By: Kong'@SlowMist Security Team

中文版:慢雾(SlowMist)智能合约审计技能树

cover

⚓️Contents

Introduction

This skill chart is a compilation of the abilities required for SlowMist's security team's smart contract security auditors. It aims to enumerate the essential skills needed for smart contract security audits and inspire team members to adopt a mindset of research, innovation, and engineering evolution.

Smart contract security auditing skills are primarily divided into four parts: Finding the Entrance, Singing by the Door, Integrative Mastery, and Breaking Through. These stages progressively outline the expertise needed at each level. However, before diving into these, it's crucial to equip our minds with some foundational skills, which will serve as our anchor point in the audit journey.

Roadmap

Roadmap_bg2

Preparation Required

As Abraham Lincoln once said: “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” This same approach can be applied to smart contract auditing. Strengthening our mindset before starting is essential, allowing us to move with conviction and travel further.

1. Unity of Knowledge and Action

Cognition and execution go hand in hand. Theoretical knowledge and its practical application should align seamlessly.

2. Defend Fundamentals & Innovatively

Ethics and the law are the foundational principles for security professionals. While staunchly adhering to these principles, security professionals must also forge strong technical skills, surprising adversaries when least expected.

  • Sticking to the Basics:
    • Auditors should abide by the law and uphold ethical standards
  • Responsible Disclosure:
  • Hacker’s Mentality:
    • While adhering to principles, prevail with unexpected strategies
    • Defend Fundamentals: Approach with reverence and always adhere to basic
    • Innovative: Think outside the box, be meticulous, employ reverse and open-minded thinking

3. Team Consciousness

The capabilities of an individual are always limited, but teamwork can effectively compensate for personal shortcomings.

  • Collaborative Audit Flow:
    • Collaborative auditing on the SlowMist MistPunk workbench ensures audit quality through technical means and accumulates auditing experience
  • Audit Workflow:
    • SlowMist's audit workflow ensures audit quality through managerial practices, serving to identify and fill in any gaps in the audit process
  • Hacking Time Culture:
    • Team members are encouraged to engage in spontaneous intellectual exchanges and sharing, aligning team capabilities through these collaborative interactions and thereby elevating the overall team proficiency

Getting Started

The development of the cryptographic world to date encompasses disciplines such as cryptography, economics, and data science. Faced with the immense volume of knowledge in the cryptographic world, determining a point of entry is crucial. In this phase, we will start by exploring Ethereum and its smart contract language, Solidity, as a gateway into the world of cryptocurrency.

1. Basics of Blockchain

Before understanding what smart contracts are, one should first comprehend the blockchain platform on which they operate.

2. Fundamentals of Smart Contracts

Different blockchains might employ various languages to develop smart contracts, such as Solidity, Move, Rust, Vyper, Cairo, C++, etc. Currently, Solidity remains the most popular and beginner-friendly smart contract language for EVM-compatible chains. It's essential to thoroughly read its language documentation. Moreover, one should understand the design standards of token contracts running on Ethereum and their specific contract implementations. Building on this foundation, it's crucial to understand how smart contracts can be made upgradable and to practically master the writing and testing of smart contracts.

Resources and Tools for Mastering Smart Contracts with Solidity

3. Common Smart Contract Vulnerabilities

After mastering the fundamentals of smart contracts, it's essential to understand common vulnerabilities and the principles behind these vulnerabilities. Quillhash's vulnerability list, which aggregates multiple sources, offers a comprehensive view of the prevalent types of smart contract vulnerabilities. (For beginners, it's recommended to read through all the lists repeatedly to reinforce their understanding.)

4. Best Practices and Security Standards

As auditors, it's crucial to be familiar with the best practices and security standards of smart contracts. Best practices serve as a reference in identifying security issues during an audit, while security standards provide a basis for any security issues raised.

5. Basic CTF Challenges

After acquiring foundational knowledge about blockchain, smart contracts, and common vulnerabilities, it's beneficial to consolidate and apply this knowledge through basic Capture The Flag (CTF) challenges.

Diving Deeper Into Smart Contracts

Having grasped the basics of blockchain and smart contracts, we've essentially opened the door to Solidity smart contract security auditing. Beyond this door, the world of smart contracts is still vast. In this stage, we'll delve deeper into the expansive realm of smart contract applications, starting with decentralized finance (DeFi).

1. Fundamentals of Decentralized Finance (DeFi)

Blockchain and smart contracts have made the construction of DeFi possible, and the emergence of DeFi has spurred the rapid development of blockchains like Ethereum. Before delving further, one should understand: What is DeFi?

2. Leading Protocols in Decentralized Finance (DeFi)

After an initial understanding of what DeFi is, it's important to delve deeper into what these platforms have achieved and how they achieved it. This can be accomplished by reviewing the technical documentation of the current leading DeFi protocols to gain preliminary insights into their implementations.

3. Delve into the Source Code of Leading Protocols

Many DeFi projects currently interrelate and combine, with some leading DeFi protocols forming the cornerstone of complex DeFi combinations. Hence, mastering the implementation of these DeFi initiatives is critical. After an initial understanding of DeFi's workings through protocol documentation, further comprehension can be achieved by studying the complete source code to grasp specific logic and economic models.

4. Understand the Risks in Decentralized Finance (DeFi)

DeFi isn't solely about smart contracts; the frontend and backend are vital components. Most users interact with DeFi through the frontend. Therefore, after understanding DeFi's operations and implementations, it's essential to learn and practice its risks through frontend security measures, backend security configuration requirements, and historical vulnerabilities in the DeFi sector.

5. Reviewing Audit Reports

During an audit, an individual's perspective may miss certain aspects and cannot cover all scenarios. Therefore, reading other people's audit reports is crucial to learn different methods of vulnerability discovery and various auditing thought processes.

6. CTF Challenges

Engage in more advanced CTF challenges to test new skills and grow

Integration and Mastery

Through the exploration of leading DeFi platforms, a profound understanding of DeFi will be established. Moving forward, by learning from the foundational layer of EVM to the upper economic models of DeFi, we can continue to deepen our grasp on smart contracts. During this process, independently auditing complex smart contracts can help solidify one's own audit methodology.

1. Deep Dive into EVM

The EVM (Ethereum Virtual Machine) is responsible for executing smart contract instructions. A comprehensive understanding of the EVM aids in a more in-depth grasp of the deployment, invocation, execution, and data storage of smart contracts. This foundational knowledge is also pivotal for Gas optimization and discovering vulnerabilities.

2. Gas Optimization Design

All on-chain transactions incur Gas costs. For complex contracts, optimizing Gas can reduce user interaction costs, thereby attracting more users. This demands that auditors have a certain understanding of Gas optimization design.

3. DeFi Economic Models

The economic model is a core component of DeFi products, so it's essential to understand the risks associated with these models. Throughout the learning process, one should develop and consolidate their perspectives and methodologies.

4. Deconstructing and Analyzing Complex DeFi Protocols

After mastering these skills, auditors should be capable of dissecting and analyzing complex, highly innovative DeFi protocols.

  • To be released...

5. Peer Learning

Learning from other outstanding peers who are researching various topics can provide us with more insights and broaden our horizons.

6. Rapid Incident Analysis

After independently auditing numerous complex projects, accumulating extensive knowledge, and experiencing various business scenarios, auditors should be able to respond quickly to unforeseen security incidents and conduct rapid analysis and reporting. Here are some commonly used analysis tools:

7. Bug Bounty Practice

Engaging in real-world scenarios is the best way to test your skills.

Continuous Growth

After entering the world of Solidity smart contracts, one should not be content with circling within a single domain. Instead, you should crystallize your own methodology, boldly carve out a new path, break through, and expand into other areas while deepening your expertise in the current field.

skill

1. Overcoming Limitations

  • Don't confine yourself to Solidity; explore other smart contract languages like Rust, Vyper, Cairo, and Move
  • Don't limit yourself to smart contracts; understand popular public blockchains like BTC, Cosmos, Solana, Starknet, EVM L2, and more
  • Beyond blockchain, gain insights into areas like Web2.0 and mobile development
  • Dive deeper into the field of cryptography
  • And more

2. Methodology

After mastering the skills of smart contract security auditing, you can develop your own methodology. This helps you quickly identify the core issues and determine problem-solving approaches. A good methodology can greatly increase your efficiency.

  • Methodology for auditing work
  • Methodology for smart contract security practices
  • Approaches to problem-solving
  • Building a thinking framework

3. Creativity

Creativity is the weapon that allows us to conquer challenges and the essential attribute for progress. After acquiring skills systematically, nurture your creativity to advance further.

  • Cultivate curiosity
    • Learn new things
    • Don't limit yourself to your circle, profession, or field
  • Pursue knowledge relentlessly
    • Approach knowledge with reverence
    • Explore new realms of knowledge
  • Embrace the hacker mindset
    • Staying true to principles while thinking outside the box
  • Be adept at research
    • Aim for practical results and publish research
  • Implement engineering principles
    • Turn ideas and research into practical solutions and test them in real-world
      • SlowMist MistEye Monitoring System
      • SlowMist Contract Visibility Analysis Tool
      • SlowMist Static Vulnerability Scanner
      • And more

Acknowledgments

Special thanks to friends who provided valuable feedback:

Thanks to Jian for the English translation and to Hik3 for designing the cover image.