilities
How To Install and Use Various Tools Including Remix, VeriSol, Oyente, Manticore, Slither, and Helpers Including Docker, and DotNetTool
Various Libraries, Including Open Zeppelin Access Control, Open Zeppelin Utilities/SafeMath, OpenZeppelin Tokens, Chainlink, and Hardhat.
Solidity Language Based Implementations of Problems and Solutions Including Patterns
Solidity Basics
How To Create, Compile, Deploy and Use Deployed Smart Contracts Using Remix
Requirements
Knowledge of Blockchain Basics
Programming Experience in OO Languages
Knowledge on How To Implement Smart Contracts Using SOlidity Would Be Useful but Not Mandatory. For Newbies, Enough Information Is Provided in the Course
Description
This is a course that focuses both on manually scanning the code vulnerabilities, and bugs through focusing on a large set of (around 40) vulnerabilities for smart contracts and also on automatic vulnerability analysis tools. It also includes several lectures which demonstrate and use security-related libraries which are specifically created to improve the security of smart contracts. The selected development language is Solidity. We have a “Solidity and Remix in a Nutshell Lecture” for students who have a background in other development languages but lack smart contract development experience. This would help them to understand the content and to be able to run provided code parts along with various explanations throughout the course dealing with language/platform-specific issues.The security weaknesses addressed in this course include some popular weaknesses such as Reentrancy but also many others. We visit numerous terms as we explain these problems and related solutions. Whenever we encounter a pattern to solve a problem we explicitly mark this on our slides. We will be looking at code samples which will be provided from the course web site when we discuss the problems and solutions.Finally, the tools and libraries which used in the course either to introduce new tools/libraries or as helper tools are Remix, Docker, VeriSol, DotNetTool, Oyente, Open Zeppelin Access Control, Open Zeppelin Tokens, Open Zeppelin, Manticore, and Slither.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 Solidity and Remix in a Nutshell
Lecture 3 Udemy Reviews
Section 2: Weaknesses and Solutions Blended with Smart Contract Security Analysis Tools
Lecture 4 Function Default Visibility
Lecture 5 Integer Overflow and Underflow
Lecture 6 Outdated Compiler Version
Lecture 7 Floating Pragma
Lecture 8 Unchecked Call Return Value
Lecture 9 Unprotected Ether Withdrawal
Lecture 10 Unprotected SELFDESTRUCT Instruction
Lecture 11 Reentrancy
Lecture 12 State Variable Default Visibility
Lecture 13 Uninitialized Storage Pointer
Lecture 14 Assert Violation
Lecture 15 Verisol
Lecture 16 Use of Deprecated Solidity Functions
Lecture 17 Delegatecall to Untrusted Callee
Lecture 18 Dos with Failed Call
Lecture 19 Oyente
Lecture 20 Transaction Order Dependence
Lecture 21 Authorization Through Tx.Origin
Lecture 22 Block Values As a Proxy for Time
Lecture 23 MantiCore Dynamic Security Analysis for Smart Contracts
Lecture 24 Signature Mallability
Lecture 25 Incorrect Constructor Name
Lecture 26 Showing State Variables
Lecture 27 Weak Sources of Randomness From Chain Attributes
Lecture 28 Missing Protection against Signature Replay Attacks
Lecture 29 Lack of Proper Signature Verification
Lecture 30 Requirement Violation
Lecture 31 Write to Arbitrary Storage Location
Lecture 32 Incorrect Inheritance Order
Lecture 33 Slither
Lecture 34 Insufficient Gas Griefing
Lecture 35 Arbitrary Jump with Function Type Variable
Lecture 36 DoS with Block Gas Limit
Lecture 37 Open Zeppelin
Lecture 38 Typographical Error
Lecture 39 Open Zeppelin Access Control
Lecture 40 Right to Left Override Control Character
Lecture 41 Open Zeppelin Common Tokens
Lecture 42 Presence of unused variables
Lecture 43 Unexpected Ether balance
Lecture 44 Hash Collisions With Multiple Variable Length Arguments
Lecture 45 Message call with hardcoded gas amount
Lecture 46 Code With No Effects
Lecture 47 Unencrypted Private Data On-Chain Weakness
Section 3: Conclusion
Lecture 48 Conclusion
Beginner to Advanced
Course Information:
Udemy | English | 6h 21m | 6.55 GB
Created by: Ferda Özdemir Sönmez
You Can See More Courses in the Developer >> Greetings from CourseDown.com