Blockchain Development and Security

Instructor: Wu-chang Feng and Charles Wright
Contact and discussion: Office hours: here
Resources
Course Description This class provides an overview of blockchain systems and how they are built. Students will get hands-on experience working with public blockchains such as Ethereum as well as build and deploy permissioned blockchains such as HyperLedger Sawtooth. Aside from lecture material, the coursework consists of hands-on lab exercises, a lab notebook, homework assignments, and a final project.

Schedule

Week 1
  Course overview
    - Bitbucket repositories, Google Cloud Platform credits
  Blockchain overview and applications (supply-chain, healthcare, financial)
  Underpinnings of blockchains
    - Public-key cryptography and digital signatures
    - Hash functions and pre-image resistance
    - Consensus protocols
      o Lottery-based (Proof-of-work, Proof-of-stake, Proof-of-elapsed Time)
      o Voting-based (Byzantine Fault Tolerance, Paxos)
  Basic blockchain systems
    - Bitcoin, Ethereum, Hyperledger Sawtooth
  Topic selection for presentations
Week 2
  Block-chain development: transactions
    - Hyperledger Sawtooth codelabs #1/2/3/4
      o Lab notebook of demo
      o Code in sawtooth{01,02,03,04}
Week 3
  Block-chain development: smart contracts
    - Ethereum Programming: Solidity with CryptoZ (Web3.js, ERC20 tokens, ICOs)
      o Lab notebook with endings of all 6 chapters
Week 4
    - Ethereum Tools: Metamask/Wallets/Remix/DApps
    - Ethereum codelabs #1/2
      o Lab notebook of demo (including contract/wallet addresses)
      o Code for PiggyBank in piggybank
Week 5
  Block-chain security overview
    - DASP Top 10 security vulnerabilities
    - SI CTF intro and setup
      o SI_Donation (MyEtherWallet)
  Block-chain security (Secrets)
    - D6: Bad Randomness
      o SI_LockBox, SI_HeadsOrTails
      o Code for SI_Lottery (HW)
Week 6
  Block-chain security (Language and EVM issues)
    - D3: Arithmetic issues (Types)
      o SI_TokenSale
    - D2/D5: Access Control / Denial of Service
      o SI_PiggyBank, SI_SecureBank
    - D1/D4: Re-entrancy / Unchecked low-level calls
      o SI_TrustFund
    - D9: Short addresses
  Block-chain security (Mining issues)
    - D7 / D8 / Dx : Front-running / Time manipulation / 51%
Week 7
  Final project assigned
    - Build your own DApp, Ethernaut CTF
  Block-chain security (Symbolic Execution)
    - Automatic smart contract analysis
  Advanced topics
    - Languages (SolidityX)
    - Consensus (BFT-based block-chains)
Week 8-9
  Advanced topics
    - Paper presentations
Week 10
  Final project work

Course objectives

  • Examine the underpinnings of blockchain systems and their applications
  • Develop and deploy blockchain applications and smart contracts (DApps)
  • Analyze smart contracts for security vulnerabilities
  • Exploit smart contract vulnerabilities
  • Use symbolic execution to automatically reveal smart contract vulnerabilities
 

Policies

Grading
Attendance and participation 10%
Lab Notebook 40%
Bitbucket code 20%
Presentations 10%
Final Project 20%
Attendance and participation To encourage collaboration and to establish a positive learning community, attendance and participation throughout the term will be graded. In addition, mutual respect, tolerance, and encouragement are expected, while comments seeking to demean, embarrass, or otherwise disrupt others' ability to learn are not. Specific examples of participation include asking questions, helping other students out, and identifying mistakes in the course content either in class or on the Slack channel.
Academic misconduct
  • Includes allowing another student to copy your work unless specifically allowed by the instructor.
  • Includes copying blocks of code from external sources without proper attribution
  • Results in a grade of 0 for the assignment or exam.
  • Results in the initiation of disciplinary action at the university level.