Main Page
NIE-BLO Blockchain Course
Students will understand the foundations of blockchain technology, smart contract programming, smart contracts auditing and will gain an overview of the most notable layer ones (Bitcoin, Ethereum, Solana). They will be able to design, code, test and audit a secure decentralized application using the most up-to-date industry standards. The course is led by the Department of Information Security and web3 security industry experts thus focuses mainly on the security of smart contract implementations. It is concluded with a defense of a semester project, which prepares the students for implementing and reviewing complex smart contracts.
Pre-requirements
Warning:
Knowledge of the following is required to fully understand the presented materials (we don’t teach this).
Good knowledge of C/C++, algorithms, data structures, software testing methods, git workflow. Some knowledge of Python or Javascript.
Tech stack
Technologies used during the semester; Solidity, Python, Wake (alternatives: Hardhat, Slither, Echidna), Solidity for VS Code (alternatives: Remix IDE).
Semester project
The semester concludes a project of two stages - Task I. Implementation and Task II. Security Audit.
Task I. (Implementation)
Each student implements a smart contract on given assigment.
Task II. (Security audit)
The goal is to perform a security audit over a Task I. You will receive read access to a repository of your (random) colleague. Use the latest commit before the assignment (don’t accept any updated commits during the audit). Create a private fork and push your report and fuzz tests there. When you are done, create a pull request to the original repository (the repository of your colleague), before the deadline. Regarding the structure and content, you can get inspired by the following report: Brahma. Delivery is the first revision of the audit (we might do a fix-review after for extra points).
Tasks
- Describe the System Overview
- Describe the Trust Model
- Describe your methodology
- Perform static analysis
- Perform local deployment
- Perform manual code review
- Write fuzz tests
- Describe your findings
- Write executive summary
Classification
- 40 points - Implementation
- 40 points - Security assesment
- 10 points - CTF bonus task
Deadlines
- Task I. (Implementation) - November 29, 2024
- Task II. (Security Audit) - January 3, 2025
Teachers
The course is teached by internal professors at CTU and external industry experts.
prof. Ing. Róbert Lórencz, CSc. | Supervisor | CTU FIT |
Marek Bielik | Lecturer + Tutor | CTU FIT |
Josef Gattermayer, Ph.D. | Lecturer + Tutor | CTU FIT and Ackee Blockchain Security |
Ing. Andrey Babushkin | Tutor | Ackee Blockchain Security |
Jakub Růžička | Lecturer + Tutor |