{"id":20433089,"url":"https://github.com/anataliocs/infura-security-workshop","last_synced_at":"2026-04-21T19:03:34.863Z","repository":{"id":82966500,"uuid":"489105345","full_name":"anataliocs/infura-security-workshop","owner":"anataliocs","description":"We are going to demonstrate common security vulnerabilities by live hacking a deployed smart contract. We will use Re-entrancy vulnerabilities to steal money from a contract and then go over how to prevent these attacks in your smart contracts.","archived":false,"fork":false,"pushed_at":"2023-09-24T04:51:14.000Z","size":28532,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-15T18:45:32.818Z","etag":null,"topics":["dapp","smart-contract","smart-contracts","solidity","truffle","truffle-framework"],"latest_commit_sha":null,"homepage":"https://infura.io","language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anataliocs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-05T19:42:06.000Z","updated_at":"2022-09-23T05:29:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"14f2169b-cf75-4c6c-b8f2-a14457b11499","html_url":"https://github.com/anataliocs/infura-security-workshop","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anataliocs%2Finfura-security-workshop","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anataliocs%2Finfura-security-workshop/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anataliocs%2Finfura-security-workshop/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anataliocs%2Finfura-security-workshop/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anataliocs","download_url":"https://codeload.github.com/anataliocs/infura-security-workshop/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241975634,"owners_count":20051500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dapp","smart-contract","smart-contracts","solidity","truffle","truffle-framework"],"created_at":"2024-11-15T08:17:40.810Z","updated_at":"2026-04-21T19:03:29.826Z","avatar_url":"https://github.com/anataliocs.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Infura Smart Contract Security Workshop\n\nWe are going to demonstrate common security vulnerabilities by live hacking a deployed smart contract.  \nWe will use Re-entrancy vulnerabilities to steal money from a contract and then go over how to prevent these attacks in your smart contracts. \n\nClone this repository by running:\n\n```\n$ git clone git@github.com:anataliocs/infura-security-workshop.git\n```\n\n### Config\n\nBasic Setup:\n\n- [NodeJS](https://nodejs.org/en/) version 16 or above\n- [Visual Studio Code](https://code.visualstudio.com/)\n- [Git Bash](https://git-scm.com/downloads)\n- [Bash on VS Code](https://www.shanebart.com/set-default-vscode-terminal/)\n\nInstall Ganache CLI:\n\nCheck out the repo for more info: https://github.com/trufflesuite/ganache\n\n```\nnpm install ganache --global\n```\n\nSet up env vars:\n\n```bash\nnpm i dotenv\n```\n\nAdd the local env config:\n\n```\ntouch .env\n```\n\n\n```text\nMNEMONIC=[YOUR GANACHE MNEMONIC]\n\nCONTRACT_ADDRESS_ATTACKER=[DEPLOYED ATTACKER CONTRACT]\nCONTRACT_ADDRESS_ETHER_BANK=[DEPLOYED ETHERBANK CONTRACT]\n```\n\n## Module 1: Re-entrancy\n\nThis module allows you to reproduce a re-entrancy attack.\n\n```\ncd reentrancy-example\n```\n\n### To deploy to your local Ganache instance:\n\nIn a new console tab run:\n\n```\nganache\n```\n\n```\ntruffle compile\n```\n\nThen execute:\n\n```\ntruffle migrate\n```\n\n### Execute the attacking contract:\n\nRun the following script\n\n```bash\nnpx truffle exec scripts/attack.js \n```\n\n## Module 2 Oracle Manipulation\n\n\nWe will demonstrate Oracle Manipulation of a spot price feed.\n\n### Run a local Chainlink Node\n\nCreate the directories for the Chainlink Database and the Chainlink Node:\n\n```\nmkdir -p chainlink/db\nmkdir -p chainlink/chainlink_rinkeby\n```\n\nCreate the container for the PostgreSQL database\n\n`docker run --name postgres-chainlink -v $HOME/chainlink/db:/var/lib/postgresql/data -e POSTGRES_PASSWORD=myPostgresPW -d -p 5432:5432 postgres:11.12`\n\nCreate the chainlink Postgres user in postgres database container:\n\n`docker exec -it postgres-chainlink psql -U postgres -c \"CREATE USER chainlink WITH PASSWORD 'ChainlinkCONSENSYS123@@@';\"`\n\nCreate the Chainlink Database (for the Rinkeby test-network in this sample)\n\n`docker exec -it postgres-chainlink psql -U postgres -c \"CREATE DATABASE \"chainlink_rinkeby\";\"`\n\nGrant the provilieges to the chainlink user\n\n`docker exec -it postgres-chainlink psql -U postgres -c \"GRANT ALL PRIVILEGES ON DATABASE \"chainlink_rinkeby\" TO chainlink;\"`\n\nCreate the .env file for the chainlink node and refer to the required Ethereum network and to our new Postgres Database\n\n`vi chainlink/chainlink_rinkeby/.env`\n\nand enter\n\n```\nROOT=/chainlink\nLOG_LEVEL=debug\nETH_CHAIN_ID=4\nMIN_OUTGOING_CONFIRMATIONS=2\nLINK_CONTRACT_ADDRESS=0x01BE23585060835E02B77ef475b0Cc51aA1e0709\nCHAINLINK_TLS_PORT=0\nSECURE_COOKIES=false\nGAS_UPDATER_ENABLED=true\nALLOW_ORIGINS=*\nETH_URL=wss://rinkeby.infura.io/ws/v3/\u003cYOUR_INFURA_PROJECT_ID\u003e\nDATABASE_URL=postgresql://chainlink:ChainlinkCONSENSYS123@@@@localhost:5432/chainlink_rinkeby?sslmode=disable\n```\n\nCreate the .password file which holds the password for your node wallet\nvi chainlink/chainlink_rinkeby/.password\n\n```\nChainlinkCONSENSYS123@@@\n```\n\nCreate the .api file which holds the credentials for the GUI interface of the node\n```\nvi chainlink/chainlink_rinkeby/.api\n```\nand enter your email address and password. This password must be 8 to 50 characters.\n\n```\n\u003cYOUR_EMAIL_ADDRESS\u003e\n\u003cYOUR_NODE_GUI_PASSWORD\u003e\n```\n\nNow we can create the container for the chainlink node itself\n```\ndocker run -p 127.0.0.1:6688:6688 --name chainlink_rinkeby --network=host -v $HOME/chainlink/chainlink_rinkeby:/chainlink -it --env-file=$HOME/chainlink/chainlink_rinkeby/.env smartcontract/chainlink:0.10.8 local n -p /chainlink/.password -a /chainlink/.api\n```\n\nLogin to Chainlink node\n\n`docker exec -it chainlink_rinkeby chainlink admin login`\n\nCreate new Job on node\n\n`chainlink jobs create a.toml`\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanataliocs%2Finfura-security-workshop","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanataliocs%2Finfura-security-workshop","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanataliocs%2Finfura-security-workshop/lists"}