I’ve been providing blockchain security and crypto compliance training awareness sessions since 2013.
I’m sharing my latest blockchain security training material under the Creative Commons Attribution-NonCommercial 4.0 International License.
Free download – PDF [22 MB] – No registration required
Copyright © Marin Ivezic 2022
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
This is a comprehensive introduction to blockchain technology and its implementations, together with related cyber risks and vulnerabilities. The material presents a number of countermeasures and best practices to deter threats to blockchain solutions.
Table of Contents
1. Introduction to Blockchain
2. Blockchain Cryptography
- Hash Functions
- Public Key Cryptography
- Advanced Cryptographic Applications
3. Blockchain Consensus Security
- Introduction to Consensus
- Securing Proof of Work (The 51% Attack, Denial of Service Attacks, Selfish Mining, SPV Mining)
- Securing Proof of Stake (XX% Attack, The Proof of Stake “Timebomb”, Long-Range Attacks, The Nothing at Stake Problem, Resource Exhaustion Attacks)
4. Blockchain User, Node, and Network Security
- User Security (Non-Random Private Keys, Exposed Mnemonic Seeds, Nonexistent/Insecure Backups, Third-Party Key Management, Phishing Attacks, Compromised Hardware Wallets Unverified Transactions, DeFi Spend Approvals)
- Node Security (Blockchain Breakouts, Denial of Service Attacks, Malware, Man-in-the-Middle Attacks, Software Misconfigurations)
- Network Security (Denial of Service Attacks, Eclipse/Routing Attacks, Sybil Attacks)
5. Smart Contract Security
- Introduction to Smart Contract Security
- General Programming Vulnerabilities (Arithmetic Vulnerabilities, Decimal Precision, Digital Signature Vulnerabilities, External Dependencies, Text Direction, Unsafe Serialization)
- Blockchain-Specific Vulnerabilities (Access Control, Denial of Service, Frontrunning, Rollback Attacks, Timestamp Dependence, Weak Randomness)
- Platform-Specific Vulnerabilities (Denial of Service: Block Gas Limits, Denial of Service: Unexpected Revert, Forced Send of Ether, Missing Zero Address Checks, Reentrancy, Short Addresses, Token Standards Compatibility, Unchecked Return Values, Unsafe External Calls)
- Decentralized Finance (DeFi) Vulnerabilities (Access Control, Centralized Control and Governance, Cross-Chain Bridge Vulnerabilities, Frontend Vulnerabilities, Price Manipulation)
- Non-Fungible Token (NFT) Vulnerabilities (Forged NFTs, Off-Chain Assets, Malicious NFTs, Unlimited Token Supplies)
- Securing Smart Contracts (Secure Smart Contract Development Resources, Smart Contract Security Audit Tools)
6. Developing Secure Blockchain Systems
- Blockchain Architecture
- Balancing Blockchain Benefits and Risks
- Regulatory Considerations for Blockchain Systems