Skip to main content

BlockBash

Where developers learn Ethereum security

free. open source. hands-on.

1
Step 1Pick a Theory tutorial
2
Step 2Do a hands-on lab
3
Step 3Get automated feedback

Step 1: Pick a Theory tutorial

Are you a Solidity developer looking to increase your security knowledge? You're in the right place!

To start, pick a

Theory tutorial to receive an introduction to a topic. Each tutorial has content that's dedicated to visual learners. This includes diagrams (as seen below), as well as code examples.

Diagram Example
Tip:

Click on the image to zoom in

Attacker Contract
Attacker Contract
Balance
Balance
1 eth
1 eth
Logic
Logic
Call deposit() to transfer 1 eth to Vulnerable Contract
Call deposit() to tr...
Vulnerable Contract
Vulnerable Contract
Logic
Logic
withdrawAll()
withdrawAll()
Does Attacker Contract have a positive balance?
Does Attacker Contrac...
Transfer 1 eth to Attacker Contract
Transfer 1 eth to Att...
True
True
3b
3b
4a
4a
State
StateBalances
Account
Account
Balance
Balance
Attacker Contract
Attacker Contract
1 eth
1 eth




Seeding Phase
Seeding Phase
Transfer Phase
Transfer Phase
Deduction Phase
Deduction Phase
Attacker Contract
Attacker Contract
1 ethLib
1 ethLib
Balance
Balance
0 eth
0 eth
+ 1 eth
+ 1 eth
2
2
Logic
Logic
Call withdrawAll()
to withdraw 1 eth from Vulnerable Contract
Call withdrawAll()...

Receive 1 eth from Vulnerable Contract
Receive 1 eth from V...
4b
4b
5
5
3a
3a
Vulnerable Contract
Vulnerable Contract
Logic
Logic
withdrawAll()
withdrawAll()
Set
Attacker Contract balance
to 0
Set...
State
StateBalances
Account
Account
Balance
Balance
Attacker Contract
Attacker Contract
0 eth
0 eth
Vulnerable Contract
Vulnerable Contract
Logic
Logicdeposit()
Update Attacker Contract
Balance to 1 eth
Update Attacker Contract...
1
1
State
StateBalances
Account
Account
Balance
Balance
Attacker Contract
Attacker Contract
1 eth
1 eth
Red Arrows correspond to the "Attack Loop"
Red Arrows correspon...

There are two types of Theory tutorials:

  • Attack Theory: In order to write secure Solidity code, you need to understand how it can be hacked. This tutorial type will teach a security topic from an offensive (or "hacker") viewpoint.
  • Defend Theory: Will teach design patterns that help mitigate a particular vulnerability class.
Tip:

Start with a Attack Theory tutorial. If you don't know where to start, navigate to the Beginner Path.

Playlists

  • Filter Mode

Content Types

  • Attack Theory (1)
  • Attack Lab (2)
  • Defend Theory (1)
  • Defend Lab (2)

Content Categories

  • reentrancy (6)

Reentrancy Fundamentals: Attack Theory

Beginner

  • 🚗 Beginner Path ✍️ zach roof

  • 🗓️️ May 21, 2024 ⏱️ 30 minutes

In this lesson, you'll learn the theory behind Reentrancy attacks. In particular, you'll learn how the Attacker Contract will unexpectedly call (or "re-enter") the Vulnerable Contract before the Vulnerable Contract has updated its state.

  • reentrancy

Reentrancy Fundamentals: Attack Lab

Beginner

  • 🚗 Beginner Path ✍️ zach roof

  • 🗓️️ May 21, 2024 ⏱️ 30 minutes

In this lab, you'll leverage your Reentrancy knowledge to steal funds from the Vulnerable Contract.

  • reentrancy

Reentrancy Fundamentals: Attack Lab (Solution)

Beginner

  • 🚗 Beginner Path ✍️ zach roof

  • 🗓️️ May 27, 2024 ⏱️ 15 minutes

In this lesson, you'll review the Attack Lab's solution.

  • reentrancy

Reentrancy Fundamentals: Defend Theory

Beginner

  • 🚗 Beginner Path ✍️ zach roof

  • 🗓️️ May 21, 2024 ⏱️ 30 minutes

In this tutorial, you'll learn the theory behind Reentrancy defense.

  • reentrancy

Reentrancy Fundamentals: Defend Lab

Beginner

  • 🚗 Beginner Path ✍️ zach roof

  • 🗓️️ December 17, 1995 ⏱️ 15 minutes

Reentrancy Fundamentals Defend Lab

  • reentrancy

Reentrancy Fundamentals: Defend Lab (Solution)

Beginner

  • 🚗 Beginner Path ✍️ zach roof

  • 🗓️️ December 17, 1995 ⏱️ 15 minutes

Reentrancy Fundamentals Defend Lab Solution

  • reentrancy