Skip to content

The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.

License

Notifications You must be signed in to change notification settings

xaiksan1/security-and-auditing-full-course-s23

ย 
ย 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

59 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

Smart Contract Auditing, Assembly, Security, and DeFi Ultimate Course

Level up your career as a smart contract auditor writing secure and optimized smart contracts.

Welcome to the repository for the Ultimate Smart Contract Auditing, Assembly, Security, and DeFi Course by Cyfrin Updraft and The Red Guild!

This repository houses the written content of our courses, organized to facilitate easy access and contribution from our community. Please refer to this for an in-depth explanation of the content:

  • Website - Join Cyfrin Updraft and enjoy 50+ hours of smart contract development courses
  • Twitter - Stay updated with the latest course releases
  • LinkedIn - Add Updraft to your learning experiences
  • Discord - Join a community of 3000+ developers and auditors
  • Newsletter - Weekly security research tips and resources to level up your career
  • Codehawks - Smart contracts auditing competitions to help securing web3


Smart Contract Security, Auditing, Assembly, and DeFi Ultimate Course


Table of Contents

Note: If you're familiar with Patrick's previous courses, we have renamed "Lessons" to "Sections"

Part 1

Smart Contract Auditing, Assembly, Security, and DeFi Ultimate Course
  1. Smart Contract Auditing, Assembly, Security, and DeFi Ultimate Course
Table of Contents
  1. Table of Contents
Introduction, Resources, and Prerequisites
  1. Link to video: *Coming soon...*
  2. Resources For This Course
  3. Prerequisites
  4. Outcome
  5. Bonus NFTs
Curriculum
  1. Curriculum
๐Ÿค— Section 0: Welcome to the Course
  1. Welcome
  2. Why Security?
  3. Why Web3 is so important
  4. The Final Boss Codebase, you'll be able to audit this at the end of this course
  5. Best Practices for this course
  6. Section 0 NFT
๐Ÿธ Section 1: Review (Don't skip)
  1. Section 1 NFT
โ“ Section 2: What is a smart contract audit (Security Review)?
  1. What is a security review/smart contract audit?
  2. Smart Contract Development Life Cycle
  3. Top Smart Contract Auditors (Subjective!)
  4. Tooling
  5. Audit Readiness
  6. Attacker vs. Defender mindset
  7. Top Attack Vectors
  8. Section 2 NFT
โ›ณ๏ธ Section 3: Your first audit | PasswordStore Audit
  1. Security Review > Audit
  2. "The Tincho"
  3. Exploits
  4. Exploits: Access Controls
  5. Writing your first finding
  6. Exploits: Private Data
  7. Your first report
  8. Section 3 NFT
๐Ÿถ Section 4: Manual & Static Analysis | Puppy Raffle Audit
  1. Tooling: Static Analysis
  2. Scoping & Reconnaissance: Puppy Raffle
  3. Exploits: Reentrancy
  4. Exploits: Weak RNG
  5. Exploits: Arithmetic issues
  6. Exploits: DoS (Denial of service)
  7. Exploits: Poor ETH Handling
  8. Informational Findings
  9. Gas Audits
  10. Code Maturity
  11. Writing the report: Puppy Raffle
  12. Section 4 NFT
๐Ÿ”„ Section 5: Invariants & Intro to DeFi | TSwap Audit
  1. Scoping & Reconnaissance: T-Swap
  2. Intro to DeFi/OnChain Finance
  3. Tooling: T-Swap
  4. Exploits: Weird ERC20s
  5. Exploits: Core Invariant breaking
  6. Design Patterns: T-Swap
  7. Section 5 NFT
๐ŸŒฉ๏ธ Section 6: Centralization, Proxies, and Oracles | Thunder Loan Audit
  1. Section 6: Centralization, Proxies, and Oracles | Thunder Loan Audit
  2. Scoping & Reconnaissance: Thunder Loan
  3. Tooling: Thunder Loan
  4. Design Patterns: Thunder Loan
  5. Section 6 NFT
๐ŸŒ‰ Section 7: Bridges, Chains, Signatures, Intro to Yul/Assembly | Bridge Boss Audit
  1. Section 7: Bridges, Chains, Signatures, Intro to Yul/Assembly | Bridge Boss Audit
  2. Tooling: Boss Bridge
  3. Scoping & Reconnaissance: Boss Bridge
  4. Bridge Hacks
  5. Design Patterns: Boss Bridge
  6. Section 7 NFT
๐Ÿ›ก๏ธ Section 8: (THE FINAL BOSS AUDIT) MEV, Nodes, & DAOs | Vault Guardians Audit
  1. Section 8: (THE FINAL BOSS AUDIT) MEV, Nodes, & DAOs | Vault Guardians Audit
  2. Concepts: Vault Guardians
  3. Introduction to MEV
  4. Design Patterns: Vault Guardians
  5. Section 8 NFT
First CodeHawks Competitive Audit
  1. First CodeHawks Competitive Audit

Part 2

Coming soon...

Section 9: Wallet & Key Management
  1. Section 9: Wallet & Key Management
  2. Wallet types
  3. Wallet Safety
  4. Verify Metamask transactions
  5. Section 9 NFT
Section 10: EVM Assembly & Opcodes | Yul & Huff
  1. Section 10: EVM Assembly & Opcodes | Yul & Huff
  2. Section 10 NFT
Section 11: Formal Verification & Symbolic Execution
  1. Section 11: Formal Verification & Symbolic Execution
  2. Section 11 NFT
Section 12: DeFi | Stablecoin Audit
  1. Section 12: DeFi | Stablecoin Audit
  2. Section 12 NFT
Section 13: Post-deployment
  1. Section 13: Post-deployment
  2. Section 13 NFT
Congratulations
  1. Congratulations
  2. Where do I go now?
  3. Learning More
Thank you
  1. Thank you
  2. Sponsors
  3. Lead Lecturers / Code Builders
  4. Guest Lecturers
  5. Special thanks
  6. More Security Stuff
  7. Huge Extra Thank YOU

Introduction, Resources, and Prerequisites

Link to video: Coming soon...

โš ๏ธ All code associated with this course is for demo purposes only. They have been audited, but we do not recommend them for production use and should be used at your own risk.

Resources For This Course

Join Cyfrin Updraft for the best learning experience!

  • AI Frens
  • Github Discussions
    • Ask questions and chat about the course here!
  • Stack Exchange Ethereum
    • Great place for asking technical questions about Ethereum
  • Peeranha
    • Decentralized Stack Exchange!

Exploit Resources

Challenge Contracts Registry

Prerequisites

An intermediate understanding of solidity. You don't need to be a pro, but you should be familiar with:

  • Blockchain basics (transactions, blocks, decentralization, etc)
  • Running a smart contract test suite (hardhat, foundry, truffle, etc)
  • Solidity basics (variables, functions, structs, etc)

Here are some resources to get you up to speed with the prerequisites:

  • Full Foundry Course: This will give you every single prerequisite
  • Speed Run Ethereum: This will give you most of what you need. But youโ€™ll need a little extra time on invariant tests, using foundry, and DeFi/OnChain Finance.

Prerequisite tools

Outcome

  • Have the foundational skills to become a professional smart contract auditor
  • Speak, interact, and contribute to the web3 security community
  • Compete in web3 competitive audits
  • Compete in web3 bug bounties
  • Start a career as an independent auditor
  • Become a top 1% smart contract developer

Bonus NFTs

  • Coming soon...

Important Notes for Arbitrum

IF YOU DECIDE TO MINT THE REAL NFT:

  1. We didn't audit/security review the NFT, so if you want to make sure you'll be safe, interact with the contract using a burner wallet (a wallet with very little money that you don't use for anything else)
    1. In fact... Get good at interacting with wallets from a burner wallet
  2. Read my Tweet thread on basic wallet safety
  3. It might be a good idea to wait till later in the course when we teach you about verifying metamask transactions.
  4. Feel free to mint NFTs on sepolia without worrying about the above

Bridging to Arbitrum

  1. We didn't show you how to bring ETH -> Arbitrum, but the process would be:
    1. Buy ETH (On an exchange like Coinbase or Kraken)
  2. Send ETH -> one of your wallets like:
    1. Safe (Multi-Sig)
    2. Metamask
    3. Frame
    4. Rainbow
    5. Argent
    6. Coinbase Wallet
  3. Use the Arbitrum Bridge

Curriculum

๐Ÿค— Section 0: Welcome to the Course

Do not skip this section!

Welcome

Why Web3 Security?

Why Web3 is so important

  • Rebuild trust in the ecosystem.

  • Wild West image to the outsiders

  • Pick a class

The Final Boss Codebase, you'll be able to audit this at the end of this course

Best Practices for this course

  • Register for Cyfrin Updraft
    • USE THIS SITE!!! It's specfically made to make learning easier
  • Follow the repository: While going through the course be 100% certain to follow along with the github repository. If you run into in an issue check the chronological-updates in the repo.
  • Be Active in the community: Ask questions and engage with other developers going through the course in the discussions tab, be sure to go and say hello or gm! This space is different from the other industries, you don't have to be secretive; communicate, network and learn with others :)
  • Learn at your own pace: It doesn't matter if it takes you a day, a week, a month or even a year. Progress >>> Perfection
  • Take Breaks: You will exhaust your mind and recall less if you go all out and watch the entire course in one sitting. Suggested Strategy every 25 minutes take a 5 min break, and every 2 hours take a longer 30 min break
  • Refer to Documentation: Things are constantly being updated, so whenever Patrick opens up some documentation, open it your end and maybe even have the code sample next to you.
  • Use ChatGPT and/or the course chat

And finally, by embarking on this journey, you are now a "Security Researcher", not an "Auditor". The key word being "Researcher", so we will go over strategies for continued learning so you can stay on top of your game.

๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ

๐ŸŽฏ Exercise: Write yourself a message about why you want this

  • This will be important for when things get hard
  • Is it money? Save web3? Become someone? Write down as many reasons as possible.

Section 0 NFT

๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ๐ŸŽฏ

(back to top) โฌ†๏ธ

๐Ÿธ Section 1: Review (Don't skip)

Tooling & Environment Prerequistes

  • VSCode
  • VSCodium
  • Foundry
    • chisel
    • cast
    • forge
  • Windows Users: WSL
  • AI Helpers
    • ChatGPT
    • Phind
  • Forums & Resources
    • Ethereum Stack Exchange
    • Peeranha
    • Github Discussions

Solidity & Smart Contract Prerequisites

  • Remix
  • Basic smart contracts
    • forge init

Fuzzing & Stateful Fuzzing (This might be new)

  • Fuzz tests
  • Stateless Fuzzing
  • Stateful fuzzing
  • Invariants

Common EIPs/ERCs

  • Github Copilot
  • ERC20s
  • NFTs (ERC721s)

Advanced Solidity

  • storage
    • Clip from foundry course
  • Fallback & Receive
  • Encoding, Call, & Staticcall
  • Delegatecall & Proxies
    • Clip from foundry full course
  • tx.origin vs msg.sender
  • Selfdestruct (to be removed in an upcoming fork)

Advanced Foundry

  • mainnet-forking

๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ

๐Ÿธ Exercise:

  1. Join the CodeHawks/Cyfrin Discord
  2. Go for a walk, and buckle up

Section 1 NFT

๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ๐Ÿธ

(back to top) โฌ†๏ธ

โ“ Section 2: What is a smart contract audit (Security Review)?

What is a security review/smart contract audit?

  • High Level Overview
  • People say "audit" -> security review
  • There is no silver bullet to auditing, and they have limitations
  • 3 phases of a security review
    • Initial Review
        1. Scoping
        1. Reconnaissance
        1. Vulnerability identification
        1. Reporting
    • Protocol fixes
        1. Fixes issues
        1. Retests and adds tests
    • Mitigation Review
        1. Reconnaissance
        1. Vulnerability identification
        1. Reporting
  • Plan & Design
  • Develop & Test
  • Smart Contract Audit & Post Deploy Planning
  • Deploy
  • Monitor & Maintain
  • Use this list to reference how top quality security teams do reviews, post reports, do research, etc

Audit Readiness

Tooling

  • Static Analysis
    • Slither
    • Aderyn
  • Fuzzing / Invariant Tests
    • Foundry
    • Echidna
    • Consensys
  • Formal Verification
    • Certora
    • Solidity SMT Checker
    • Maat
    • Manticore
  • AI
  • Tooling vs Humans

Attacker vs. Defender mindset

  • Always learning

Top Attack Vectors

  • Top attack vectors

Top DeFi & Web3 Attack Vectors from the first half of 2023


๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“

๐Ÿ“ Exercise: Sign up for one security/web3 newsletter!

Section 2 NFT

๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“๐Ÿ“

(back to top) โฌ†๏ธ

๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข

Important Note: We are now going to do audits. Please note, that we will not find all the bugs in each codebase. Each codebase was designed to show you a specific set of bugs, and give you a good understanding of what an audit "feels" like.

๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข๐ŸŸข

โ›ณ๏ธ Section 3: Your first audit (security review) | PasswordStore Audit


Smart Contract Audit & Security Review, PasswordStore


๐Ÿ’ป Security Review CodeV1: https://sepolia.etherscan.io/address/0x2ecf6ad327776bf966893c96efb24c9747f6694b

๐Ÿ’ป Security Review CodeV2: https://github.com/Cyfrin/3-passwordstore-audit

๐Ÿ’ป Security Review CodeV3: https://github.com/Cyfrin/3-passwordstore-audit/tree/onboarded

๐Ÿ’ป Security Review Final: https://github.com/Cyfrin/3-passwordstore-audit/tree/audit-data

Feel free to look ahead and try to find the bugs on the codebase yourself, or get familiar with the protocol first.

Remember the phases!

๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ๐Ÿ”ฝ

  • Initial Review
      1. Scoping
      1. Reconnaissance
      1. Vulnerability identification
      1. Reporting

๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ๐Ÿ”ผ

For this demo, we are ignoring the last 2 phases

  • Protocol fixes
      1. Fixes issues
      1. Retests and adds tests
  • Mitigation Review
      1. Reconnaissance
      1. Vulnerability identification
      1. Reporting

The Setup (Scoping): PasswordStore

V1

V2

  • Client onboarding: Minimal

V3

  • cloc

"The Tincho"

Exploits (Vulnerability Identification)

Exploits: Access Controls

  • Missing onlyowner
    • Access Controls
      • Unprotected sensitive functions
      • Role misconfiguration
      • Privilege escalation

Exploits: Private Data

  • Storing a secret (private data is not private)

More Recon

  • coverage

Writing your first finding

  • Write finding
    • How to write a good finding
    • Title: Root Cause + Impact
    • Finding Layout:
### [S-#] Title (ROOT CAUSE + IMPACT)

**Description:** 

**Impact:** 

**Proof of Concept:**

**Recommended Mitigation:** 
  • Write PoC
  • Mitigation
  • Using AI

Are we done?

Your first report (Reporting)

๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš

๐Ÿฅš Exercises:

  1. Sign up for CodeHawks!
  2. Tweet about your first audit!

Section 3 NFT

๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš๐Ÿฅš

(back to top) โฌ†๏ธ

๐Ÿถ Section 4: Manual & Static Analysis | Puppy Raffle Audit

โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…

This is the BEST security review for new auditors, 100% be sure to pay attention to this section.

โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…โœ…

This is the go-to best starter audit/security review. There are a lot of bugs in here, some obvious, some not.


Smart Contract Audit & Security Review, Puppy Raffle


๐Ÿ’ป Security Review Code: https://github.com/Cyfrin/4-puppy-raffle-audit

Concepts you'll learn: Static analysis, Reentrancy, Weak RNG, Arithmetic issues, How to write a professional looking report.

Tooling: Static Analysis

Scoping & Reconnaissance: Puppy Raffle

Exploits: DoS (Denial of service)

  • Fixes:
    • Remove unnecessary loops

Exploits: Reentrancy

Exploits: Weak RNG

Exploits: Arithmetic issues

Exploits: Poor ETH Handling

Informational Findings

  • Stict Solc Versioning
  • Supply Chain Attacks
  • Magic Numbers

Gas Audits

Code Maturity

  • Code coverage

Static Analysis, follow up

What is a Competitive Audit?

Writing the report: Puppy Raffle

๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€

๐Ÿง‘โ€๐Ÿš€ Exercises:

  1. Ethernaut Challenges (1, 9, and 10) ๐Ÿง‘โ€๐Ÿš€
  2. Sign up for Solodit
  3. Post a tweet about how you completed the Puppy Raffle Audit!
  4. Sign up for farcaster
  5. Do a CodeHawks First Flight

Section 4 NFT

๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€๐Ÿง‘โ€๐Ÿš€

(back to top) โฌ†๏ธ

๐Ÿ”„ Section 5: Invariants & Intro to DeFi | TSwap Audit


Smart Contract Audit & Security Review, T-Swap


๐Ÿ’ป Security Review Code: https://github.com/Cyfrin/5-t-swap-audit

Concepts you'll learn: Stateful fuzzing, Fuzzing, Invariants, FREI-PI/CEII, Advanced DeFi, AMMs, Uniswap, Curve.fi, Constant product formula

๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘

STOP!

Don't look at the contracts for this one!

We are going to show you how you can use advanced tools to find even more bugs just by properly understanding invariants and writing more effective test suites.

๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘๐Ÿ›‘

The Setup (Scoping): T-Swap

  • Client onboarding: Extensive

Reconnaissance: T-Swap

Intro to DeFi/OnChain Finance

Tooling: T-Swap

Exploits: Weird ERC20s

Exploits: Core Invariant breaking

  • Case Study:

Design Patterns: T-Swap

  • FREI-PI / CEII / Pre & Post Checks

๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ

๐Ÿ’ฐ Exercises:

  1. Write a fuzz test to find a bug in this challenge
  2. Write a tweet thread about an interesting finding from Solodit

Section 5 NFT

๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ

๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ

Congratulations!!

If you've made it this far in the course and you understand what's going on, you have the skills to start getting paid as a security researcher, doing competitive audits, bug bounties, or even get hired!

But if you want to become one of the best in the world and really secure web3, keep going...

๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ

(back to top) โฌ†๏ธ

๐ŸŒฉ๏ธ Section 6: Centralization, Proxies, and Oracles | Thunder Loan Audit


Smart Contract Audit & Security Review, Thunder Loan


๐Ÿ’ป Security Review Code: https://github.com/Cyfrin/6-thunder-loan-audit

We are staritng to get more advanced with DeFi and smart contract issues. Buckle up, we are getting hotter.

Scoping & Reconnaissance: Thunder Loan

DeFi: Borrowing & Lending

Malicious Scope

  • Don't "yes-man" every audit

Tooling: Thunder Loan

Exploits: Failure to initialize

Exploits: Storage collision

Exploits: Centralization

  • Silent Upgrades
  • Case Study: Oasis

Exploits: Missing events

Exploits: Bad Upgrade

Exploits: Oracle & Price Manipulation

Design Patterns: Thunder Loan

  • Pull over push

๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ

๐Ÿ“ฆ Exercises:

  1. YAcademy Proxy
  2. Tweet about how YOU feel about upgradeable smart contracts

Section 6 NFT

๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ๐Ÿ“ฆ

(back to top) โฌ†๏ธ

๐ŸŒ‰ Section 7: Bridges, Chains, Signatures, Intro to Yul/Assembly | Bridge Boss Audit


Smart Contract Audit & Security Review, Boss Bridge


๐Ÿ’ป Security Review Code: https://github.com/Cyfrin/7-boss-bridge-audit

Tooling: Boss Bridge

Scoping & Reconnaissance: Boss Bridge

Exploits: Opcode Support

Exploits: Signature Replay

Exploits: ERC20 Contract Approval

Exploits: Unlimited Minting

Bridge Hacks

  • Bridge hacks: Ronin, Poly network, Nomad, Wormhole

Writing the report: Boss Bridge

Design Patterns: Boss Bridge

  • Emergency stop

๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ

๐Ÿ’ฐ Exercises:

  1. Damn Vulnerable DeFi Challenges 1, 2, 4
  2. Write a tweet thread about an interesting finding from Solodit
  3. Tweet about how you finished the hardest audit yet!
  4. Read about more historic attacks:
    1. Signature Replay
    2. Merkle tree signature issues
    3. Polygon Double Spend
    4. Nomad Bridge Hack

Section 7 NFT

๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ๐Ÿ’ฐ

(back to top) โฌ†๏ธ

Section 7.5: MEV & Governance


Smart Contract Audit & Security Review, MEV


Introduction to MEV

  • MEV Explained
  • MEV Explained continued
  • Toxic MEV
    • Frontrunning
    • Sandwich Attacks
  • non-toxic
    • Backrunning
  • MEV Protection
  • MEV in our past security reviews:
    • Puppy:
      • Someone can front-run selectWinner to call a refund
    • T-Swap:
      • Deadline protection means people can "sandwhich" attack you
    • Thunder Loan:
      • Users can front run flash loans to make the fees higher or lower
    • Boss Bridge:
      • A signed transaction could be front run so that an attacker sends tokens from an L2 before the signer can
  • Slippage Protection

Exploits: Governance Attack

  • Unlimited Minting
  • Flash Loan Voting
  • Case Study: Beanstalk
  • Metamorphic upgrades
    • Case Study: TORN Governance

๐Ÿ›ก๏ธ Section 8: (THE FINAL BOSS AUDIT) MEV, Nodes, & DAOs | Vault Guardians Audit


Smart Contract Audit & Security Review, Vault Guardians


This security review is optional. It's a LOT of code! But if you choose to do it, you'll get a better idea of what a larger codebase feels like. Being comfortable coming up to a codebase and saying "I'll eventually understand this codebase, but right now I don't" is important!

๐Ÿ’ป Security Review Code: https://github.com/Cyfrin/8-vault-guardians-audit

Concepts: Vault Guardians

Good luck :)

๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…

๐Ÿฆ… Exercises:

  1. 1st CodeHawks Competitive Audit
  2. Write a tweet thread about an interesting finding from Solodit
  3. Write a blog or tweet on your experience!
  4. Read these tips for auditing multi-chain protocols

Section 8 NFT

๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…

๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…

First CodeHawks Competitive Audit

  • How to submit a finding
  • How to decide severity
  • Where to find a competitive audit

๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…

๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…๐Ÿฆ…

(back to top) โฌ†๏ธ

๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ

Congratulations!!

If you've made it this far in the course and you understand what's going on, you have the skills to become one of the top security researchers in web3! Either as a solo auditor, freelancer, competitive auditor, or even get hired by a top firm!

However... if you want to be on the cutting edge and be able to understand every nook in web3, you've got a little more to go...

๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ

Part 2

Coming soon...

Section 9: Wallet & Key Management

Wallet types

  • Custodial Wallets
  • "Hot" Wallets
    • Metamask
    • Frame
  • "Cold" Wallets
    • Lattice
    • Trezor
  • Multi-sig (Yes - Set it up)

Wallet Safety

Verify Metamask transactions

  • Foundry's cast
  • Joinfire
  • Metamask snaps

๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”

๐Ÿ” Exercises:

  1. Set up your Safe!
  2. Review classic key leeks
    1. .env leak with private keys
    2. Research one private key leak from rekt.news
  3. Check out keepmesafe

Section 9 NFT

  • Coming soon

๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”๐Ÿ”

(back to top) โฌ†๏ธ

Section 10: EVM Assembly, Opcodes, Yul, & Huff | Horse Store


Smart Contract Audit & Security Review, Horse Store


๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด

๐Ÿด Exercises:

  1. Convert a minimal contract of your own into Huff or Yul

Section 10 NFT

  • Coming soon

๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด๐Ÿด

(back to top) โฌ†๏ธ

Section 11: Formal Verification & Symbolic Execution


Smart Contract Audit & Security Review, Math Master


Symbolic Execution / Formal Verification Tools in Web3

Issues

๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ

๐Ÿงฎ Exercises:

  1. Attempt to use another FV tool
  2. Look into the Solady LibClone.sol
    1. It's a really cool codebase

Section 11 NFT

  • Coming soon

๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ๐Ÿงฎ

(back to top) โฌ†๏ธ

๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ

๐ŸŽฅ Exercise: Watch this awesome video ๐ŸŽฅ

๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ๐ŸŽฅ

Section 12: DeFi | Stablecoin Audit

๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™

๐Ÿช™ Exercise: Audit this! ๐Ÿช™

Section 12 NFT

  • Coming soon...

๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™๐Ÿช™

(back to top) โฌ†๏ธ

Section 13: Post-deployment

Watch this video from DeFi security summit

  • Bug Bounty
    • Immunefi
    • HackerOne
  • Incident response
  • Monitoring
  • Blockchain sleuthing
  • What do you do if you find a live issue?
    • Check for a bug bounty
      • If yes -> Submit, and youโ€™re done
      • If no -> Continue
    • Reach out for help (privately!)
      • Seal 911 (Or other emergency web3 paths)
      • Connect with the team
    • Come up with a plan to fix
      • If they want to fix -> hooray! Do that
      • If they ignore itโ€ฆ You have a few options
        • Give them 45 - 90 days to fix it, and say you will publicly disclose the information if they do not fix it
        • Attempt a rescue yourself (Ideally, you never reach here)
  • White/No/Black Hat Case Studies
    • Nohats
      • Balancer
      • Vyper
    • Whitehats
      • Astaria
      • ParaSpace
    • Blackhats
      • Euler
      • Many more

๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ 

Section 13 NFT

  • Coming soon...

๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ ๐ŸŒ 

(back to top) โฌ†๏ธ

Congratulations

๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ Completed The Course! ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ๐ŸŽŠ

If you've made it this far... wow.

Where do I go now?

Learning More

Disclosures

The Cyfrin team runs CodeHawks, Cyfrin Updraft, and private security reviews. They are an advisor to the Peeranha project, and run various blockchain nodes like Chainlink & Ethereum. Additionally, the are responsible for the creation of the Aderyn and Solodit tools.

Thank you

Sponsors

Lead Lecturers / Code Builders

Guest Lecturers

Special thanks

More Security Stuff

Huge Extra Thank YOU

Thanks to everyone who is taking, participating in, and working on this course. These courses are passion project data dumps for everyone in the web3 ecosystem.

Let's level up so we can keep web3 safer, and thank you again for taking this course!

Cyfrin Twitter Cyfrin YouTube

(back to top) โฌ†๏ธ

About

The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Solidity 100.0%