Go to course navigation

Main Page

NIE-BLO Blockchain Course

Students will understand the foundations of blockchain technology, smart contract programming, smart contracts auditing and will gain an overview of the most notable layer ones (Bitcoin, Ethereum, Solana). They will be able to design, code, test and audit a secure decentralized application using the most up-to-date industry standards. The course is led by the Department of Information Security and web3 security industry experts thus focuses mainly on the security of smart contract implementations. It is concluded with a defense of a semester project, which prepares the students for implementing and reviewing complex smart contracts.

Pre-requirements

Warning:

Knowledge of the following is required to fully understand the presented materials (we don’t teach this).

Good knowledge of C/C++, algorithms, data structures, software testing methods, git workflow. Some knowledge of Python or Javascript.

Tech stack

Technologies used during the semester; Solidity, Python, Wake (alternatives: Hardhat, Slither, Echidna), Solidity for VS Code (alternatives: Remix IDE).

Semester project

The semester concludes a project of two stages - Task I. Implementation and Task II. Security Audit.

Task I. (Implementation)

Each student implements a smart contract on given assigment.

Task II. (Security audit)

The goal is to perform a security audit over a Task I. You will receive read access to a repository of your (random) colleague. Use the latest commit before the assignment (don’t accept any updated commits during the audit). Create a private fork and push your report and fuzz tests there. When you are done, create a pull request to the original repository (the repository of your colleague), before the deadline. Regarding the structure and content, you can get inspired by the following report: Brahma. Delivery is the first revision of the audit (we might do a fix-review after for extra points).

Tasks
  1. Describe the System Overview
  2. Describe the Trust Model
  3. Describe your methodology
  4. Perform static analysis
  5. Perform local deployment
  6. Perform manual code review
  7. Write fuzz tests
  8. Describe your findings
  9. Write executive summary

Classification

  1. 40 points - Implementation
  2. 40 points - Security assesment
  3. 10 points - CTF bonus task

Deadlines

  1. Task I. (Implementation) - November 29, 2024
  2. Task II. (Security Audit) - January 3, 2025

Teachers

The course is teached by internal professors at CTU and external industry experts.

prof. Ing. Róbert Lórencz, CSc.SupervisorCTU FIT
Marek BielikLecturer + TutorCTU FIT
Josef Gattermayer, Ph.D.Lecturer + TutorCTU FIT and Ackee Blockchain Security
Ing. Andrey BabushkinTutorAckee Blockchain Security
Jakub RůžičkaLecturer + Tutor