I’ve been providing blockchain security and crypto compliance training awareness sessions since 2013.
I’m sharing my latest blockchain security training material under the Creative Commons Attribution-NonCommercial 4.0 International License.
Free download – PDF [22 MB] – No registration required
Copyright © Marin Ivezic 2022
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
This is a comprehensive introduction to blockchain technology and its implementations, together with related cyber risks and vulnerabilities. The material presents a number of countermeasures and best practices to deter threats to blockchain solutions.
Table of Contents
1. Introduction to Blockchain
2. Blockchain Cryptography
- Hash Functions
- Public Key Cryptography
- Advanced Cryptographic Applications
3. Blockchain Consensus Security
- Introduction to Consensus
- Securing Proof of Work (The 51% Attack, Denial of Service Attacks, Selfish Mining, SPV Mining)
- Securing Proof of Stake (XX% Attack, The Proof of Stake “Timebomb”, Long-Range Attacks, The Nothing at Stake Problem, Resource Exhaustion Attacks)
4. Blockchain User, Node, and Network Security
- User Security (Non-Random Private Keys, Exposed Mnemonic Seeds, Nonexistent/Insecure Backups, Third-Party Key Management, Phishing Attacks, Compromised Hardware Wallets Unverified Transactions, DeFi Spend Approvals)
- Node Security (Blockchain Breakouts, Denial of Service Attacks, Malware, Man-in-the-Middle Attacks, Software Misconfigurations)
- Network Security (Denial of Service Attacks, Eclipse/Routing Attacks, Sybil Attacks)
5. Smart Contract Security
- Introduction to Smart Contract Security
- General Programming Vulnerabilities (Arithmetic Vulnerabilities, Decimal Precision, Digital Signature Vulnerabilities, External Dependencies, Text Direction, Unsafe Serialization)
- Blockchain-Specific Vulnerabilities (Access Control, Denial of Service, Frontrunning, Rollback Attacks, Timestamp Dependence, Weak Randomness)
- Platform-Specific Vulnerabilities (Denial of Service: Block Gas Limits, Denial of Service: Unexpected Revert, Forced Send of Ether, Missing Zero Address Checks, Reentrancy, Short Addresses, Token Standards Compatibility, Unchecked Return Values, Unsafe External Calls)
- Decentralized Finance (DeFi) Vulnerabilities (Access Control, Centralized Control and Governance, Cross-Chain Bridge Vulnerabilities, Frontend Vulnerabilities, Price Manipulation)
- Non-Fungible Token (NFT) Vulnerabilities (Forged NFTs, Off-Chain Assets, Malicious NFTs, Unlimited Token Supplies)
- Securing Smart Contracts (Secure Smart Contract Development Resources, Smart Contract Security Audit Tools)
6. Developing Secure Blockchain Systems
- Blockchain Architecture
- Balancing Blockchain Benefits and Risks
- Regulatory Considerations for Blockchain Systems
For over 30 years, Marin Ivezic has been protecting financial services and critical infrastructure against cyber, financial crime, and regulatory risks. He previously held multiple interim CISO, CRO and technology leadership roles in Global 2000 companies. Since 2013 he has been advising institutions and regulators around the world on safe, secure and compliant adoption of crypto assets and other decentralized technologies.