Smart Contract Auditing and Exploitation
RCCE students will learn identifying vulnerabilities in Solidity and other smart contract languages. RCCE students will learn to apply industry-standard tools and techniques to identify weaknesses and verify security controls. The course covers practical scenarios ranging from initial setup to final reporting. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Smart Contract Auditing and Exploitation
- Monitor and audit privilege usage; detect escalation attempts
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Identify smart contract vulnerabilities, Apply industry-standard audit tools.
- Execute hands-on tasks for course structure — covering 8 hours of advanced training, Concept explanation + live demos.
- Execute hands-on tasks for smart contract fundamentals
- Execute hands-on tasks for key properties — covering Self-executing code on blockchain, Transparency: code is publicly verifiable.
- Monitor and audit privilege usage; detect escalation attempts, including $3.8B+ lost in 2022 from exploits.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for → state change →
- Design a scalable privilege management architecture with policy and enforcement, including 256-bit word size for all operations, and Max stack depth: 1024 items.
- Execute hands-on tasks for storage & memory layout — covering Storage: persistent key-value (256-bit), Memory: volatile, byte-addressable.
| Module 01 | Smart Contract Auditing |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Course Structure |
| Module 05 | Smart Contract Fundamentals |
| Module 06 | Key Properties |
| Module 07 | Audit vs. Traditional Testing |
| Module 08 | EVM Architecture Deep Dive |
| Module 09 | → State Change → |
| Module 10 | Stack Machine Model |
| Module 11 | Storage & Memory Layout |
| Module 12 | Solidity Language Security Model |
| Module 13 | Visibility Modifiers |
| Module 14 | State Mutability |
All hands-on labs run on Rocheston Rose X OS. Students practice smart contract auditing and exploitation by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Execute hands-on tasks for smart contract fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Smart Contract Auditing and Exploitation, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI