HIT · CS Concentrations

COURSE · CY5

Blockchain & Decentralized Systems

בלוקצ'יין ומערכות מבוזרות

consensus under adversarial failure, smart-contract security, and decentralized trust

Building and securing blockchains, smart contracts, and DeFi.

Year 313 weeks2h lecture + 2h practiceProject-based

About this course

Study distributed ledgers, consensus, and smart contracts, and the security properties and limits of decentralized systems.

Course format. Thirteen weeks, four contact hours each: a two-hour lecture (concepts and theory) and a two-hour practice session. The course is project-based; teams carry one running project end to end and present it three times, in weeks 5, 8, and 13.
What you will build

Built a minimal but complete decentralized system, layering a simplified PBFT agreement module, Merkle-backed block integrity, proof-of-work mining, deployed Solidity contracts, a hierarchical deterministic multi-signature wallet, and an automated market maker, then audited and hardened it against reentrancy and flash-loan attacks.

Expected outcomes

  • Explain the distributed-systems foundations: replication, the CAP trade-off, and failure models.
  • Analyze Byzantine fault tolerance and the theory behind consensus protocols.
  • Describe Nakamoto consensus and proof-of-work and proof-of-stake security arguments.
  • Apply the cryptographic foundations of blockchains: hashes, signatures, and Merkle trees.
  • Build and deploy smart contracts and reason about their execution model.
  • Identify and exploit smart-contract vulnerabilities such as reentrancy and integer flaws.
  • Design secure wallet and key-management systems including hierarchical deterministic keys.
  • Assess DeFi protocols for economic and technical attack vectors.
  • Evaluate the security and decentralization trade-offs of a system design.
  • Audit a smart contract and produce a structured findings report.

Key topics

  • Consensus mechanisms
  • Smart contracts
  • Wallets & key management
  • DeFi security

Theoretical foundations

The concepts and results this course rests on.

  • replication, the CAP trade-off, and distributed failure models
  • the FLP impossibility result for asynchronous consensus
  • Byzantine fault tolerance and the Byzantine generals problem
  • Nakamoto consensus, proof of work, and the longest-chain rule
  • hashes, digital signatures, and Merkle trees as integrity backbone
  • the smart-contract execution and gas-metering model
  • economic security assumptions and attack vectors of DeFi

Prerequisites

This is a Year-3 course. It assumes the mandatory CS core: data structures and algorithms, operating systems, computer networks, databases, software engineering, and the core mathematics (linear algebra, probability and statistics, calculus, discrete mathematics). It additionally requires the specific prior courses listed below.

Course-specific prerequisites:

  • Cryptography fundamentals
  • Distributed systems and computer networks

Weekly schedule 13 weeks · lecture + practice

Foundations
Wk 1
Distributed systems and consensus theory
LectureCover replication, the CAP trade-off, failure models, and the FLP impossibility result that frames consensus.
PracticeSimulate a small replicated log and observe how message loss and ordering break consistency.
ProjectSet up the project repo and a baseline distributed-ledger simulation.
WatchMIT 6.824 Distributed Systems, Lecture 1: Introduction
Wk 2
Byzantine fault tolerance
LecturePresent the Byzantine generals problem and the PBFT protocol with its safety and liveness guarantees.
PracticeImplement a simplified PBFT round and test it against simulated Byzantine nodes.
ProjectAdd a Byzantine-fault-tolerant agreement module to the ledger.
WatchMIT 15.S12 Blockchain and Money, 4. Blockchain Basics and Consensus
Cryptographic foundations
Wk 3
Hashes, signatures, and Merkle trees
LectureReview cryptographic hashing, digital signatures, and Merkle trees as the integrity backbone of blockchains.
PracticeBuild a Merkle tree and signature-verification layer for the ledger's blocks.
ProjectAdd cryptographic block integrity and signed transactions to the ledger.
WatchMIT 15.S12 Blockchain and Money, 3. Blockchain Basics and Cryptography
Consensus
Wk 4
Nakamoto consensus and proof of work
LectureDerive proof-of-work, the longest-chain rule, and the security analysis of the Bitcoin backbone protocol.
PracticeImplement a proof-of-work miner and study fork resolution under competing chains.
ProjectAdd proof-of-work mining and longest-chain selection to the ledger.
WatchPrinceton Bitcoin, Lecture 1: Intro to Crypto and Cryptocurrencies · MIT 15.S12 Blockchain and Money, 4. Blockchain Basics and Consensus
Wk 5
Design specification and threat modelPresentation
LectureDiscuss proof-of-stake, finality, and the security and decentralization trade-offs across consensus designs.
PracticeTeam presentation: each team defends its system specification, consensus choice, and threat model.
ProjectFreeze the system specification and threat-model document.
Smart contracts
Wk 6
Smart contracts and the EVM
LectureExplain account models, the Ethereum Virtual Machine, gas, and the smart-contract execution lifecycle.
PracticeWrite, test, and deploy a first Solidity contract to a local development chain.
ProjectAdd a deployed smart-contract layer to the project.
WatchMIT 15.S12 Blockchain and Money, 6. Smart Contracts and DApps
Wk 7
Smart-contract vulnerabilities
LectureAnalyze reentrancy, integer issues, access-control flaws, and oracle manipulation with real case studies.
PracticeExploit a vulnerable contract in a sandbox and then patch the reentrancy flaw.
ProjectDocument and fix vulnerabilities in the project's contracts.
WatchReentrancy: Hack Solidity (0.6) · Read Only Reentrancy: Hack Solidity (0.8)
Wk 8
Secure development and testingPresentation
LectureCover secure patterns, invariants, formal-style testing, and the role of audits.
PracticeTeam presentation: interim demo of the deployed contracts with a live vulnerability and its fix.
ProjectPresent the interim contract suite with a security test report.
Wallets and keys
Wk 9
Wallets and key management
LecturePresent elliptic-curve keys, address derivation, hierarchical deterministic wallets, and seed-phrase security.
PracticeBuild an HD wallet that derives keys and signs transactions for the ledger.
ProjectAdd a hierarchical deterministic wallet to the project.
WatchHierarchical Deterministic Wallets (HD): BIP32 from Seed
Wk 10
Custody and multi-signature security
LectureDiscuss hot versus cold storage, multi-signature schemes, threshold signatures, and key-recovery design.
PracticeImplement a multi-signature approval flow and test recovery and revocation scenarios.
ProjectAdd multi-signature custody controls to the wallet.
DeFi
Wk 11
DeFi protocols and mechanisms
LectureExplain automated market makers, lending, liquidity, and the economic assumptions DeFi relies on.
PracticeDeploy a simple automated-market-maker contract and trace swaps and liquidity events.
ProjectAdd a basic DeFi mechanism to the project's contract layer.
Wk 12
DeFi attacks and auditing
LectureCover flash-loan attacks, oracle manipulation, and economic exploits, plus the audit methodology.
PracticeRun a flash-loan-style attack against the AMM, then audit and harden it.
ProjectAudit the DeFi layer and apply hardening fixes.
WatchFlash Loans and Attacks Explained
Capstone
Wk 13
Final system and audit defensePresentation
LectureReview the full stack from consensus through contracts and wallets and the security arguments at each layer.
PracticeTeam presentation: final demonstration with an oral defense of the audit report and design choices.
ProjectDeliver the complete decentralized system with a security audit report.
AI tools in this course.

Students use AI assistants throughout the decentralized-system build: scaffolding and refactoring Solidity contracts and the off-chain ledger code, generating Foundry and Echidna test suites and invariants, and explaining Slither static-analysis output. They vibe-code exploit proofs of concept, prompting the assistant to write a reentrancy or flash-loan attack against their own AMM and then to propose the checks-effects-interactions fix. AI helps interpret EVM traces in Tenderly, derive HD-wallet and multi-signature logic, and turn an audit pass into a structured findings report, and students drive deployment tooling and wallet libraries through it, but they re-run every AI-proposed fix through the fuzzer and on-chain tests, because a contract that merely looks safe can still lose funds.

Student project

Teams build a minimal but complete decentralized system, layering consensus, cryptographic integrity, smart contracts, wallets, and a DeFi mechanism, then audit and harden it. Each layer is accompanied by a demonstrated attack and a fix. The capstone defends a full security audit report orally.

Requirements

  • Build a working system, not a set of disconnected exercises.
  • Be original: a new system that solves a real problem, not a re-implementation of a tutorial or course demo.
  • Show real depth: real data, real users or realistic load, and engineering trade-offs that are measured rather than assumed.
  • Carry one running project from specification to a deployed, defensible result across the whole term.
  • Work in a team of three or four and defend the design at each of the three presentations (weeks 5, 8, and 13).

Example projects

Mini proof-of-work blockchainPBFT permissioned ledgerToken with audited contractsHD multi-sig walletAutomated market maker with auditNFT marketplace security studyLending protocol exploit labCross-layer audit toolkit

Assessment & grading

Grading is project-based, with no written exam. Teams of three or four present one running project three times.

ComponentWhat it coversWeight
Project · SpecificationPresentation 1 (week 5): problem, objectives, and architecture20%
Project · InterimPresentation 2 (week 8): the working system demonstrated live30%
Project · FinalPresentation 3 (week 13): end-to-end demo with oral defense50%

Tools & platforms

  • Solidity: smart-contract programming language
  • Foundry: contract development, testing, and fuzzing
  • Hardhat: Ethereum development and deployment environment
  • Remix: browser-based contract IDE and debugger
  • Slither: static analysis for Solidity vulnerabilities
  • Echidna: property-based smart-contract fuzzing
  • Ganache: local Ethereum test chain
  • ethers.js: blockchain interaction and wallet library
  • MetaMask: wallet and key-management client
  • Tenderly: transaction simulation and debugging

Free online courses

Existing free, video-based courses this course can build on, for self-study or as a teaching basis.

In Hebrew · בעברית

Primary literature

Seminal works to read for graduate-level depth.

References

Books and resources link to an online or publisher page.

Role in each concentration

ConcentrationRole
Intelligent Software SystemsElective
Networking & Cyber SecurityCore · Semester 2
AI & RoboticsElective
AI and Quantum Computing for FinanceCore · Semester 2
Immersive Systems & Game DevelopmentElective
Defense Technologies & Autonomous SystemsElective
← CY4 · Cyber-Security Governance, Risk & ComplianceAI1 · Language AI: LLMs and Agentic Systems →