RektifyAI/auditing-demystified

A compendium of smart contract auditing resources for beginners

How to get started as a smart contract auditor

Becoming a smart contract auditor can be daunting if you don't know where to start. The truth is you don't have to come from a super technical background to become a smart contract auditor. The eye for detecting where things can go wrong is a strongsuit most auditors have to foresee vulnerabilities that can graduate to detrimental attacks. Here is a concise repo of auditing resources from Youtube videos, articles, docs, and excerpts to get you started on your bug hunting journey. Please share. Let's make Web3 a safer place.

• Quick Start 🎊

---

---

Secure Smart Contract Development

• OpenZepplin Contracts
  
• Defender 2.0 by OpenZepplin
  
• Ethereum Improvement Proposals(EIP)
  
• How to become a smart contract auditor | The complete roadmap 2023

Ethereum TL:DR

• Whitepaper
  
• Use-case for Smart Contracts
• Zellic 2023 Smart Contract Source Index

Youtube Videos

• Bug Bounty Playlist
  
• Solidity Smart Contracts in 100 seconds
  
• Smart Contract Security and Auditing 101 by Chainlink
• EatTheBlocks: How to audit your smart contract code
  
• EatTheBlocks: Gas Optimization in Solidity: 10 tips
  
• NEAR Smart Contract Security Course
  
• 32-Hour Course on Solidity
  
• Secureum Bootcamp - Ethereum 101
  
• Rust Tutorial Full Course
  
• Secure Development Series
• Spearbit DAO Youtube
  
• SolidityATL Web3 Security Fall '23 Session 3
  

Testing Frameworks

• Truffle
  
• Foundry
  
• Hardhat
  
• Brownie
  

Articles

• How to become a smart contract auditor by Cmichel
  
• Solidity Learning: revert(), assert(), and require() in Solidity, and the New REVERT Opcode in the EVM
  
• Awesome Blockchain Security by xxxeyJ
  
• Check out Rekt.news Leaderboard!
  
• All known smart contract-side and user-side attacks and vulnerabilities in Web3.0, DeFi, NFT and Metaverse + Bonus by Officer CIA
  
• MEV Explore - Post-Merge
• Unsafe Delegatecall (Part #2) | Hack Solidity #5
• Severity Classification System

IDEs

• Remix
  
• VS Code
  
• EthFiddle
  
• ChainIDE
  
• Audit Wizard by Auditware
  
• Find more IDEs recommended by the Ethereum Foundation here

Token standards

• Token standards

ETH Ecosystem Best Practices

• Ethereum Whitepaper
• List from Consensys
  
• Smart Contract Weakness Classification and Test Cases
  
• Common Web3 Security Issues
  

---

Contest and Compete

CTFs

• Paradigm CTF
  
• QuillAudits CTF
  
• Damn Vulnerable DeFi
  
• Ethernaut

Bug bounties (Earn 🤑 to hack)

• Code4rena
  
• Sherlock
  
• CodeHawks
  
• ImmuneFi
  
• Hacken Proof
  
• Audit One - Become an Auditor
  

Bug bounties (Community-driven)

• Code4rena Reports
  
• Sherlock Reports
  
• Spearbit
  

Public Reports

Tips: Read past reports to train muscle memory to find common vulnerabilities that occur on smart contracts

Auditing firms

	Smart Contract Auditing Firms + Solos
bytes032 - Solo Audits	QuillAudits	Solidified Audits
Paladin Security Audits	Peckshield Audits	Chainsulting Audits
Solid Proof Audits	Halborn Security Public Audits	Solid Proof Audits
Omniscia Audits	Guardian Audits	Techrate Audits
Pashov - Solo Audits	Mixbytes Audits	Cyfrin Audits