YoVDO

Are Smart Contracts Haunted? - Security Vulnerabilities in Blockchain

Offered By: NahamSec via YouTube

Tags

Smart Contracts Courses Ethereum Courses Access Control Courses Blockchain Security Courses Vulnerability Analysis Courses Decentralized Finance Courses DeFi Courses

Course Description

Overview

Explore the world of smart contract vulnerabilities in this conference talk from #NahamCon2022. Dive into common security issues, including re-entrancy attacks, delegatecall and selfdestruct functions, and initialization vulnerabilities. Examine real-world examples from AMM projects, OpenZeppelin's UUPS proxy bug, and Harvest Finance. Learn about the risks associated with price oracles and spot-price usage in DeFi protocols like Yearn.Finance. Discover the importance of proper authorization checks and access control in smart contract functions. Gain valuable insights and resources to enhance your understanding of smart contract security and potential haunting vulnerabilities.

Syllabus

Introduction
Common smart contract vulnerabilities
Example re-entrancy attack
Re-entrancy example in an AMM project
Short intro to delegatecall and selfdestruct
Constructor() vs Initialize()
OpenZeppelin's UUPS uninitialized proxy bug: explanation
Harvest Finance
Price oracles
Yearn.Finance spot-price usage
Yearn. Finance spot-price usage - explanation
Missing an authorization check
Lack of access control in cancelOrder() #1
Useful links to get you started


Taught by

NahamSec

Related Courses

Unlocking Information Security II: An Internet Perspective
Tel Aviv University via edX
Cybersecurity Capstone: Breach Response Case Studies
IBM via Coursera
Complete Ethical Hacking Bootcamp
Udemy
Cyber Security Advanced Persistent Threat Defender Preview
Udemy
Performing Threat Modeling with the PASTA Methodology
Pluralsight