On Thursday, June 6, the closing event of the fifth edition of the Blockchain Technologies course at the University of Málaga took place. Once again, the event was held in collaboration with Fortris, which provided its space for the presentation in a public event. We thank Antonio Tovar Quijada for the welcome and Cristina del Álamo Trespaderne for her support in the organization.
Introduction to the course
Before the project presentations, Isaac Agudo, CEO of Decentralized Security, gave a general introduction about the development of this edition for those who were not students of the course.
The main novelty of this edition was the semi-presential format, with approximately 4 in-person hours per week, distributed over two alternate days, usually Tuesday and Thursday.
The main novelty of this edition was the semi-presential format, with approximately 4 in-person hours per week, distributed over two alternate days, usually Tuesday and Thursday. Additionally, the content on blockchain infrastructures was reinforced, including hands-on exercises with Lightning networks using Polar and Ethereum layer 2 with Polygon CDK. All information about the course is available on the website.
Projects presented
This year, five projects developed by the students were presented, covering topics from payments with Lightning Network to Account Abstraction in Ethereum. Below is a summary of each of them.
Point of Sale using Lightning Network
Coordinated by Clovr Labs, which has been supporting the course for two years with scholarships for students. Representing the company were Aleksandar Yabalkarov and Marcos F.
The project consisted of an iOS application that allows businesses to receive payments through Lightning Network, manage receipts, and process refunds using the device camera and QR codes to exchange information between the point of sale and the Zeus wallet of the customer. The students Ana Gil Orozco, Ignacio Caballero Peñalver and Héctor Guzmán Arroyo were responsible for its development.
The use cases of LN are numerous, allowing for near-instant and private payments using a Bitcoin wallet.
After reviewing the technology, the demo showcased the app in action. The app is deployed on an iPad and an iPhone, which are the devices used by the store to process payments. The iPad displays the payment QR code for the customer, who is responsible for making the payment using an LN-compatible wallet. In the demo Zeus was used. As part of the demo, the refund process was also demonstrated, all happening instantly using the LN network.
All the code is available in this repo
Smart Contracts Audits
This project was jointly coordinated between Decentralized Security and José Carlos Ramírez, a Web3 auditor and professor of the Smart Contract auditing module of the course. Representing Decentralized Security, Marco López González presented the project. The students who participated in the project were Juan Díez García, Martín Jerónimo Salvachúa and Manuel B. (from left to right in the photo).
The work was divided into two phases. First, the students thoroughly explored the auditing module and analyzed Faillapop, , a set of Smart Contracts with intentionally designed vulnerabilities for study purposes.
In the second phase, students had to select two of the discovered vulnerabilities and create a repository for each with a small functional project where these vulnerabilities could be examined in isolation. As a reference, the students started from an example repository developed by Marco López González for a workshop at Hackers Week, held at the E.T.S.I. Informática – UMA in March 2024. The presented repository was a Vulnerable Lottery, a simple lottery example with two main roles: the draw owner and the users who can buy tickets. Once the lottery closes, a winner is chosen.
Each project includes a description of the contract or contracts involved, their methods, as well as tests that are clearly insufficient to ensure the project is free of vulnerabilities. If you’re curious to see what vulnerability is hidden in this project, don’t waste any more time and check out the repo, where you’ll also find a link to the rest of the exercises developed in this project.
Ethereum MPC Wallet
This project was coordinated by Fortris, which has been supporting the course for two years, not only with scholarships but also by providing its agora for the final project presentations, complementing the excellent periodic meetups they organize in Málaga related to Blockchain. Representing Fortris were Antonio Tovar Quijada and Iván San José García.
The students involved were Laura Granda Fernández , Salvador Carlos Postigo Alcaraz and Miguel Vázquez (from left to right). The project consisted of a proof of concept for an Ethereum wallet using Binance‘s tss-lib library, a Multi-Party Computation (MPC) library that enables key generation and ECDSA signatures using threshold cryptography.
The proof-of-concept scenario involved a network of three nodes generating ECDSA keys, ensuring that the private key was distributed among the nodes. The threshold of 2 means that each individual node cannot access the generated private key alone and requires collaboration with at least one other node.
In the proof of concept, the library was adapted to work with Ethereum’s Sepholia testnet and was also linked to a tool developed by Fortris for sending RAW Ethereum transactions, Ethereum Tool. The developed tool must be launched concurrently on all three nodes to execute a protocol among them.
The demo showcased how to create an address among three nodes and sign transactions. The address used for testing was: 0x2FC2C8CA36788AaA56459Ad5448a9D92a32c56Ce
All the code is in this repo.
DappHomes: Domotic Data Sharing with TACo
This project resulted from a collaboration between NuCypher (representing the Threshold network) and NICS Lab to define a proof of concept for TACo. TACo is an evolution of the initial blockchain-based secure information-sharing solution developed by David Nuñez as part of his doctoral thesis. Representing NuCypher, Manuel Montenegro gave a brief introduction to TACo.
The students involved were Marcos Hernández Marcelino, Pepe Guerrero Montero and Adrián Pérez López (from left to right in the photo).
The students had total freedom to design a solution that used TACo technology in an innovative way. In this case, they focused on the home automation sector and built a team where each member focused on a primary task. TACo enables access control policies for data to be implemented in a decentralized manner on the blockchain, and for the demo, the students created a marketplace for home automation data.
The project was not just based on TACo. The contracts were deployed on Polygon Labs‘ Amoy testnet, and IPFS was used to store encrypted data. In addition to developing custom sensors, an integration with OpenWeather was also implemented.
The demo showcased how users could subscribe to home automation data from a house, specifically temperature and humidity information.
The best part was that the data was not synthetic—code was developed for real sensors that encrypted and sent the information to IPFS. All the code is available in this repo.
Account Abstraction Proof of Concept
This project emerged from a collaboration between the company IZERTIS and the NICS Lab group to develop proof-of-concept applications using Account Abstraction in Ethereum networks. Representing Izertis, Urko Larrañaga Piedra and Miguel Angel Calero Fernández led the project. The students were Fran Guerrero, Manuel David Romero Guerrero and Francisco Ruiz González (from left to right in the image).
The proof of concept involved deploying an Account Abstraction testing environment as a Hardhat project, enabling various tests and modifications to the transaction verification mechanisms.
Specifically, the project focused on using RSA and ECDSA digital signatures for user transaction verification, aiming to extract public verification keys from X.509 identity certificates and link a traditional digital identity based on digital certificates with a smart wallet.
All the test code is in this repo.
This fifth edition of the Blockchain Technologies course has once again demonstrated the enormous talent of the students and the potential of blockchain technology in various fields. At Decentralized Security, we are proud to have participated in this program and will continue contributing to training and security in the Web3 ecosystem.