Intro to Web3 Security

Intro

I meant to write this for the (then-upcoming) ctf at ctf.paradigm.xyz, but I’m doing it now a few months late. To introduce people to the new and exciting world of ✨blockchain✨, I wrote a really long/unfinished writeup on everything I could remember at first. I ended up scrapping it, then dividing it up into more manageable pieces. Now, months later, I’m giving an actual introduction to web3 ctfs.

Stuff I’m going to cover:

• Part 1:
  • the basics of ethereum and a simple example involving fictional “BlueCoin”
  • the basic tech stack for ethereum(I haven’t seen any bitcoin challenges, and solana challs seem a bit harder imo)
• Part 2: not done
  • first half of the tech stack - writing code in Solidity(ethereum’s programming language)
  • also compiling/deploying/interacting with that code using a GUI(the Remix IDE, the official ethereum IDE)
• Part 3: not done
  • second half of the tech stack - interacting with the blockchain programmatically
  • compiling/deploying/interacting with Solidity without a GUI
• Part 4: not done
  • the fun stuff!
  • the security part of ethereum
    • “private” variables
    • reentrancy attacks
    • mistakes you can make when writing solidity
    • mistakes involving solidity versions

Below are some general resources. GLHF!

General Resources:

• Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript – 32-Hour Course | Freecodecamp
• Smart Contract Programmer’s videos and website
• Ethereum/EVM Smart Contract Reverse Engineering & Disassembly - Blockchain Security #3 | Fuzzing Labs - Patrick Ventuzelo -
• creator of ethereum’s talk at devcon