Tutorial: Analyzing, Exploiting, and Patching Smart Contracts in Ethereum

• Published in: 2022 IEEE Secure Development Conference (SecDev) pp. 3 - 4
• Main Authors: Giesen, Jens-Rene, Andreina, Sebastien, Rodler, Michael, Karame, Ghassan O., Davi, Lucas
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2022
• Subjects: Blockchains; Computer languages; Ecosystems; Focusing; Smart contracts; Tutorials; Writing
• DOI: 10.1109/SecDev53368.2022.00013

Smart contracts are programs which encode business logic and execute on the blockchain. While Ethereum is the most popular blockchain platform for smart contracts, an increasing number of new blockchain platforms are also able to support smart contract execution (e.g., Solana or Cardano). Security vulnerabilities in Ethereum smart contracts have demonstrated that writing secure smart contracts is highly challenging. This is exacerbated by the fact that the exploitation of buggy smart contracts seems disproportionately easier compared to exploiting classic PC software. In this tutorial, we overview a number of smart contract vulnerabilities focusing on the Ethereum ecosystem. We also provide an introduction to the de-facto smart contract programming language Solidity and provide a comprehensive hands-on lab tutorial that involves analyzing vulnerable smart contracts, developing proof-of-concept exploits as well as introducing security analysis tools for testing smart contracts