Librarium
Settings

Codehawks Sparkn Audit Contest Deep Dive - 1.5 Hours Walkthrough

Johnny Time
gaminglearningaudit contestauditing contestblockchain securitycode4renacode4rena audit contestcodehawkscodehawks audit contestdeep divedefi securityhow to audit smart contractpublic auditingroadmapsherlocksherlock audit contestsmart contract auditsmart contract auditingsmart contract hackingsmart contract securitysolidity auditingsolidity hackingsolidity securitysparkntutorialwalkthroughweb3 bug bountiesweb3 hackingweb3 security

Welcome back, Web3 security fellows! In this in-depth video, I take you on a journey through the recent Codehawks Sparkn Audit Contest.

Interested in becoming a smart contract auditor? Check out my comprehensive course with hands-on exercises, an exclusive Discord community for support, and and official certificate: https://johnnytime.xyz/smart-contract-hacker

I'll provide you with an overview of this exciting challenge and a closer look at the smart contracts involved. We'll explore different methods of distributing rewards and understand why certain vulnerabilities pose severe risks while others are less critical.

I'll address the replay attack scenario and explain why it's not a concern in this context. We'll also dive into the false positive related to the owner timelock and discuss its implications.

One of the high-severity findings involves the potential loss of tokens. I'll break down this issue and its significance.

Moving on, we'll explore some low-severity findings, clarifying their impact and importance. We'll also discuss why frontrunning isn't a concern due to the way "create2" works.

We'll cover a medium-severity issue involving ERC777 tokens and explore another medium-severity challenge related to out-of-gas scenarios when dealing with numerous winners.

We'll take a moment to check in on submissions from students, highlighting their progress and contributions to the auditing community.

Finally, we wrap up with a general Q&A session, where I'll address your burning questions and share some exciting news about upcoming opportunities for the smart contract hacking course students.

Connect with Me: Twitter: https://twitter.com/RealJohnnyTime LinkedIn: https://www.linkedin.com/in/johnnytime/

Timestamps 00:00:00 Intro 00:00:50 Previous Contests Results 00:10:04 Sparkn Contest Overview 00:15:32 Sparkn Smart Contracts Overview 00:26:30 Different Ways to Distribute Rewards 00:30:05 Why Replay Attack isn't Possible 00:37:45 False Positive: Owner Timelock 00:41:50 High Severity: Tokens Can Be Lost 00:49:20 Low Severity Findings Explained 00:50:25 Why Frontrunning isn't Possible (create2) 00:52:15 Medium Severity: ERC777 Tokens DOS 00:55:40 Medium Severity: Many Winners - Out of Gas 01:00:30 Checking Students Submissions 01:08:45 General Q&A and Alpha Time ... https://www.youtube.com/watch?v=W2UMx6nK0VE

2023-09-11
0.0 LBC
Copyrighted (contact publisher)

583175958 Bytes