Secureum Bootcamp - Smart Contract Security Auditing (Epoch 0)

Some materials from the Epoch 0 of the Secureum Bootcamp.

Tech

Secureum Mind Map

Basic writing and formatting syntax

Secureum Bootcamp: Smart Contract Security Auditing 2021 Quizzes

Discord - Twitter

Steps

  1. Read the Article along with watching the Videos
  2. Try out some of the referenced tools in the article
  3. Go over the Assignments. These are not graded but may help with the quiz.

Slot 0: Welcome

  1. Bootcamp Details
    • Starts October 1st
    • Completely online and asynchronous
    • Articles and Videos will be shared via online channels
    • Quizzes will be conducted online using ClassMarker platform (you do not need to create an account but will be sent a link for every quiz that you can access with your access code as described below)
    • Two Phases: Learn Phase & Audit-Readiness Phase
  2. Learn Phase
    • October & November (1024 Participants)
    • 8 Slots with 1 Topic per Slot
    • Read articles, watch videos, do assignments and take quizzes
  3. Audit-Readiness Phase
    • December (101 Candidates: Based on quiz scores from Learn Phase)
    • 4 Slots with 1 Protocol per Slot
    • Evaluate audit-readiness of protocol code

Slot 1: Ethereum 101

Article

Videos

Assignments

  1. Read the Ethereum whitepaper: https://ethereum.org/en/whitepaper/
  2. Read the Ethereum yellow paper: https://ethereum.github.io/yellowpaper/paper.pdf
  3. Read Chapters 1, 2, 3, 4, 6, 13 and 14 from “Mastering Ethereum”: https://github.com/ethereumbook/ethereumbook and other references in Secureum’s “Ethereum 101” article
  4. Browse through topics at https://ethereum.org/en/developers/docs/
  5. Explore blocks, transactions and other protocol internals at https://etherscan.io/

Slot 2: Solidity 101

Article

Videos

Assignments

  1. Read Chapter 7 from “Mastering Ethereum”: https://github.com/ethereumbook/ethereumbook/blob/develop/07smart-contracts-solidity.asciidoc
  2. Understand Solidity syntax and semantics implemented in OpenZeppelin’s ERC20 contract: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol
  3. Understand Solidity syntax and semantics implemented in OpenZeppelin’s ERC721 (NFT) contract: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol
  4. Understand Solidity syntax and semantics implemented in OpenZeppelin’s security-related contracts Ownable, Pausable and ReentrancyGuard: https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/access and https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/security
  5. Experiment with the various Solidity concepts using https://remix.ethereum.org/

Slot 3: Solidity 201

Article

Videos

Assignments

  1. Understand all the OpenZeppelin Library contracts (many of which are widely-used): https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts
  2. Understand Solidity syntax and semantics implemented in Uniswap V3 contracts and related dependencies: https://github.com/Uniswap/uniswap-v3-core/tree/main/contracts
  3. Understand Solidity syntax and semantics implemented in Fei Protocol contracts and related dependencies: https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts
  4. Understand Solidity syntax and semantics implemented in Chainlink contracts and related dependencies: https://github.com/smartcontractkit/chainlink/tree/develop/contracts/src/v0.4
  5. Understand Solidity syntax and semantics implemented in Opyn Gamma Protocol contracts and related dependencies: https://github.com/opynfinance/GammaProtocol/tree/master/contracts/core

Slot 4: Security Pitfalls & Best Practices 101

Article

Videos

Assignments

  1. Explore the SWC Registry list and test cases: https://swcregistry.io/
  2. Watch “Intro to Security First Development” by Gonçalo Sá, ConsenSys Diligence: https://www.youtube.com/watch?v=72K57I9yvyI
  3. Watch “Protect your Crypto and Avoid Getting Hacked” by Mehdi Zerouali, Sigma Prime: https://www.youtube.com/watch?v=L2DRC6PjTgk
  4. Watch “DeFi Security: With So Many Hacks, Will It Ever Be Safe?” on Unchained Podcast with Dan Guido (Trail of Bits) and Taylor Monahan (MyCrypto): https://www.youtube.com/watch?v=Sc5fZ-Wprx8
  5. Attempt CTF: https://capturetheether.com/

Slot 5: Security Pitfalls & Best Practices 201

Article

Videos

Assignments

  1. Read https://samczsun.com/so-you-want-to-use-a-price-oracle/ and https://samczsun.com/the-dangers-of-surprising-code/
  2. Watch “Security By Design & Smart Contract Audits” by Shayan Eskandari, Ex-ConsenSys Diligence: https://www.youtube.com/watch?v=gfD1KBtLWZI
  3. Watch “How to Build Secure Smart Contracts” by Josselin Feist, Trail of Bits: https://www.youtube.com/watch?v=yP01yH4plT8
  4. Watch “White Hat Panel: DeFi Exploits”: https://www.youtube.com/watch?v=Df2zzfoTfMc
  5. Attempt CTF: https://www.damnvulnerabledefi.xyz/

Slot 6: Audit Techniques & Tools 101

Article

Videos

Assignments

  1. Read:
    1. How to Prepare for a Smart Contract Audit
    2. What is a Security Audit, When You Should Get One, and How to Prepare
    3. 246 Findings From our Smart Contract Audits: An Executive Summary
  2. Run MythX (Use promotion code: SECUREUM2021) on Fei Protocol contracts and analyze the reported findings: https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts
  3. Run Slither on Uniswap V3 contracts and analyze the reported findings: https://github.com/Uniswap/uniswap-v3-core/tree/main/contracts
  4. Watch “The Evolution of Smart Contract Security” by Dan Guido, Trail of Bits: https://www.youtube.com/watch?v=fOkQuNzVn_Q
  5. Attempt Paradigm CTF: https://github.com/paradigm-operations/paradigm-ctf-2021

Slot 7: Audit Findings 101

Article

Videos

Assignments

  1. Read the audit report along with the smart contracts to understand all the reported findings for Fei Protocol: https://consensys.net/diligence/audits/2021/01/fei-protocol
  2. Read the audit report along with the smart contracts to understand all the reported findings for Uniswap V3: https://github.com/Uniswap/uniswap-v3-core/blob/main/audits/tob/audit.pdf
  3. Read the audit report along with the smart contracts to understand all the reported findings for Chainlink: https://github.com/sigp/public-audits/blob/master/chainlink-1/review.pdf
  4. Read the audit report along with the smart contracts to understand all the reported findings for Opyn Gamma protocol: https://blog.openzeppelin.com/opyn-gamma-protocol-audit/
  5. Watch: OpenZeppelin tinchoabbate’s “Secure Development Series”: https://www.youtube.com/playlist?list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz

Slot 8: Audit Findings 201

Article

Videos

Assignments

  1. Read the audit report along with the smart contracts to understand all the reported findings for 1inch Liquidity Protocol: https://consensys.net/diligence/audits/2020/12/1inch-liquidity-protocol/
  2. Read the audit report along with the smart contracts to understand all the reported findings for Origin Dollar: https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf
  3. Read the audit report along with the smart contracts to understand all the reported findings for Synthetix EtherCollateral: https://github.com/sigp/public-audits/blob/master/synthetix/ethercollateral/review.pdf
  4. Read the audit report along with the smart contracts to understand all the reported findings for Holdefi: https://blog.openzeppelin.com/holdefi-audit
  5. Stay updated with Ethereum security articles/news
    1. WeekInEthereumNews (security section): https://weekinethereumnews.com/
    2. BlockThreat Newsletter: https://www.blockthreat.io/
    3. Rekt: https://rekt.news/
    4. Secureum Newsletter: https://secureum.substack.com/

Alan Becker Capuyá

From ONG's to enrepeneurism, in love with tech and innovation, I'm looking to be part of the social revolution seeking a better world.