Skip to content

Latest commit

 

History

History
96 lines (66 loc) · 3.06 KB

Common-Path.md

File metadata and controls

96 lines (66 loc) · 3.06 KB
Raw

Web3 Common Auditing Learning Path - ChatGPT

Welcome to my Web3 Auditing Learning Path! This repository is dedicated to my journey to becoming a proficient Web3 security auditor. Below is a structured roadmap with resources, topics, and projects.

Table of Contents

  1. Prerequisites
  2. Introduction to Web3 Security
  3. Smart Contract Development Basics
  4. Smart Contract Security
  5. Audit Practice & CTFs
  6. Deep Dive: DeFi and Protocols
  7. Case Studies and Real-World Audits
  8. Additional Resources

Prerequisites

  1. Basic Knowledge of Web2 Security
    Familiarity with Web2 pentesting, OWASP Top 10, and secure coding practices.
  2. Programming Skills
    • Languages: Solidity, JavaScript, and familiarity with Python.
    • Tools: VS Code, Remix IDE.

Introduction to Web3 Security

  • Overview of Blockchain: Ethereum basics, EVM, and consensus mechanisms.
  • Web3 Security Basics: Key terms, common attack vectors, and fundamental Web3 differences from Web2.
  • Recommended Resources:

Smart Contract Development Basics

  • Getting Started with Solidity:
    • Solidity basics, data types, functions, and modifiers.
    • Basic smart contract examples with Foundary and Remix.
  • Deploying Contracts:
    • Learn to deploy contracts on testnets using Foundary and Alchemy.

Smart Contract Security

  • Common Vulnerabilities:
    • Reentrancy attacks, integer overflows/underflows, tx.origin, delegatecall, etc.
    • Study the SWC Registry.
  • Testing and Security Tools:
    • Mythril, Slither, Aderyn and Echidna.
    • Resources: ConsenSys Security blog, Ethernaut

Audit Practice & CTFs

  • Capture the Flag (CTF) challenges:
    • Try CTFs from Ethernaut, Damn Vulnerable DeFi, and Paradigm CTF.
  • Test Audits:
    • Choose a sample smart contract from GitHub or Code4rena and practice auditing.

Deep Dive: DeFi and Protocols

  • DeFi Protocols:
    • Understand fundamentals of DeFi, DEXs, lending, and yield farming.
    • Study major protocols: Uniswap, Compound, Aave.
  • Layer 1 and Layer 2 Protocols:
    • Dive into layer 2 solutions like Rollups, Plasma, and Optimistic rollups.

Case Studies and Real-World Audits

  • Code4rena Audits:
    • Review past Code4rena contests, including Tribe/RGT Merger and other complex projects.
  • Audit Reports:
    • Study reports from Trail of Bits, ConsenSys Diligence, and OpenZeppelin.
    • Identify common findings and mitigation techniques.

Additional Resources

  • Books: Mastering Ethereum, DeFi Security Handbook, How to Defi.
  • Communities: Join forums and Discord communities focused on Web3 security.