mbani01/QuillAudit_Auditor_Roadmap

This repository contains a mindmap and stepwise resource to get started with Smart Contract Auditing.

QuillAudit's SmartContract Auditor Roadmap

Pdf Link: QuillAudit_Auditor_Roadmap.pdf

Xmind Link: https://xmind.works/#/share/OjLKsLSh

---

Steps to Follow:

1. Blockchain & Ethereum Basics:

• Blockchain :
  • Blockchain Technology Explained
  • Blockchain Cryptography
• Ethereum:
  • Mastering Ethereum
    • Mandatory Chapters 1,2,3,4,5,6,13 & 14
  • Etheruem Documentations

2. Solidity Fundamentals:

• Solidity Documentations
• smartcontract.engineer
• Cryptozombies
• Solidity-by-example
• Secureum:
  • Secureum Solidity 101
  • Secureum Solidity 201
• Solidity Gas Optimizations List

3. Testing and Debugging Frameworks

• Hardhat
• Brownie
• Foundry
• Tenderly

4. Commonly used Libraries and Token Standards:

• ERC Token Standards:

  • ERC 20
  • ERC 721 (NFT)
  • ERC 777
  • ERC 1155
  • ERC 4626
  • ERC 2981

• OpenZeppelin Helper Library/Contracts.

• Upgradable Contracts:

  • Upgradeable Contracts - Smartcontract Programmer
  • Risks of Upgradeable Contracts - Smartcontract Programmer
  • Different Proxy Patterns - EIPs 897, 1822, 1967, 1538, 2535
  • Openzeppelin Proxy docs

5. Solidity Security Standard & Best Practice:

• solidity-patterns
• solcurity
• Smart Contract Security Verification Standard
• Security Pitfalls & Best Practices 101
• Security Pitfalls & Best Practices 201

6. Smart Contract Vulnerabilities:

• SWC Registry
• Kaden: Smart Contract Attack Vectors
• Secureum Security Pitfalls 101
• Secureum Security Pitfalls 201
• Common Vulnerabilities in Smart contracts MindMap

7. CTF Challenges:

• Ethernaut
• Capture The Ether
• Paradigm CTF
• ciphershastra CTF
• Damn Vulnerable DeFi
• unhackedctf

100+ CTF blockchain challenges: https://github.com/minaminao/ctf-blockchain

8. Finance and DeFi:

• Finance:

  • Khan Academy’s Finance

• DeFi (Decentralized Finance)

  • DeFi - Teachyourselfcrypto
  • Finematics - DeFi
  • Smart Contract Programmer - DeFi
  • Well known DeFi Protocols:
    • Uniswap
    • Compound
    • Aave
    • Balancer

• Common DeFi Attack Vectors:

  • Flash Loan Attack
  • Price Oracle Manipulation
  • Front-Running
  • Exit Scams
  • Sandwich attacks
  • Rug Pulls
  • Unlimited Token Allowance

9. Postmortem & Audit Reports:

• Postmortems:

  • Immunefi
  • QuillAudits
  • BlockSec
  • SlowMist
  • Rekt News
  • PeckShield
  • hacxyk

• Audit Report Reading

  • QuillAudits
  • Code4rena
  • Spearbit
  • Consensys
  • Openzeppelin
  • Chainsecurity
  • Ackee Audit Reports
  • Secureum Audit Findings 101
  • Secureum Audit Findings 201

10. Auditing Tools:

• Slither
• Mythril
• Mythx
• Echidna
• Manticore
• Surya
• Eth Security Toolbox

11. Keep Yourself Updated:

• Newsletters: Blockthreat, HashingBit, Immunefi
• Discord Communities: QuillAudits, Immunefi, Secureum, Blockchain Pentesting
• Blogs: Immunefi, QuillAudits, Coinmonk, TrailOfBits, Secureum, Openzeppelin, OfferCIA
• Twitter: Mudit Gupta, Samczun, Certik Alert, PeckShieldAlert, QuillAudits, BlockSec, BeosinAlert, Officer_CIA

12. Miscellaneous Resources:

• TeachYourselfCrypto
• w3bs3c
• Awesome Web3 Security
• Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript
• Learn Blockchain, Solidity, and Full Stack Web3 Development with Python

Credits:

Auditor Mindmap by Razzorsec