Cairo Security Unlocked

Welcome to Cairo Security Unlocked. In this comprehensive course, you'll master the security aspects of Cairo smart contracts and Starknet development. From understanding zero-knowledge protocol vulnerabilities to auditing Cairo contracts, each module builds your expertise in securing decentralized applications on Starknet. Whether you're a developer, auditor, or security researcher, this course will equip you with the knowledge to identify and prevent security issues in Cairo-based systems.

Cairo Security Unlocked: Introduction

Introduction to the course and security of zero knowledge systems

Key concepts include:

  • Security on ZK Protocols
  • Common Vulnerabilities
  • Auditing ZK Systems

Link for the accompanying slides here.

Cairo Security Unlocked: Cairo Language Fundamentals

Introduction to the Cairo language

Key Cairo Language Features:

  • Ownership
  • Structs
  • Traits
  • Matching
  • References and Snapshots
  • Differences between Cairo and Solidity

Link for the accompanying slides here.

Starklings Side-Quest

If you're just getting started with Cairo, dive into these side-quest modules to explore the basics. Already familiar with Cairo? Feel free to skip ahead. For those who complete these side-quests, stay tuned—more are coming soon!

Starklings Side-Quest: Variables in Cairo

Starklings Side-Quest: Primitive Types in Cairo

Starklings Side-Quest: Felt Operations in Cairo

Cairo Security Unlocked: Starknet Architecture

Details of Starknet architecture

Including

  • Layer 2 chains
  • Starknet Components
  • Interactions between Layer 1 and Layer 2

Link for the accompanying slides here.

Cairo Security Unlocked: Contract Structure

Cairo Contract Structure

This module will cover

  • The anatomy of a contract
  • Contract storage
  • Advanced contract features
  • Including Open Zeppelin contracts
  • Interacting with other contracts
  • Build tools

Link for the accompanying slides here.

Cairo Security Unlocked: Vulnerability Analysis

Auditing Cairo contracts in detail

We will investigate vulnerabilities

  • General smart contract vulnerabilities
  • Cairo specific vulnerabilities
  • Starknet vulnerabilities
  • L1 to L2 interoperability

Link for the accompanying slides here.

Cairo Security Unlocked: Security Tools

Cairo Security Tools

An overview of Cairo tools

  • Cairo development tools
  • Auditing tools

Link for the accompanying slides here.

Cairo Security Unlocked: Testing Techniques

Here we look at useful testing techniques

We will look at

  • Auditors expectations
  • Unit tests with Foundry
  • Fuzz testing
  • Fork testing

Link for the accompanying slides here.

Cairo Security Unlocked: General Auditing

General Auditing

In this module we widen the focus to look at auditing in general

  • General features of auditing
  • Audit process
  • Estimating cost
  • Categorising severity

Link for the accompanying slides here.

Cairo Security Unlocked: Audit Report Analysis

We look at some audit reports to highlight vulnerabilities

The issues covered are

  • Lack of access control
  • Inconsistent storage updates
  • Reentrancy
  • Sandwich attacks

Link for the accompanying slides here.