A journey into smart contract security
Easy-to-follow security content through personal experiences.
Hi! My name is Matt and I'm, among other things, an information security-focused professional. This means that regardless of the domain I'm currently working in, I'm always vouching for security.
I sometimes introduce myself as a hacker too.
My journey in the infosec field started more than 15 years ago as a script kiddie, cheating in games. I still remember cracking our family's dial-up login password using Brutus, to be able to keep playing Argentum Online.
Years later I ended up creating and participating in several hacking communities, one of them that changed my life completely, and others that still exist to this day... but that's a story for another time.
My professional career started in 2010 and I have been working on all different kinds of topics: penetration testing and red teaming, a little bit of reverse engineering, secure development, research and management. But something that prevailed was my connection with community building and education.
Fortunately, on many occasions I had the opportunity to work delivering courses, training, workshops, talks, and mentoring newbies.
The two top questions I got asked the most from wannabe hackers were “how can I become a hacker?”, and “is there a way I can learn to think like one?”.
The short answer is: Yes, you can.
The long answer is a little bit more complicated.
My motivation
I don't think there's a path that leads you to say:
— “Oh shit, I think I might just reached HACKER LEVEL”.
In my article What is a computer hacker? and other popular questions, I give practical advice and resources I wish I had when I was starting.
But there are some things that you could do to shape your mind to be able to look at things differently. Rather than explaining them and failing miserably, I figured I could try to show what my learning process looks like, in a practical manner, while I reintroduce myself to Ethereum security.
Tired of looking for other’s learning processes mainly to find “SUPER ULTIMATE CHECKLIST v2.1”, “BEST SECURITY TOOLS”, or educational write-ups of exploits without context whatsoever, I decided to document my own, and share it as a series of articles.
This series is targeted to everyone who is familiar with Ethereum, is looking to add some key security concepts to their skill set, or maybe just have some fun.
Beyond telling my own experience, in each article I will leave open questions and recommended material to continue exploring by yourselves 💭.
Hope you enjoy my humble knowledge.
Content from this series
My current road-map ⭐️— huge curated list of content.
General reading
Short lessons
AMAZE-X CTF Walkthrough (repository)
- Intro to the series — Part 0 (posted 21/09)
- Challenge0.VToken — Part I (posted 22/09)
- Challenge1.lenderpool — Part II (posted 27/09)
- Challenge2.DEX — Part III (posted 4/10)
- Challenge3.borrow_system — Part IV (posted 08/10)
EVM Puzzles
- Solving EVM puzzles differently? | Part 1
- Solving EVM puzzles differently? | Part II
- Yet another EVM puzzle
- Yet another EVM puzzle solutions (pending)
I would like to thank @tinchoabbate for proofreading some of the articles and encouraging me to pursue my own writing style.
Thanks for reading! My name is Matt, and I’m learning how to make Ethereum more secure. I will be sharing some things from time to time.
Follow me on twitter @mattaereal.
