_Follow along with this video:_ --- ### Unsafe Casting Breakdown There's another issue with the line `totalFees = totalFees + uint64(fee)` that's similar to integer overflow, but a little different. Using `chisel` again, we can see that a max `uint64` is 18446744073709551615. ```bash Welcome to Chisel! Type `!help` to show available commands. ➜ type(uint64).max Type: uint ├ Hex: 0x000000000000000000000000000000000000000000000000ffffffffffffffff └ Decimal: 18446744073709551615 ➜ ``` We've also learnt that adding any to this number is going to wrap around to 0 again, but what happens if we try to cast a larger number into this smaller container? ::image{src='/security-section-4/31-unsafe-casting/unsafe-casting1.png' style='width: 75%; height: auto;'} We can see above that when `20e18` is cast as a `uint64` the returned value is actually the difference between `type(uint64).max` and `20e18`. Our value has wrapped on us again! ```js // twentyEth = 20000000000000000000 // type(uint64).max = 18446744073709551615 // uint64(twenthEth) = 1553255926290448384 ``` This is absolutely something we're calling out in our audit report. Puppy Raffle is at risk of losing so many fees!
Exploit: Unsafe casting
Overflow issue: Loss of significant digits due to uint64 casting from uint256, leading to lost fees. Importance of identifying & fixing in audit reports.
Solidity Developer
Smart Contract Security1. Introduction
An introduction to PuppyRaffle and all else that will be covered in this section! Duration: 5min
2. Puppy raffle primer
Learn coding bug detection in this mock audit! Explore, discover & review together. Duration: 2min
3. Phase 1: Scoping
Puppy Raffle Code Base, Git & Foundry Installation, Testing Coverage, Security View, Exploits. Duration: 4min
4. Tooling: Slither
Tooling in Smart Contract Auditing, Patrick Introduces Static Analysis. Using Slither by Trail of Bits to find bugs without executing code. Duration: 6min
5. Tooling: Aderyn
Introducing Aderyn: a static analysis tool for smart contracts, built with Rust by Alex Roan. Duration: 2min
6. Tooling: Solidity Visual Developer
Patrick goes over additional useful tools like Solidity Metics and Solidity Visual Developer. Duration: 3min
7. Recon: Reading docs
Puppy Raffle Audit Walkthrough - Main Branch Details. Patrick explains raffle documentation, functions, and entry requirements. Duration: 2min
8. Recon: Reading the code
Navigate PuppyRaffle codebase, player entry points, keyboard shortcuts. Duration: 5min
9. Recon: Reading docs II
In this lesson Patrick continues reading through the docs and even smell a bug! Duration: 3min
10. sc-exploits-minimized
Introducing the sc-exploits-minimized repo, a compilation of common smart contract vulnerability examples. Duration: 2min
11. Exploit: Denial of service
Explore a DoS attack using a minimalistic DOS contract. Learn how loops and arrays can make a protocol unusable. Duration: 7min
12. Case Study: DoS
Joined by Owen, we look into 2 case studies of real life DoS attacks: GMX V2 and the Bridges Exchange. Duration: 21min
13. DoS PoC
Puppy Raffle Denial of Service Attack - Identify and Test. Main focus: Unfair cost increase for late entrants, disadvantaging new players. Duration: 8min
14. DoS: Reporting
How to create a DOS security review report. Step-by-step process including title, root cause, impact, severity, likelihood, and mitigation strategy. Duration: 8min
15. DoS: Mitigation
How to Remove Duplicates from Arrays with Patrick Duration: 3min
16. Exploit: Business logic edge case
Patrick discusses the potential impacts of a user entering PuppyRaffle with a smart contract. Duration: 3min
17. Recon: Refund
Continuing our Recon of PuppyRaffle with the Refund function. Duration: 3min
18. Exploit: Reentrancy
Reentrancy Attack in PuppyRaffle: Deposit-Withdraw Loop Steals Funds Duration: 14min
19. Reentrancy: Remix example
Patrick shows a hacker draining a user's balance via Remix using re-entrancy exploit. Duration: 4min
20. Reentrancy: Mitigation
Fixing Re-Entrancy in Smart Contracts:CEI Pattern, Lock Variables & Non-Reentrant Modifier Duration: 4min
21. Menace To Society
DeFi reentrancy attacks: Importance of understanding past hacks for security pros; The DAO hack case study. Duration: 5min
22. Reentrancy: Recap
Patrick recaps reentrancy vulnerabilities and discusses prevention such as checks-effects-interactions (CEI) and non-reentrant modifiers. Duration: 3min
23. Reentrancy: PoC
Identify & exploit smart contract re-entrancy vulnerability for PuppyRaffle. Demo of POC with a hypothetical attacker contract. Discuss prevention methods. Duration: 8min
24. Recon: Continued
Smart contract codebase analysis, focusing on PuppyRaffle's selectWinner function. Checking timestamp, players, raffle status, winner calculation concern. Duration: 5min
25. Exploit: Weak randomness
Dive into PuppyRaffle's weak randomness. Patrick emphasizes use of secure sources like Chainlink VRF. Duration: 4min
26. Weak randomness: Multiple issues
Blockchain timestamps, previous block hashes, and transaction senders are unsuitable for secure random number generation. Use more reliable methods instead. Duration: 4min
27. Case Study: Weak Randomness
NFT product Mebits attacked, obtained rare NFT worth almost $1M; weak security measures. Duration: 7min
28. Weak randomness: Mitigation
Chainlink VRF for trustless randomness in apps, Patrick explains. No to alternative methods. Duration: 1min
29. Exploit: Integer overflow
Bug in smart contract due to arithmetic overflow; demonstrates with Solidity code & offers solutions. Duration: 8min
30. Integer overflow: Mitigation
Fixing Solidity Arithmetic Issues: Use Newer Version Duration: 2min
31. Exploit: Unsafe casting
Overflow issue: Loss of significant digits due to uint64 casting from uint256, leading to lost fees. Importance of identifying & fixing in audit reports. Duration: 4min
32. Recon II
Patrick continues his reconnaissance of PuppyRaffle! Duration: 11min
33. Exploit: Mishandling Of ETH
Identifying the mishandling of ETH in PuppyRaffle and outlining issue with relying on .balance in contract accounting. Duration: 3min
34. Mishandling of ETH: Minimized
How ETH Misuse Leads to Smart Contract Vulnerability, Patrick Explains Solutions Duration: 6min
35. Case Study: Mishandling of ETH
SushiSwap attack: Poor handling of ETH led to a real-life attack, causing significant monetary loss. Read detailed case study. Duration: 3min
36. Recon III
PuppyRaffle walkthrough continues, covering functions & exploits. Go through code multiple times for understanding. Identify areas for improvement. Duration: 7min
37. Answering our questions
Going back through the notes we left ourselves and answering some of the questions we'd asked! Duration: 4min
38. Info and gas findings
Improving code quality through an audit: Use specific Solidity versions, define constants, check library security, make storage variables immutable. Duration: 5min
39. Pit stop
Conducting Code Quality Test Using Slither & Aderyn Tools; Practice Tips Given by Patrick. Duration: 2min
40. Slither walkthrough
Slither is a static analysis tool that is useful for securing smart contracts. A walkthrough of its use. Duration: 13min
41. Aderyn walkthrough
A brief walkthrough of Aderyn and how to use it to supercharge your smart contract security reviews. Duration: 3min
42. Test coverage
Code Coverage Check Using Foundry, Aderyn & Slither Duration: 1min
43. Phase 4: Reporting primer
Learn report writing for security reviews & effective communication in bug bounties with Patrick. Master competitive audits & finding submission. Duration: 3min
44. What is a competitive audit?
Competitive Audits - Discover Bugs, Win Rewards! Get started with Patrick's guidance, perfect for aspiring smart contract security professionals. Duration: 5min
45. Codehawks
Join CodeHawks for Competitive Audits & practice. Live competitions, real $$$. Duration: 3min
46. Submitting a competitive audit finding
Patrick demonstrates how to submit findings in a competitive audit, emphasizing the importance of building your auditing portfolio. Duration: 4min
47. Reporting templates
Introducing some useful templates and processes for audit reporting. Duration: 3min
48. Reporting: Floating pragma
Walkthrough of the floating pragma informational finding report. Duration: 2min
49. Reporting: Incorrect solc version
Quick walkthrough of reporting an incorrect solc version. Duration: 2min
50. Reporting: Unchanged state variables should be immutable or constant
Learn how to track gas consumption and identify where improvements can be made. Focus on gas optimization techniques and proper variable scoping. Duration: 2min
51. Reporting: Zero address check
Patrick explains zero address check and walks through reporting it. Duration: 1min
52. Reporting: Storage variables in loops should be cached
Optimize gas usage via caching store variables in loops, read memory instead of storage for efficiency. Duration: 2min
53. Reporting Findings We'll Cover Later
Audit Findings: MEV Attacks & Refund Function - To be covered later (Section 7.5) Duration: 1min
54. Reporting Reentrancy
How to write a security review finding for a reentrancy vulnerability including a mitigation recommendation. Duration: 8min
55. Reporting: getActivePlayerindex
Walkthrough of a report for our getActivePlayerIndex edge case! Duration: 5min
56. Reporting: Should Follow CEI
Informational PuppyRaffle issue, improving code with CEI. Duration: 2min
57. Reporting: Weak Randomness
Auditing blockchain randomness, Patrick explains how weak randomness can be exploited and suggests using secure generators like Chainlink VRF. Duration: 6min
58. Reporting: Magic Numbers
Focus on Magic Numbers & Named Constants. Patrick provides Solidity examples & tips. Duration: 2min
59. Reporting: Integer Overflow
Patrick explains two security issues found in PuppyRaffle - integer overflow and unsafe cast. Offers detailed explanations & potential mitigations. Duration: 8min
60. Reporting: Smart Contract Wallet Reverts Winning
Winning smart lottery without fallback causes restart issues & gas waste; Suggested mitigation: mapping addresses to payouts, 'claim prize' function. Duration: 5min
61. Reporting: Mishandling Of ETH
Writing our report for ETH Mishandling in PuppyRaffle. Duration: 2min
62. Reporting: Missing Events And Remove Dead Code
A quick report for missing events and unused function in PuppyRaffle! Duration: 2min
63. Adding The Audit To Our Portfolio
Learn how to create an audit report using Markdown and Pandoc, including adding logos, formatting sections, and converting the report to a PDF. Duration: 6min
64. Exercises
Protecting Web3 Against Hacks & Attacks; Remix Exploits & DeFi Challenges. Presented by Patrick. Includes Exercises & Case Studies. Duration: 5min
65. Solodit
Solodit - a Web3 audit finding aggregator. Learn from other auditors' reports & excel in competitive contests. Duration: 4min
66. Wrapping Up
Raffle complete, tweeting your success, CodeHawks First Flights, rest & rewards encouraged. Duration: 2min
Testimonials
Students Reviews
Read what our students have to say about this course.
Chainlink
Chainlink
Gustavo Gonzalez
Solutions Engineer at OpenZeppelin
Francesco Andreoli
Lead Devrel at Metamask
Albert Hu
DeForm Founding Engineer
Radek
Senior Developer Advocate at Ceramic
Boidushya
WalletConnect
Idris
Developer Relations Engineer at Axelar