• Nullcon Goa Sep 2022
  • Training
  • HackFi - hacking smart contracts

HackFi - hacking smart contracts

Chaitanya RK

register Now
Chaitanya RK

Trainer Name: Chaitanya RK
Title: HackFi - hacking smart contracts
Duration: 3 Days
Dates: Sept. 6, 2022 To Sept. 8, 2022


Blockchains are revolutionary technologies that allow for secure, distributed, decentralized information storage. Blockchains disrupt the finance industry via DeFi, governance via DAOs, and collectibles via NFTs. Over the past few years, the blockchain has taken the engineering landscape by storm. However, due to the relative newness of blockchain compared to traditional technologies, its use is still hindered by speculation, confusion, uncertainty, and risk.

Training level: Basic; Intermediate


In this course, we shall take a holistic look at security, from the theoretical foundations of the blockchain and smart contracts to finding and exploiting vulnerabilities in smart contracts.

First, this course will give you all the prerequisites to understand blockchain and smart contracts' architecture and major components. Then, we will create and set up a development and testing environment allowing us to efficiently build, deploy and debug smart contracts on the local test net. We will learn how to find vulnerabilities and exploit vulnerabilities in the local testing environment. We will also leverage security tooling, such as Slither and Mythril, to detect smart contract vulnerabilities automatically.

Some of the skills and techniques you will learn are:

  • How to interact with and get data from public blockchains
  • How to write smart contracts in Solidity
  • How to find vulnerabilities in smart contract
  • How to test and exploit vulnerabilities in smart contracts


Day 1

What Is Blockchain?

  • Definitions and Origins
  • Types of Distributed Consensus
  • Purposes and Uses Cases
  • A brief introduction to Consensus mechanisms [Proof of Work/Mining/Proof of Stake]

What Is a Smart Contract?

  • Introduction to Smart Contracts
  • Smart Contract Use Cases and Platforms
  • A brief history of smart contracts hacks

Keys, Wallets, and Cryptography

  • Hashing Functions
  • Wallets
  • Mnemonic Keys

Introduction to Ethereum

  • Ethereum Architecture
  • Ethereum block explorers
  • Components of a Transaction
  • API, Nodes, and Clients

Day 2

Smart Contract Security

The Smart Contract Lifecycle

  • The Architecture and Concepts of Ethereum
  • Tools for the Ethereum Blockchain

Introduction to Solidity

  • Solidity language description
  • The layout of State Variables in Storage
  • Layout in Memory
  • Contract ABI Specification
  • Compiling a Contract
  • Deploying a Contract
  • Interacting with a Smart Contract

Common security flaws with examples

  • Types of Vulnerabilities
  • Transactions on Ethereum in depth
  • Integer overflows and underflows
  • Race conditions in ERC20
  • Access controls
  • Re-entrancy
  • Transaction ordering dependence (TOD) and front running
  • Library design flaws

Day 3

Static and Dynamic testing

  • Introduction to static analysis using Slither/
  • Introduction to dynamic analysis using Echidna
  • Audits

Attacking and Exploiting Smart Contracts

  • Exploiting Ethereum Smart Contracts (Ethernet)
  • Case Study: The DAO Hack
  • Understanding cross-bridges and their flaws
  • Lessons from the Wormhole Exploit

Final Q & A


  • A laptop that supports Docker
  • Please install Docker and make sure it runs Docker images


  • Basic understanding of programming language
  • Solidity knowledge is a plus, but not required


  • Blockchain and smart contract developers
  • Security engineers
  • Bug bounty hunters


  • Learn basics of blockchain and smart contracts
  • How to interact with and get data from public blockchains
  • How to write smart contracts in Solidity
  • How to find vulnerabilities in smart contract
  • How to test and exploit vulnerabilities in smart contracts


  • Training material
  • Access to trainer post-training


  • Guidance on crypto investment
  • Programming introduction

About Trainer

Chaitanya (ant4g0nist), the co-founder of [WeFuzz](https://wefuzz.io), has over a decade of experience in Development and security. He focuses primarily on vulnerability research, fuzzing smart contracts, fuzzing Apple platforms (macOS/iOS), and blockchain security.

Chaitanya's interest lies in fuzzing, emulation, baseband, and exploit Development that resulted in numerous vulnerabilities leading to 0-click/1-click exploits (CVE-2015-3723, CVE-2016-1737, CVE-2016-1740, CVE-2017-7031). Chaitanya's work on blockchain development and security is backed by foundations and companies like Coinbase, Tezos, etc.

He has also contributed to developers and security communities by creating multiple open-source projects, some of them include:

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved