Smart Contract Auditor Course
Our community has always been at the heart of Solidified. Community members are the fuel for both bug bounties and audits.
We also do our best to support the wider community, paving the way for newcomers in our industry to shine on bug bounties, providing guidance for beginners, and helping out clients, developers and community members in fostering a safer Ethereum experience for everyone.
One of the recurring requests that arose from within the community was for a structured instructional course, that would include everything an aspiring smart contract auditor needs to know to start a career in this young and exciting market.
In response, we partnered with the leading education provider in the space, B9Lab, to bring you all content and expertise needed to jumpstart a smart contract auditor career, including a paid internship at Solidified for the top scoring students!
The course is aimed at aspiring smart contract auditors, or developers that want to deep dive into security. Knowledge of Solidity is a prerequisite, you should feel comfortable developing smart contracts to make the most out of the course. If you still need to sharpen your Solidity skills, worry not, B9Lab has you covered with their intro courses and advanced Ethereum developer certification courses.
The Course
Module 1: Why Smart Contracts Fail
This lesson will examine the most prominent real-world examples of smart contract breaches and how they could’ve been prevented. This will give the student a practical introduction to the world of smart contract security and the need for this education. As part of this module we are introducing the concepts of auditing with examples of prominent vulnerabilities, such as the DAO, Parity and other famous hacks. You will learn to appreciate the stakes involved in securing smart contracts, and develop the necessary vocabulary to navigate the smart contract security space.
Module 2: Auditing Process and Reporting
The audit process explained. Understanding scope and specification. Participating in single and group audits, pre- and post-debrief, unbiased input, categorization of severity, comparing findings. How to write audit and bug reports. We will be covering audit protocol, techniques for finding and evaluating the severity of bugs, the audit process and steps, report writing. You will learn how to write audits and bug reports, as well as how to participate in a group or single audit.
Module 3: Tools of the Trade
This lesson will focus on setting up helpful tools and frameworks that will aid in securing smart contracts. We will go into the Remix IDE, the truffle framework, open zeppelin standard contracts, test nets, common open source security tools (where they excel, and what not to expect from them). Students will be exposed to the gold standard of contract security, and learn to deploy these contracts on a test net.
Module 4: Common Vulnerabilities
A majority of the vulnerabilities seen in Solidity smart contracts today are rooted in common misunderstandings. In this lesson we identify the most common types of bugs, and challenge the student to find and patch them in code exercises. This module covers re-entrancy, overflow/underflow, challenges of random number generation, denial of service attacks, front-running, etc. You will learn to find and patch the most common issues in smart contracts.
Module 5: Auditing Techniques
How to smell something is wrong, spotting red flags and dangerous code. We will cover indicators of potentially buggy code, breaking apart uncertainty. You will learn how to see signs of potential bugs. Messy code, obscure calculation, overly complex implementations and all sorts of signs that could indicate the existence of bugs.
Module 6: Advanced Vulnerabilities
Real world bugs, from the most notorious hacks to the most sophisticated, examined. The topics covered include external code execution, low level code (Solidity assembly), flaws in game theory of governance, protocol/interface exploits, sybil resistance, general blockchain security considerations. You will learn to uncover deeper issues, understand exploits in multi-contract systems, and familiarize yourself with notorious exploits for common reference when engaging with other auditors.
Module 7: Beginning Your Career as an Auditor
This lesson covers how to participate in Ethereum’s smart contract security community. Getting started with bug bounties, where to seek and offer auditing services, where to continue learning, expectations and standards. You will learn how to work your way from participating in bug bounties to performing audits.
Signups are open, and limited to 100 seats: https://solidified.b9lab.com/courses/course-v1:Solidified+SOLIDIFIED-ETH-COURSE+2019/about
Looking forward to see you there!
