├── DeFi-hack.png
├── Demystifying-1.jpg
├── IMG_6906.PNG
├── README.md
└── openzeppelin-referral.md
/DeFi-hack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RektifyAI/auditing-demystified/f68e185875366b8bde3be2414c48a7eb51aecc24/DeFi-hack.png
--------------------------------------------------------------------------------
/Demystifying-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RektifyAI/auditing-demystified/f68e185875366b8bde3be2414c48a7eb51aecc24/Demystifying-1.jpg
--------------------------------------------------------------------------------
/IMG_6906.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RektifyAI/auditing-demystified/f68e185875366b8bde3be2414c48a7eb51aecc24/IMG_6906.PNG
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # How to get started as a smart contract auditor
2 |
3 | Becoming a smart contract auditor can be daunting if you don't know where to start. The truth is you don't have to come from a super technical background to become a smart contract auditor. The eye for detecting where things can go wrong is a strongsuit most auditors have to foresee vulnerabilities that can graduate to detrimental attacks. Here is a concise repo of auditing resources from Youtube videos, articles, docs, and excerpts to get you started on your bug hunting journey. Please share. Let's make Web3 a safer place.
4 |
5 | - [ ] [Quick Start](https://start.blockchainhax.com) 🎊
6 |
7 | ----
8 |
9 |
10 |
11 | 
12 |
13 |
14 | ----
15 | ### Secure Smart Contract Development
16 | - [ ] [OpenZepplin Contracts](https://github.com/OpenZeppelin/openzeppelin-contracts)
17 | - [ ] [Defender 2.0 by OpenZepplin](https://docs.openzeppelin.com/defender/v2/)
18 | - [ ] [Ethereum Improvement Proposals(EIP)](https://eips.ethereum.org/erc)
19 | - [ ] [How to become a smart contract auditor | The complete roadmap 2023](https://www.cyfrin.io/blog/how-to-become-a-smart-contract-auditor)
20 |
21 | ### Ethereum TL:DR
22 | - [ ] [Whitepaper](https://ethereum.org/en/whitepaper/)
23 | - [ ] [Use-case for Smart Contracts](https://www.youtube.com/watch?v=kdvVwGrV7ec)
24 | - [ ] [Zellic 2023 Smart Contract Source Index](https://huggingface.co/datasets/Zellic/smart-contract-fiesta)
25 |
26 | ### Youtube Videos
27 | - [ ] [Bug Bounty Playlist](https://youtube.com/playlist?list=PLKB0wJ6ZsFfHOFFJijZTdQFUvwMS6oZg7)
28 | - [X] [Solidity Smart Contracts in 100 seconds](https://www.youtube.com/watch?v=kdvVwGrV7ec)
29 | - [X] [Smart Contract Security and Auditing 101 by Chainlink](https://www.youtube.com/watch?v=0aJfCug1zTM&list=PLKB0wJ6ZsFfHOFFJijZTdQFUvwMS6oZg7&index=6)
30 | - [X] [EatTheBlocks: How to audit your smart contract code](https://www.youtube.com/watch?v=VAumxFQOU0o&list=LL&index=2&t=195s)
31 | - [ ] [EatTheBlocks: Gas Optimization in Solidity: 10 tips](https://www.youtube.com/watch?v=PYilP2bjtwc)
32 | - [ ] [NEAR Smart Contract Security Course](https://www.youtube.com/playlist?list=PL7Gwuo_MOL740lhKTvouCJvk4sAyuqZqT)
33 | - [ ] [32-Hour Course on Solidity](https://www.youtube.com/watch?v=gyMwXuJrbJQ)
34 | - [ ] [Secureum Bootcamp - Ethereum 101](https://youtu.be/44qhIBMGMoM)
35 | - [ ] [Rust Tutorial Full Course](https://www.youtube.com/watch?v=ygL_xcavzQ4)
36 | - [ ] [Secure Development Series](https://www.youtube.com/playlist?list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz)
37 | - [ ] [Spearbit DAO Youtube](https://www.youtube.com/@Spearbit/videos)
38 | - [ ] [SolidityATL Web3 Security Fall '23 Session 3](https://www.youtube.com/watch?v=hCY5j8L3JQM)
39 |
40 |
41 | ### Testing Frameworks
42 | - [X] [Truffle](https://trufflesuite.com)
43 | - [X] [Foundry](https://getfoundry.sh)
44 | - [X] [Hardhat](https://hardhat.org)
45 | - [X] [Brownie](https://eth-brownie.readthedocs.io/en/stable/)
46 |
47 | ### Articles
48 | - [ ] [How to become a smart contract auditor by Cmichel](https://cmichel.io/how-to-become-a-smart-contract-auditor/)
49 | - [ ] [Solidity Learning: ```revert()```, ```assert()```, and ```require()``` in Solidity, and the New REVERT Opcode in the EVM](https://medium.com/blockchannel/the-use-of-revert-assert-and-require-in-solidity-and-the-new-revert-opcode-in-the-evm-1a3a7990e06e)
50 | - [ ] [Awesome Blockchain Security by xxxeyJ](https://github.com/xxxeyJ/Awesome-Blockchain-Security)
51 | - [ ] [Check out Rekt.news Leaderboard!](https://rekt.news/leaderboard/)
52 | - [ ] [All known smart contract-side and user-side attacks and vulnerabilities in Web3.0, DeFi, NFT and Metaverse + Bonus by Officer CIA](https://telegra.ph/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31)
53 | - [ ] [MEV Explore - Post-Merge](https://explore.flashbots.net)
54 | - [ ] [Unsafe Delegatecall (Part #2) | Hack Solidity #5](https://coinsbench.com/unsafe-delegatecall-part-2-hack-solidity-5-94dd32a628c7)
55 | - [ ] [Severity Classification System](https://immunefisupport.zendesk.com/hc/en-us/articles/13333032674961-Severity-Classification-System)
56 |
57 |
58 | 
59 |
60 |
61 | ### IDEs
62 | - [ ] [Remix](https://remix.ethereum.org/)
63 | - [ ] [VS Code](https://code.visualstudio.com/download)
64 | - [ ] [EthFiddle](https://ethfiddle.com)
65 | - [ ] [ChainIDE](https://chainide.com)
66 | - [ ] [Audit Wizard by Auditware](https://www.auditwizard.io)
67 | - [ ] Find more IDEs recommended by the Ethereum Foundation [here](https://ethereum.org/en/developers/docs/ides/)
68 |
69 | ### Token standards
70 | - [ ] [Token standards](https://ethereum.org/en/developers/docs/standards/tokens/)
71 |
72 | ### ETH Ecosystem Best Practices
73 | - [ ] [Ethereum Whitepaper](https://ethereum.org/en/whitepaper/)
74 | - [ ] [List from Consensys](https://consensys.github.io/smart-contract-best-practices/)
75 | - [ ] [Smart Contract Weakness Classification and Test Cases](https://swcregistry.io)
76 | - [ ] [Common Web3 Security Issues](https://github.com/YAcademy-Residents/CommonWeb3SecurityIssues)
77 |
78 | ----
79 | ### Contest and Compete
80 |
81 | #### CTFs
82 | - [ ] [Paradigm CTF](https://ctf.paradigm.xyz)
83 | - [ ] [QuillAudits CTF](https://quillctf.super.site)
84 | - [ ] [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz)
85 | - [ ] [Ethernaut](https://ethernaut.openzeppelin.com)
86 |
87 | #### Bug bounties (Earn 🤑 to hack)
88 | - [ ] [Code4rena](https://code4rena.com)
89 | - [ ] [Sherlock](https://www.sherlock.xyz)
90 | - [ ] [CodeHawks](https://www.codehawks.com)
91 | - [ ] [ImmuneFi](https://immunefi.com)
92 | - [ ] [Hacken Proof](https://hackenproof.com)
93 | - [ ] [Audit One - Become an Auditor](https://www.auditone.io)
94 |
95 | Bug bounties (Community-driven)
96 | - [X] [Code4rena Reports](https://code4rena.com/reports)
97 | - [ ] [Sherlock Reports](https://github.com/orgs/sherlock-audit/repositories)
98 | - [ ] [Spearbit](https://github.com/spearbit/portfolio)
99 |
100 | #### Public Reports
101 | Tips: Read past reports to train muscle memory to find common vulnerabilities that occur on smart contracts
102 |
103 | Auditing firms
104 |
105 | | | Smart Contract Auditing Firms + Solos | |
106 | | ------------- | ------------- | ------------- |
107 | | [bytes032 - Solo Audits](https://github.com/bytes032/portfolio) | [QuillAudits](https://github.com/Quillhash/QuillAudit_Reports) | [Solidified Audits](https://github.com/solidified-platform/audits) |
108 | | [Paladin Security Audits](https://paladinsec.co/audits/) | [Peckshield Audits](https://github.com/peckshield/publications/tree/master/audit_reports) | [Chainsulting Audits](https://github.com/chainsulting/Smart-Contract-Security-Audits) |
109 | | [Solid Proof Audits](https://github.com/solidproof/smart-contract-audits) | [Halborn Security Public Audits](https://github.com/HalbornSecurity/PublicReports) | [Solid Proof Audits](https://github.com/solidproof/smart-contract-audits) |
110 | | [Omniscia Audits](https://omniscia.io) | [Guardian Audits](https://github.com/GuardianAudits/Audits/) | [Techrate Audits](https://github.com/TechRate/Smart-Contract-Audits) |
111 | | [Pashov - Solo Audits](https://github.com/pashov/audits) | [Mixbytes Audits](https://github.com/mixbytes/audits_public) | [Cyfrin Audits](https://github.com/Cyfrin/cyfrin-audit-reports) | [Coinsult Audits](https://github.com/Coinsult/solidity) | [Hacken Audits](https://hacken.io/audits/) | [softstackHQ](https://github.com/softstackHQ/Smart-Contract-Security-Audits) | [Obront Audits](https://github.com/zobront/audits) | [Crypto Audits Mapping by Electric Capital](https://github.com/electric-capital/crypto-audits.git)
112 |
113 |
--------------------------------------------------------------------------------
/openzeppelin-referral.md:
--------------------------------------------------------------------------------
1 | ### Ethereum Solidity Smart Contract Programming -
2 |
3 | - Read the Ethereum Whitepaper and understand the use-cases for Solidity smart contracts.
4 | - Explore our Contracts library to learn common patterns like ERC20 and ERC721. Use the Contracts Wizard to experiment and deploy smart contracts on a testnet using Remix.
5 | - Understand how Web3 Applications are built such as NFTs.
6 | - Go through a bootcamp to learn the Solidity language step-by-step such as this one: https://www.udemy.com/course/blockchain-developer/
7 |
8 | ### Serverless JavaScript/Typescript -
9 |
10 | - Learn JavaScript in a bootcamp such as this one: https://www.udemy.com/course/javascript-beginners-complete-tutorial/
11 | - Understand Typescript basics
12 | - Understand Serverless concepts and programming
13 |
14 | ### Smart Contract Security -
15 |
16 | - Read the Ethereum Smart Contract Security page
17 | - Practice finding common Solidity vulnerabilities in our Ethernaut CTF and the Damn Vulnerable DeFi challenge
18 | - Watch our Secure Development Series
19 |
20 |
21 |
--------------------------------------------------------------------------------