QuillAudit's SmartContract Auditor Roadmap

Pdf Link: QuillAudit_Auditor_Roadmap.pdf

Xmind Link: https://xmind.works/#/share/OjLKsLSh

---

Here is the best roadmap for you to become a Smart Contract Auditor! If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.

Steps to Follow:

1. Blockchain & Ethereum Basics:

• Blockchain :
  • Blockchain Technology Explained
  • Blockchain Cryptography
• Ethereum:
  • Mastering Ethereum
    • Mandatory Chapters 1,4,5,6,7,9,13 & 14
  • Ethereum Documentations

2. Solidity Fundamentals:

• Solidity Docs
• smartcontract.engineer
• Cryptozombies
• Solidity-by-example
• Secureum:
  • Secureum Solidity 101
  • Secureum Solidity 201
• Solidity Gas Optimizations List

3. Testing and Debugging Frameworks

• Foundry
• Hardhat
• Brownie
• Tenderly

4. Commonly used Libraries and Token Standards:

• ERC Token Standards:

  • ERC 20
  • ERC 721 (NFT)
  • ERC 777
  • ERC 1155
  • ERC 4626
  • ERC 2981

• OpenZeppelin Helper Library/Contracts.

• Upgradable Contracts:

  • Upgradeable Contracts - Smartcontract Programmer
  • yAcademy Proxies Research
  • Risks of Upgradeable Contracts - Smartcontract Programmer
  • Different Proxy Patterns - EIPs 897, 1822, 1967, 1538, 2535
  • Openzeppelin Proxy docs

5. Solidity Security Standard & Best Practice:

• solidity-patterns
• solcurity
• Smart Contract Security Verification Standard
• Consensys Smart-contract-best-practices
• Security Pitfalls & Best Practices 101
• Security Pitfalls & Best Practices 201

6. Smart Contract Vulnerabilities:

• SWC Registry
• Kaden: Smart Contract Attack Vectors
• Solidity Attack Vectors
• Common Vulnerabilities in Smart contracts MindMap

7. CTF Challenges:

• Ethernaut
• Capture The Ether
• QuillCTF
• Curta CTF
• Paradigm CTF
• ciphershastra CTF
• Damn Vulnerable DeFi
• unhackedctf

100+ CTF blockchain challenges: https://github.com/minaminao/ctf-blockchain

8. Finance and DeFi:

• Finance:

  • Khan Academy’s Finance

• DeFi (Decentralized Finance)

  • DeFi - Teachyourselfcrypto
  • Finematics - DeFi
  • Smart Contract Programmer - DeFi

• Well known DeFi Protocols:

  • Uniswap
  • Compound
  • Aave
  • Balancer

• Common DeFi Attack Vectors:

  • Flash Loan Attack
  • Price Oracle Manipulation
  • Front-Running
  • Exit Scams
  • Sandwich attacks
  • Unlimited Token Allowance

9. Auditing Tools and Techniques:

• Auditing Tools:

  • Slither
  • QuillShield
  • Mythril
  • Mythx
  • Echidna
  • Foundry FUZZ
  • Manticore
  • Surya

• VS Code Extensions

  • Solidity Visual Developer
  • Solidity Metrics
  • Slither VSC
  • EthOver

• Auditing Books and Guides

  • Audit Hero
  • solodit
  • Audit Checklist

• Complete List of Web3 Security Tools

10. Postmortem & Audit Reports:

• Postmortems:

  • Immunefi
  • QuillAudits
  • BlockSec
  • SlowMist
  • Rekt News
  • Neptune Mutual
  • PeckShield
  • hacxyk
  • Coinmonk
  • TrailOfBits
  • Secureum
  • Openzeppelin
  • OfferCIA

• Audit Report Reading

  • QuillAudits
  • Code4rena
  • Sherlock
  • Spearbit
  • Consensys
  • Openzeppelin
  • Chainsecurity
  • Ackee Audit Reports
  • Complete List of Audit Reports

11. Keep Yourself Updated:

• Newsletters: Blockthreat, Hashingbits, Immunefi
• Discord Communities: QuillAudits, Immunefi, Secureum, Blockchain Pentesting, OpenSense, Web3SeucurityDAO, DeFiHackLabs
• Twitter: Mudit Gupta, Samczun, Certik Alert, PeckShieldAlert, QuillAudits, BlockSec, BeosinAlert, Officer_CIA

12. Miscellaneous Resources:

• Security and Audting Course by Cyfrin Updraft
• Smart Contract Hacking Course by JohnnyTime
• Web3-Security-Library
• TeachYourselfCrypto
• w3bs3c
• Awesome Web3 Security
• Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript
• Learn Blockchain, Solidity, and Full Stack Web3 Development with Python

Credits:

Auditor Mindmap by Razzorsec