Join our in person Smart Contract Hacking training at BlackHat Asia 2025

Secure Development Trainings

SSCH – Smart Contract Hacking

Hack and secure smart contracts in our 2 days hands-on web3 hacking training

Online

Trainers

Picture of Davide Cioccia

Davide Cioccia

Founder and Web3 security researcher @ DCODX

Hi there! I’m Davide Cioccia, founder of DCODX, an ethical hacking, and DevSecOps consulting and coaching firm. Besides helping companies implement their Sec in DevOps, I’m also a developer of security tools (check our GitHub), OWASP Mobile Security Testing Guide contributor and DevSecCon Chapter Lead for the Netherlands. You can find my talks at security conferences like BlackHat, OWASP AppSec, DevSecCon, DevDays Europe and more online, together with some CVE disclosed to Microsoft and other big vendors. Enjoy my course :)

Course overview

This course focuses on smart contract hacking. It starts from the basics of blockchain, how smart contracts are written, to then deep dive in simple and complex vulnerabilities exploited in recent and past projects. If you are looking to start auditing smart contracts or participating in web3 bug bounties, this course is for you. We teach this course at BlackHat and DEF CON

Starting from vulnerabilities like:

  • Wrong or missing authorization
  • Abuse of business logic
  • Reentrancy vulnerabilities
  • Tx.origin: Authorization bypass
  • Hash collision and integrity attack
  • Integer Overflow and Underflow
  • Abuse of SELFDESTRUCT
  • Gas Limit DoS attack
  • Taking ownership of a vulnerable contract
  • DelegateCall vulnerabilities

we will then dive into more complex scenarios like:

  • Read-only reentrancy
  • ERC20 and ERC721 Tokens quick course
  • Introduction to Automated Market Makers (AMM)
  • Flash Loan Attacks on AMM with low liquidity
  • Weak Bonding Curve Exploitation
  • Front Running Attacks
  • DeX and DeFi attacks

Syllabus

Introduction to blockchain and Ethereum
Introduction to blockchain technology
Introduction to Ethereum
Proof Of Work vs Proof Of Stake
Smart Contracts introduction
Ethereum Virtual Machine (EVM) basics
Introduction to Ethereum Smart Contracts and Solidity syntax
Accounts, Transactions and Gas
Storage, Memory and Stack
Foundry and Forge introduction (our tools to find and build exploits)
LAB: Smart contract exploitation using Forge
LAB: Abusing the storage
Smart Contracts Part 2
Solidity in-depth syntax and semantics
Reentrancy vulnerabilities
LAB: Exploiting Reentrancy attacks
The Open Zeppelin ReentrancyGuard Smart Contract
LAB: Exploiting Read-only Reentrancy attacks
Authorization in Smart Contracts
The Open Zeppelin Authorization Contracts
LAB: Authorization done properly
LAB: Tx.origin: Authorization bypass via phishing attacks
Smart Contract DoS attacks
LAB: Abusing SELFDESTRUCT
LAB: DoS with Failed Call
LAB: DoS With Block Gas Limit
Numeric vulnerabilities
Integer Overflow and Underflow
LAB: Integer Overflow exploitation to drain smart contracts
LAB: BatchTransfer Overflow (CVE-2018–10299)
LAB: Precision loss exploitation
LAB: Hash collision and integrity attacks
Attacking Solidity libraries
Libraries and proxy contracts
Introduction to embedded and linked contracts (libraries)
Delegatecall vs Call
LAB: Exploiting Proxy contracts and Delegate calls
Tokens bootcamp
ERC20 and ERC721 introduction
LAB: ERC20 and ERC721 token exploitation
Automated Market Makers (AMM)
AMM and Flash loan providers introduction
Flash Loan and Flash Swap attacks on Low Liquidity AMM
Weak Bonding Curve Exploitation
LAB: Flash Loan and Flash Swap Attack
LAB: Front Running Attacks
Introduction to Assembly and reverse engineering
Assembly codes and EVM
LAB: Exploiting vulnerable assembly
The EVM OPCODEs and instructions
LAB: Reverse engineering smart contracts
Security auditing
Manual vs automated
How to build a comprehensive security auditing report together with automated POC
Security auditing tools: mythril, slither, semgrep
Hack Them ALL
Final Smart Contract Hacking CTF



Contact us

Send
Us a
Message

⚡ We will reply in no time

Linkedin Instagram Github

Copyright © 2023 DC0DX. All rights reserved

More questions?

Book a free consultation with one of our experts

Book Now