I hope you all are doing well and fine! Welcome to the awesome world of Blockchain Security. As promised in my introductory Genesis 0x00 post, I am back with the first edition of our Genesis Series. For those who don’t know what Genesis is; Let’s do a quick introduction to this series.
Genesis is a series of weekly articles on Blockchain Security, which will include interesting topics such as Blockchain basics, Blockchain Development, Ethereum 101, Building Dapps, Common vulnerabilities in smart contracts, Auditing Solidity source code, Static analysis of Smart contracts, latest news and the future state of DeFi.
🏗️🔨 Building vs Breaking
Without knowing how an application/protocol/framework is built or structured, we cannot proceed further with its security audit or find any vulnerabilities in it, however, If you do manage to find actual vulnerabilities in a smart contract or any blockchain protocol, without having any prior knowledge of how it is built and structured; You were just throwing arrows in the dark, and got lucky.
To a great extent, your ability to break into an application is directly proportional to your understanding of how that application is built and structured, that said we will be focusing on blockchain development before we jump to the security aspects related to it.
This article will be laying down a path/roadmap for us, following which we will enter into the field of Blockchain Security together 🤝.
All you need is the plan, the road map, and the courage to press on to your destination. - Earl Nightingale
✔️The only Roadmap you need
This Roadmap is not exhaustive, but it is organized and covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security. It also acts as a guide to our future articles in Genesis Series.
Note: I handpicked these topics and links to the resources listed below, all of these resources are 100% free. In my coming articles in the Genesis Series, we will be starting from Blockchain Basics (skipping rudimentary topics such as basics of internet,
Web2.0 security, etc).
- Elementary Topics:
- Familiarity with Linux OS.
- Understanding of commonly used
- Understanding of version control systems such as
- What is
- Good understanding of Object Oriented programming.
- Familiarity with Package Managers (
- Basics of Internet:
- Good understanding of Networking concepts.
- How a Web Browser works.
- What is
DNS(What happens behind the scenes when you type
google.comin web browser).
- What is
HTTPProtocol and how it works.
- What are
HTTPRequest and Response headers.
- What is
- Familiarity with Browser’s developer tools.
Web2.0(how a typical
Web2.0application is packaged and deployed).
- Existing Authentication/Authorization models in
- What is HTTP Caching.
- OWASP Top 10:
- Broken Access Control vulnerabilities.
- Cryptographic Failures.
- Injection vulnerabilities.
- Insecure Design.
- Security Misconfigurations.
- Vulnerable and Outdated Components.
- Identification and Authentication Failures.
- Software and Data Integrity Failures.
- Security Logging and Monitoring Failures.
- Server-Side Request Forgery.
- OWASP Top 10:
- Basics of Blockchain:
- What is Asymmetric Cryptography.
- What is Elliptic Curve Cryptography.
- Understanding of commonly used words in Blockchain world, such as Programmable, Distributed, Decentralized, Immutable, Unanimous, Time-Stamped, etc.
- Bitcoin Whitepaper.
- What is Double-spending problem and how bitcoin solves it.
- What is Consensus Algorithm.
- Proof of work vs Proof of stake.
- What is Bitcoin Mining and how ASIC is better than regular mining gig.
- What is 51% Attack.
- Basics of Ethereum:
- What is Etheruem.
- Why Etheruem is termed as
- How Ethereum is different from its predecessor blockchains.
- What is Ethereum Protocol and how it works.
- The Ethereum Foundation and the ether presale
- What is Ether Currency.
- What are transactions in ethereum ecosystem.
- What are different types of accounts (EOAs vs contract accounts).
- Wallets and Ethereum clients.
- Public Key vs Private Key.
- What is Gas.
- What is Mining.
- What is a block explorer.
- What are different types of networks in ethereum (Mainnet vs Testnet).
- What are EIPs.
- What are ERC standards.
- What is ERC20 Standard.
- What is ERC721 Standard.
- What is Turing Completeness.
- What is Ethereum Virtual Machine(EVM).
- What are Smart Contracts.
- Ethereum Higher Level languages (Solidity, Vyper, LLL, Serpent).
- Understanding Solidity
- What is Solidity.
- What is Remix IDE.
- What are different Data Types in Solidity (Boolean, Integer, Fixed point, Address, Byte array, Enum, Arrays, Struct, Mapping, Time units, Ether units).
- What are Predefined Global Variables and Functions (
- Error handing in Solidity.
- What is Ethereum Contract ABI.
- Life Cycle of Smart Contract.
- Compiling, testing, Deploying smart Contracts.
- What is JSON RPC.
- Interacting with smart contracts using an external library such as
- Frameworks for Ethereum development:
- Smart Contract Security:
- Visualization Tools:
- Linters and formatters:
- Common Vulnerabilities in Smart contracts:
- What is Reentrancy.
- What is Junk code (Code With No Effects).
- What is Unencrypted Private Data On-Chain.
- What is Integer Overflow and Underflow.
- What is Floating
- What is Unchecked Call Return Value.
- What is Unprotected
- State Variable Default Visibility.
- What is Uninitialized Storage Pointer.
- Use of Deprecated Solidity Functions.
- DoS with Failed Call.
- Authorization through
- Signature Malleability.
- Weak Sources of Randomness from Chain Attributes.
- Lack of Proper Signature Verification.
- Missing Protection against Signature Replay Attacks.
- Insufficient Gas Griefing.
- DoS With Block Gas Limit.
- Hash Collisions With Multiple Variable Length Arguments.
- Message call with hardcoded gas amount.
- Oracle Manipulation.
- Static and Dynamic Analysis:
- Blockchain CTFs:
- Bug Bounty Platforms with Crypto Programs:
- The future of Ethereum:
For your convenience in tracking your progress while following the above roadmap, I am sharing a publicly readable version of my Notion notes, which you can copy it to your own Notion notebook as a template for tracking your progress.
Link to my notion notebook can be found here.
- Ethereum Homestead Documentation
- Ethereum Community guides and resources
- Solidity Documentation
- Solidity, Blockchain, Smart Contract Course
- DeFi Developer Road Map
That was all from my side in this article; See you very soon in Genesis 0x02, Keep warm, stay hydrated and have good day ahead :)
💌 Want to support my work?
If you think my work has added some value to your existing knowledge, then you can Buy me a Coffee here (and who doesn’t loves a good cup of coffee?)
Subscribe to Genesis’s Newsletter to get future articles/updates/blockchain-related news directly in your mailbox.