Course Hive
Search

Welcome

Sign in or create your account

Continue with Google
or
21 Sneaky Smart Contract Bugs | Do Not Miss These!
Play lesson

Web3 Security 101 - 21 Sneaky Smart Contract Bugs | Do Not Miss These!

Master Web3 Security: From Critical Finds to Sneaky Exploits – Unleash Your Auditing Skills!

5.0 (4)
33 learners

What you'll learn

Identify and exploit common vulnerabilities in Web3 and smart contracts.

Develop advanced skills in auditing and critical analysis of security weaknesses.

Master external call attacks and reentrancy issues in Web3 environments.

Understand the fundamentals of Ethereum cryptography and EVM operations.

This course includes

  • 15.3 hours of video
  • Certificate of completion
  • Access on mobile and TV

Summary

Keywords

Full Transcript

Are you a security researcher looking to join a world-class team? Apply to open positions at Guardian here: https://guardianaudits.com Interested in getting hands-on training to become an expert security researcher in a matter of months? Get the guide to becoming a senior auditor in 6 months here: https://www.intogateway.com/guide Looking for a Smart Contract Audit? Apply to work with the Guardian team on our website: https://guardianaudits.com Join our community aimed at building and sharing a wealth of blockchain and solidity knowledge to help developers/auditors of all levels transform the web3 ecosystem: https://lab.guardianaudits.com/ If you're still not 100% confident in your web3 auditing skills, I collaborated with several other top security professionals in the space to bring you the most comprehensive & effective web3 security course ever! You can take $50 off using my link here: https://smartcontractshacking.com/?referral=owen Yul & Memory Intro | Yul Exploit!: https://youtu.be/9qLUvtL5uKQ 00:00 - Intro 02:52 - #1 Deleting structs does not delete containing mappings or lists 04:53 - #2 Immutable values are not maintained on upgrade 05:41 - #3 Subtractions that underflow & revert 07:02 - #4 Downcasting can still overflow 07:50 - #5 Not having a withdraw method for received ether 08:58 - #6 Parallel data structures 11:28 - #7 Typos 12:15 - #8 Mstore does not update the free memory pointer 12:51 - #9 Using transfer or send 13:19 - #10 Division symbols 14:15 - #11 Handling units wrong 15:09 - #12 Assuming every contract can accept ether/tokens 15:51 - #13 Loading in the return value of .call 17:00 - #14 Using for-loops to push rather than pull 18:31 - #15 Using msg.value in a loop 20:11 - #16 Decoding arbitrary bytes that can come from an untrusted address 21:16 - #17 Tx.origin used for authentication 21:51 - #18 Correctly validating the freshness of prices 22:52 - #19 Fee-on-transfer tokens 23:54 - #20 Off by one errors 25:07 - #21 Chain compatibility 27:14 - Get a free quote 28:13 - Join the Solidity lab

Course Hive

Continue this lesson in the app

Install CourseHive on Android or iOS to keep learning while you move.

Related Courses

FAQs

Course Hive
Download CourseHive
Keep learning anywhere