Librarium
Settings

CodeHawks Contests LIVE Deepdive

Johnny Time
auditauditingauditing contestblockchainblockchain securitybreakdowncodecodebasecodehawkscontestdeepdivehackingplatformsecuritysmart contractsmart contract auditsmart contract auditingsmart contract hackingsmart contractsweb3web3 security

In this most recent live session, we got into CodeHawks, a new platform established by the one and only Patrick Collins. Think of it as an auditing marketplace: developers can submit codebases for private or competitive smart contract audits and skilled auditors can help secure them.

CodeHawks: https://codehawks.com/

Foundry StableCoin Contest: https://www.codehawks.com/contests/cljx3b9390009liqwuedkn0m0

Escrow Contest: https://www.codehawks.com/contests/cljyfxlc40003jq082s0wemya

Become a Smart Contract Hacker & Join the Community: https://johnnytime.xyz/smart-contract-hacker

Together with the students of the Smart Contract Hacking course, we tapped into two of the most recent audits: Foundry DeFi Stablecoin and Escrow Contract, offering impressive rewards of $15,000 and $40,000 respectively.

We explored the platform and unraveled the contest details. Additionally, I shared my personal approach and auditing methods. Together with the students of the SCH course, we broke down the codebases to the core and exchanged our findings in the contests. Our session was obviously a two-way street, so all the students raised their questions, especially about the contests.

In case you have some burning questions about the novel CodeHawks platform yourself or want some more first-hand insight on the audits, explore CodeHawks together in this LIVE session alongside the students of the Smart Contract Hacking course.

00:00:00 Intro 01:50 What is CodeHawks 00:02:20 The StableCoin Contest 00:06:40 Reviewing Contest Submissions 00:10:20 StableCoin Codebase Overview & My Audit Methodology 00:24:00 Medium Issue 1: USDT Can't be Supported 00:26:50 Minting DSC & Health Factor Calculations 00:35:30 Liquidations 00:37:30 Medium Issue 2: Deployment Issue 00:38:30 High Issue 1: WBTC Positions Can't be Liquidated 00:50:00 High Issue 2: WBTC Can't be Used to Mint DSC 00:55:40 High Issue 3: WBTC Can be Stolen From Users Using Liquidations 01:05:10 High Issue 4: Liquidations Issues 01:12:40 Auditing Tip: State Transitions and Scenarios 01:13:40 Gas Optimization Submissions 01:16:50 The Escrow Contest 01:21:15 Low Quality Submissions 01:23:50 Auditing Tip: Unit Tests Coverage 01:25:10 Escrow Codebase Overview & My Audit Methodology 01:30:00 Gas Optimization Submission 1: Use OZ Clones 01:36:10 Medium Issue 1 01:40:00 Gas Optimization Submission 2: Code Logic Optimization 01:45:50 Questions and Answers 01:49:00 Summary & Outro ... https://www.youtube.com/watch?v=C-GRDhA9B9U

2023-08-12
0.0 LBC
Copyrighted (contact publisher)

712527366 Bytes