Practical Secure Programming In Solidity

Developing Secure Programming Skills in Solidity

What you'll learn

Discuss common Solidity Programming Constructs

Recognize Solidity Secure Coding Concerns

Describe Smart Contract Operators

Employ Secure coding practices

Requirements

Students should have knowledge of Solidity

Description

Solidity is a purpose-made programming language for Ethereum and Ethereum-like blockchains to deliver smart contract capability. Ethereum is a global computing platform that allows for distributed survivable programs called smart contracts to be used by anyone, anywhere, for any reason. Smart contracts can be used to bridge two different blockchain systems, fulfill shipping and product delivery processes, and pay vendors on the certificated completion of specific tasks.Smart contracts are quickly becoming a regular business process that eliminates the middle person and allows for the frictionless global transfer of value. And billions of dollars are hacked out of smart contracts every year because of faulty coding practices with Solidity.This course introduces operators, and basic solidity constructs, then dive deep by example into secure coding practices that can be used to deliver more secure smart contracts. We review some of the most common security issues, such as reentrancy, overflows, underflows, external calls, and other places where flow control of the smart contract can be hijacked.Finally, we go over linting, QA, and DevOps tools that can help identify issues with code and how to use those tools to fix issues with code security. We also go over where to get secure code libraries for code reuse and other popular open-source systems that will make your smart contract better, safer, and quicker to market. You will work with tools like Foundry, Truffle, Ganache, OpenZeppelin, and others so that you get a practical hands-on demonstration of what is out there that can help you be aware of the security considerations when it comes to smart contracts

Overview

Section 1: Introduction

Lecture 1 Introduction

Section 2: Solidity Overview

Lecture 2 Solidity Secure Programming

Lecture 3 What is a "Smart Contract"

Lecture 4 Solidity Value Types

Lecture 5 Solidity Reference Types

Lecture 6 Solidity Operators Master Sheet

Lecture 7 Open Libraries from OpenZeppelin

Lecture 8 OpenZeppelin Walk-Through

Lecture 9 Remix Walk-Through

Section 3: Solidity Secure Coding Practices

Lecture 10 OWASP Part 1

Lecture 11 OWASP Part 2

Lecture 12 Force Feeding Contracts

Lecture 13 Check Effects Interaction Pattern - Reentrancy

Lecture 14 External Calls

Lecture 15 Overflow and Underflow

Lecture 16 Public on-chain data

Lecture 17 Public off-chain data

Lecture 18 Oracle Manipulation

Lecture 19 Front Running

Lecture 20 Private Data Access

Lecture 21 Governance Wallet

Lecture 22 Real World Example: Raydium Admin Wallet Hack

Lecture 23 Governance Controls

Lecture 24 Self Destruct

Lecture 25 Delegate Call

Lecture 26 Collisions

Lecture 27 Randomness

Lecture 28 Denial of Service (DoS)

Lecture 29 tx.origin Phishing

Lecture 30 Hiding malicious code

Lecture 31 Block timestamp manipulation

Lecture 32 Bypass contract size check

Lecture 33 Signature Replay

Section 4: Solidity QA and Testing Tools

Lecture 34 Install Truffle Suite in Linux/Apple

Lecture 35 Install Truffle Suite in Windows (includes errors)

Lecture 36 VS Code Solidity Plugins

Lecture 37 Working with Remix

Lecture 38 Working with VS Code

Lecture 39 Calling Open Zeppelin Modules

Lecture 40 Clearing VS Code Open Zeppelin errors

Lecture 41 Checking to see if a wallet is blacklisted

Lecture 42 Auditing

Section 5: Close

Lecture 43 Closing Lecture

This course is for anyone who wants to know about secure coding practices in Solidity