Slide 1: Introduction
- Title: Solidity Contracts and Blockchain Vulnerabilities
- Overview:
- Understanding blockchain, cryptocurrency, and smart contracts.
- Exploring Solidity and common vulnerabilities in smart contracts.
- Practical setup and examples.
Slide 2: Agenda
- What is Blockchain?
- What is Cryptocurrency?
- What are Smart Contracts?
- What is Solidity?
- Setting up DefiLabs
- Reentrancy Attacks
Slide 3: What is Blockchain?
- Definition and Basic Concepts
- A blockchain is a decentralized, distributed ledger technology.
- It records transactions in a secure, verifiable, and immutable manner.
- Decentralization and Distributed Ledgers
- No central authority; consensus is maintained across a network of nodes.
- Each node has a copy of the entire ledger, ensuring transparency and security.
Slide 4: What is Cryptocurrency?
- Definition and Examples
- Cryptocurrencies are digital or virtual currencies that use cryptography for security.
- Examples: Bitcoin (BTC), Ethereum (ETH).
- How Cryptocurrencies Use Blockchain Technology
- Transactions are recorded on a blockchain to ensure transparency and security.
- Decentralized nature eliminates the need for intermediaries.
Slide 5: What are Smart Contracts?
- Definition and Purpose
- Smart contracts are self-executing contracts with the terms directly written into code.
- They automatically enforce and execute contract terms.
- Automation and Trustless Transactions
- Eliminate the need for intermediaries by automating contract execution.
- Provide trustless transactions, reducing the risk of fraud.
Slide 6: What is Solidity?
- Brief Introduction to Solidity Programming Language
- Solidity is a high-level programming language designed for writing smart contracts on Ethereum.
- Syntax similar to JavaScript, designed to run on the Ethereum Virtual Machine (EVM).
- Role of Solidity in Developing Smart Contracts on Ethereum
- Enables developers to create and deploy decentralized applications (dApps).
- Facilitates the implementation of complex logic and automated processes.
- Ethereum Virtual Machine (EVM)
- The EVM is the runtime environment for smart contracts in Ethereum.
- Ensures that code executes exactly as intended.
Slide 7: Setting up DefiLabs
- Foundry
- Install from: Foundry GitHub
- Foundry is a fast, portable and modular toolkit for Ethereum application development.
- Truffle + Ganache-CLI
- Truffle: A development framework for Ethereum.
- Ganache-CLI: A personal blockchain for Ethereum development.
- Remix IDE
- Online editor for writing, compiling, and deploying smart contracts.
- Accessible at: Remix IDE
Slide 8: Reentrancy Attacks
- Explanation of Reentrancy
- A reentrancy attack occurs when a contract repeatedly calls back into itself before the initial execution is complete.
- The
call function sends Ether to msg.sender before updating the balance.
- If
msg.sender is a contract, it can exploit this by re-entering the contract in a fallback function.
- Example and Impact
- Example: A malicious contract withdraws funds multiple times in one transaction.
- Impact: Drains the contract’s balance, leading to significant financial loss.
- Pragma 0.8.0 and Later
- Solidity versions 0.8.0 and later include built-in checks for arithmetic underflow and overflow.
- These checks prevent the reentrancy attack by causing the transaction to revert if an underflow/overflow is detected.
Slide 9: Overflow Attacks
- Explanation of Overflow Attacks
- An overflow attack occurs when an arithmetic operation exceeds the maximum limit of the data type.
- This causes the value to wrap around to a much lower value, allowing manipulation.
- Example and Impact
- Example: Increasing a lock time value beyond its maximum causes it to wrap around to a low value.
- Impact: Allows an attacker to bypass time-based restrictions.
- Solidity 0.8.0 and Later
- Solidity versions 0.8.0 and later include built-in checks for overflow and underflow.
- Disabling these checks using
unchecked can reintroduce the vulnerability for demonstration purposes.
