Ethereum?

Ref. CoinMarketCap

Non-Fungible Token (NFT)?

Ref. Top 10 most expensive NFTs ever sold

Hmm?

Ref. Top 10 most expensive NFTs ever sold

Or a $600m Hack in 2022?!

Ref. rekt.news

REKT (e.g., Phishing, Scams, Rug Pulls, Hacks)?

Ref. defiyield.app

→ Wait, what was the market cap of Ethereum?

Seriously?

Ref. defiyield.app

This Class …

Disclaimer. Don’t invest in cryptocurrencies! Say it out loud!

Let’s evaluate it by ourselves; is it usable to run this simple class on Ethereum?
Let’s focus on technical aspects of these hacks and exploits
It’s, admittedly, a fun playground for bug hunters like us
Guided bug hunting plus CTF for bounties and awards!

Course Goals and Objectives

Not just about theory, but more about “how-to” learn:
1. Learn by coding
2. Learn by guidance
3. Learn from peers

→ So you can continue to learn blockchain/smart contracts even after graduation!

Prerequisite

CS 6265: Info Sec Lab: Binary Exploitation (recommended)
Any CTF experiences?
Ready to learn new langs? e.g., JavaScript, Python, Solidity, EVM, Brownie ..!

The hands are faster than eye; learning by typing is effective than by reading! –Taesoo

General Information

MS Team: join lab/team channels for discussion
Zoom: allowing a remote participation via zoom (email us!)
Office hours: will be announced soon!
Head TA: Ammar Askar (aaskar@gatech.edu)
Unofficial TAs: Seeking whom can do dryrun of the labs and help peers (email us)!

Grading Policy

(Can we enforce these policies with DAO?)

Lab (30%)
Team challenges (30%)
Bug finding or final project (40%)

→ Or #ETH on your account = your grade? Open to any interesting ideas!

Bonus: Bug Bounties!

Ref. Immunefi

Game Plan

Part 1. Week 01-06: Guided, CTF-style Lab 01-06 (30%)
Part 2. Week 07-10: Challenges prepared by each team (30%)
Part 3. Week 11-14: Bug hunting! or Research project (40%)

→ Likely participate in a CTF together (talking to a start-up now)!

Part 1: Week 01-06 (6 Weeks)

Every week, you are asked to complete:

One in-class tutorial
Lab: 8-12 challenges per week
No deadline! (until the end of the semester)

Part 2: Week 07-10 (4 Weeks)

Each of two teams (four per team) will be organizing:

Present past hacks and their postmortem analysis
Prepare similar hacks as challenges, 3-4 minimized versions

Part 3: Week 11-14 (4 Weeks)

Bug hunting (or research projects)!

Two weeks: invited talks by auditors in the field
Two weeks: Bug hurting reports and short project presentation

In-class Structure

1.5h: Logistics, short lecture
1.5h: In-class tutorial (discussed later)

We reply on lots of well-prepared materials on the Internet!

This Week’s Study

Ethereum.org Docs (ED)
- Overview
- Intro to Ethereum/Ether
- Accounts
- Transactions
- Blocks
Ethereum Yellow Paper (YP): §1-§4
Ethereum/EVM Illustrated (EI): §1/p1-43

→ Tutorial: Getting Started and First Transaction!

Ethereum Yellow Paper (YP)

Ethereum: A Transaction-based State Machine

Ref. EI §1

Ethereum can be viewed as a transaction-based state machine

Ethereum: A Transaction-based State Machine

Ref. EI §1

Ethereum can be viewed as a transaction-based state machine
Transaction represents a valid arc b/w two states (e.g., A transfers $ to B)

Block and Transactions

Transactions are collated into blocks
A block is a package of data

Chain of States

From the viewpoint of the states,
Ethereum can be seen as a chain of states

Chain of Blocks: Blockchain

From the viewpoint of the implementation,
Ethereum can also be seen as a chain of blocks, so called “Blockchain”

Stack of Transactions: Ledger

From the viewpoint of the ledger,
Ethereum can also be seen as a stack of transactions

Block Explorer: BlockScout in CS8803

State Change by a Transaction in BlockScout

World State

Ref. EI §1

The world state is a mapping between “address” and “account state” (later)

Account State

Ref. EI §1

An account state could contain EVM code and storage

Two Types of Accounts

Ref. EI §1

Two Types of Accounts

Ref. EI §1

Example: Account State of EOA

Example: Check EOA’s State on Geth

// nonce
> web3.eth.getTransactionCount("0x1c32b77528CbCd9a192bd75C407cc01F0c4004f9")
1

// balance
> web3.eth.getBalance("0x1c32b77528CbCd9a192bd75C407cc01F0c4004f9")
1.0000085262497899999985299e+26

// code
> web3.eth.getCode("0x1c32b77528CbCd9a192bd75C407cc01F0c4004f9")
"0x"

// storage
> web3.eth.getStorageAt("0x1c32b77528CbCd9a192bd75C407cc01F0c4004f9", 0)
"0x0000000000000000000000000000000000000000000000000000000000000000"

Example: Account State of CA (Main)

Example: Check EOA’s State on Geth

// nonce
> web3.eth.getTransactionCount("0x10F8F2f4372ca8580F1B80694fB38113627E3B73")
1

// balance
> web3.eth.getBalance("0x10F8F2f4372ca8580F1B80694fB38113627E3B73")
0

// code
> web3.eth.getCode("0x10F8F2f4372ca8580F1B80694fB38113627E3B73")
"0x6080604052600436106101445760003560e01c8063c9bbdb48116100c0578..."

// storage
> web3.eth.getStorageAt("0x10F8F2f4372ca8580F1B80694fB38113627E3B73", 0)
"0x000000000000000000000000015aa9fc32e280a70b639ecdc6203b917d9bfcdf"

Address of Accounts

Ref. EI §1

Example: Address of EOA

>>> from eth_utils import keccak
>>> from eth_keys import PrivateKey
>>> from hexbytes import HexBytes

>>> sk = PrivateKey(b"\x02"*32)
>>> sk.public_key
'0x4d4b6cd1361032ca .... (64 bytes)'

# address = last 20 bytes of a public key's hash
>>> HexBytes(keccak(sk.public_key.to_bytes())[-20:])
'0x5050a4f4b3f9338c3472dcc01a87c76a144b3c9c'

>>> sk.public_key.to_address()
'0x5050a4f4b3f9338c3472dcc01a87c76a144b3c9c'
>>> sk.public_key.to_checksum_address()
'0x5050A4F4b3f9338C3472dcC01A87C76A144b3c9c'

About “Checksum” Address (EIP-55)

To avoid typos or errors during data transmission

def to_checksum_address(address):
    address_hash = keccak(address)
    rtn = []
    for i, c in enumerate(address):
        if int(address_hash[i], 16) > 7:
            rtn.append(c.upper())
        else:
            rtn.append(c)
    return "".join(rtn)

Transaction

Ref. EI §1

Two Types of Transactions

Ref. EI §1

A Transaction to World State

Ref. EI §1

Message Call

Ref. EI §1

Example: Transfer $ETH

> web3.eth.getBalance(a1)
0

> web3.eth.sendTransaction({from: a0, to: a1, value: web3.toWei("1", "gwei")}
"0x885bd6aec26a006eb2957413a626e670335289fe971168f56ae6e8a84f9c4b80"

> web3.eth.getBalance(a1)
1000000000

→ Today’s Tutorial: in MetaMask, in Geth and in web3.js

Fields of a Transaction

Ref. EI §1

Example: Transaction

> web3.eth.getTransaction("0x885bd6aec26a006eb2957413a626e670335289fe971168f56ae6e8a84f9c4b80")
{
  from: "0x1c32b77528cbcd9a192bd75c407cc01f0c4004f9",
  to: "0x5e3fc8f77d1c499c7c178d3efac6f62a1f9c669e",
  chainId: "0x539",
  gas: 21000,
  gasPrice: 1000000007,
  hash: "0x885bd6aec26a006eb2957413a626e670335289fe971168f56ae6e8a84f9c4b80",
  maxFeePerGas: 1000000014,
  maxPriorityFeePerGas: 1000000000,
  nonce: 1,
  r: "0xa49126d55d25f4e709ef506da648e2ae8d2a32776e5092abcccc913a7f364e72",
  s: "0x26763b7c023ff965f451f2f18596cac4240d3be421929e88671c5b5827ecea21",
  v: "0x1",
  type: "0x2",
  value: 1000000000
  ...
}

Example: TransactionReceipt

> web3.eth.getTransactionReceipt("0x885bd6aec26a006eb2957413a626e670335289fe971168f56ae6e8a84f9c4b80")
{
  blockHash: "0xf1986b3663c7705a1e09e1faa54a0aec6ebdc0948688ad10aa93ce942f54d045",
  blockNumber: 65702,
  contractAddress: null,
  cumulativeGasUsed: 21000,
  effectiveGasPrice: 1000000007,
  from: "0x1c32b77528cbcd9a192bd75c407cc01f0c4004f9",
  gasUsed: 21000,
  status: "0x1",
  to: "0x5e3fc8f77d1c499c7c178d3efac6f62a1f9c669e",
  transactionHash: "0x885bd6aec26a006eb2957413a626e670335289fe971168f56ae6e8a84f9c4b80",
  transactionIndex: 0,
  type: "0x2"
  ...
}

Globally Shared, Transactional Database

Ref. EI §1

Decentralized Database

Ref. EI §1

P2P Network Inter Nodes (Geth)

Ref. EI §1

Interface to a Node (Geth)

Ref. EI §1

Example: Geth and Network

> txpool.inspect
{
  pending: {
    0x5e3FC8f77d1C499c7C178d3EfaC6F62A1f9C669e: {
      17: "0x1c32b77528CbCd9a192bd75C407cc01F0c4004f9: 1000000000 wei + 21000 gas × 1000000014 wei"
    }
  },
  queued: {}
}

CS8803 Ethereum Network Stats on EthStats

Example: Lab01. Mining on Geth

> miner.setEtherbase(eth.accounts[0])
> eth.coinbase
"0x1c32b77528cbcd9a192bd75c407cc01f0c4004f9"

> miner.start()
...

Interfaces

Week 1: web3.js via dev console (JavaScript), geth console (JavaScript)
Week 2: web3.py (Python), remix (IDE), brownie (Python), Solidity
Other popular choices: Truffle, Hardhat, ether.js

CS8803: Exploiting Smart Contract and DeFi

Ethereum?

Non-Fungible Token (NFT)?

Hmm?

Or a $600m Hack in 2022?!

REKT (e.g., Phishing, Scams, Rug Pulls, Hacks)?

Seriously?

This Class …

Course Goals and Objectives

Prerequisite

General Information

Grading Policy

Bonus: Bug Bounties!

Game Plan

Schedule

Part 1: Week 01-06 (6 Weeks)

Part 2: Week 07-10 (4 Weeks)

Part 3: Week 11-14 (4 Weeks)

In-class Structure

This Week’s Study

Ethereum Yellow Paper (YP)

Ethereum: A Transaction-based State Machine

Ethereum: A Transaction-based State Machine

Block and Transactions

Chain of States

Chain of Blocks: Blockchain

Stack of Transactions: Ledger

Block Explorer: BlockScout in CS8803

Block Explorer: BlockScout in CS8803

Block Explorer: BlockScout in CS8803

State Change by a Transaction in BlockScout

World State

Account State

Two Types of Accounts

Two Types of Accounts

Example: Account State of EOA

Example: Check EOA’s State on Geth

Example: Account State of CA (Main)

Example: Check EOA’s State on Geth

Address of Accounts

Example: Address of EOA

About “Checksum” Address (EIP-55)

Transaction

Two Types of Transactions

A Transaction to World State

Message Call

Example: Transfer $ETH

Fields of a Transaction

Example: Transaction

Example: TransactionReceipt

Globally Shared, Transactional Database

Decentralized Database

P2P Network Inter Nodes (Geth)

Interface to a Node (Geth)

Example: Geth and Network

CS8803 Ethereum Network Stats on EthStats

Example: Lab01. Mining on Geth

Interfaces

Lab01!

References