Skip to main content

About

Overview

BlockBash is where developers learn Ethereum security concepts. It's run by volunteer Maintainers and is open source. The project's mission is to minimize ethereum-related security incidents through developer education. If you're interested in a visual walkthrough of how Blockbash works, please visit the Tutorials page. If you'd like to contribute to BlockBash, please visit the Contributing section.
Blockbash distinguishes itself from other educational content by:
  • Developer Focus: While a large percentage of ethereum security content caters to security researchers, we cater our content to developers. Additionally, we leverage tooling and concepts that are familiar to most developers (e.g., Visual Studio Code, design patterns, etc.)
  • Hands-on Learning Experiences: Every theory lesson has a corresponding hands-on learning experience (i.e., lab).
    • "One click" Initialization: We provide in-browser labs that can be created with one click. No more complicated installations that might not work on your computer.
    • Immediate Feedback: In some non-Blockbash labs, you need to look at the solution to verify that you've completed the lab correctly. We feel this is an impediment to learning. Within BlockBash, all labs provide a cli utility (cv) that verifies the learner's solution. Additionally, cv accounts for the fact that a lab can be solved multiple ways.
    • Cost Effective: All labs can be executed within a i) in-browser Github Codespace (which has a relatively generous free-tier); ii) local workstation. In general, Blockbash doesn't charge money for accessing content.
    • Offensive AND Defensive Labs: A high percentage of security content only focuses on how to hack (i.e., the offensive perspective). We provide an equal emphasis on how to defend against smart contract hacks. Within BlockBash, the learner starts by creating an exploit (Offensive Lab). Once the learner creates an exploit, the learner must create a solution that defends against the exploit (Defensive Lab). This "full cycle" learning gives an "end-to-end" understanding of a topic.
  • Dedicated To Visual Learners: Wherever possible, concepts are illustrated through visual examples. This includes diagrams, stack traces, git diff output, etc.
  • Up-to-date: Tired of out-of-date screenshots within learning materials? So are we. If an external tool is integrated into a Blockbash tutorial, there is a process that i) executes the tool ii) embeds the tool's output in the UI. Whenever an external tool is upgraded (within Blockbash), we can ensure that all relevant learning examples are updated as well.

    • Maintainers

    • Zach Roof: Zach describes himself as an ordinary guy who is extraordinarily curious. This curiosity has led him to become a Pluralsight author as well as roles within software development, devops, cloud security, and application security. By working on Blockbash, Zach hopes to mitigate the emotional (and financial) harm that comes from smart contract hacks. Outside of security, Zach is an outdoor enthusiast and is currently visiting all United States National Parks with his partner. If you'd like to reach out to Zach, email him at [email protected].

    Contributing

    Want to contribute to BlockBash? You are AWESOME! We welcome any help we can get. We're primarily interested in the areas listed below. If you feel you're a match, please email Zach ([email protected]).
    • Content Reviewer: No matter what your experience level, we need your feedback! In this volunteer role, you'll periodically review BlockBash content before it goes live. Depending on your background, this can include: reviewing prose, technical recommendations, developer experience, etc.