Becoming a smart contract auditor can be daunting if you don't know where to start. The truth is you don't have to come from a super technical background to become a smart contract auditor. The eye for detecting where things can go wrong is a strongsuit most auditors have to foresee vulnerabilities that can graduate to detrimental attacks. Here is a concise repo of auditing resources from Youtube videos, articles, docs, and excerpts to get you started on your bug hunting journey. Please share. Let's make Web3 a safer place.
- OpenZepplin Contracts
- Defender 2.0 by OpenZepplin
- Ethereum Improvement Proposals(EIP)
- How to become a smart contract auditor | The complete roadmap 2023
- Bug Bounty Playlist
- Solidity Smart Contracts in 100 seconds
- Smart Contract Security and Auditing 101 by Chainlink
- EatTheBlocks: How to audit your smart contract code
- EatTheBlocks: Gas Optimization in Solidity: 10 tips
- NEAR Smart Contract Security Course
- 32-Hour Course on Solidity
- Secureum Bootcamp - Ethereum 101
- Rust Tutorial Full Course
- Secure Development Series
- Spearbit DAO Youtube
- SolidityATL Web3 Security Fall '23 Session 3
- How to become a smart contract auditor by Cmichel
- Solidity Learning:
revert(),assert(), andrequire()in Solidity, and the New REVERT Opcode in the EVM - Awesome Blockchain Security by xxxeyJ
- Check out Rekt.news Leaderboard!
- All known smart contract-side and user-side attacks and vulnerabilities in Web3.0, DeFi, NFT and Metaverse + Bonus by Officer CIA
- MEV Explore - Post-Merge
- Unsafe Delegatecall (Part #2) | Hack Solidity #5
- Severity Classification System
- Remix
- VS Code
- EthFiddle
- ChainIDE
- Audit Wizard by Auditware
- Find more IDEs recommended by the Ethereum Foundation here
- Ethereum Whitepaper
- List from Consensys
- Smart Contract Weakness Classification and Test Cases
- Common Web3 Security Issues
Bug bounties (Community-driven)
Tips: Read past reports to train muscle memory to find common vulnerabilities that occur on smart contracts
Auditing firms