Awesome
QuillAudit's SmartContract Auditor Roadmap
Pdf Link: QuillAudit_Auditor_Roadmap.pdf
Xmind Link: https://xmind.works/#/share/OjLKsLSh
Here is the best roadmap for you to become a Smart Contract Auditor! If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.
Steps to Follow:
1. Blockchain & Ethereum Basics:
- Blockchain :
- Ethereum:
- Mastering Ethereum
- Mandatory Chapters 1,4,5,6,7,9,13 & 14
- Ethereum Documentations
- Mastering Ethereum
2. Solidity Fundamentals:
- Solidity Docs
- smartcontract.engineer
- Cryptozombies
- Solidity-by-example
- Secureum:
- Solidity Gas Optimizations List
3. Testing and Debugging Frameworks
4. Commonly used Libraries and Token Standards:
-
ERC Token Standards:
-
Upgradable Contracts:
5. Solidity Security Standard & Best Practice:
- solidity-patterns
- solcurity
- Smart Contract Security Verification Standard
- Consensys Smart-contract-best-practices
- Security Pitfalls & Best Practices 101
- Security Pitfalls & Best Practices 201
6. Smart Contract Vulnerabilities:
- SWC Registry
- Kaden: Smart Contract Attack Vectors
- Solidity Attack Vectors
- Common Vulnerabilities in Smart contracts MindMap
7. CTF Challenges:
- Ethernaut
- Capture The Ether
- QuillCTF
- Curta CTF
- Paradigm CTF
- ciphershastra CTF
- Damn Vulnerable DeFi
- unhackedctf
100+ CTF blockchain challenges: https://github.com/minaminao/ctf-blockchain
8. Finance and DeFi:
-
Finance:
-
DeFi (Decentralized Finance)
-
Well known DeFi Protocols:
-
Common DeFi Attack Vectors:
9. Auditing Tools and Techniques:
-
Auditing Tools:
-
VS Code Extensions
-
Auditing Books and Guides
10. Postmortem & Audit Reports:
-
Postmortems:
-
Audit Report Reading
11. Keep Yourself Updated:
- Newsletters: Blockthreat, Hashingbits, Immunefi
- Discord Communities: QuillAudits, Immunefi, Secureum, Blockchain Pentesting, OpenSense, Web3SeucurityDAO, DeFiHackLabs
- Twitter: Mudit Gupta, Samczun, Certik Alert, PeckShieldAlert, QuillAudits, BlockSec, BeosinAlert, Officer_CIA
12. Miscellaneous Resources:
- Security and Audting Course by Cyfrin Updraft
- Smart Contract Hacking Course by JohnnyTime
- Web3-Security-Library
- TeachYourselfCrypto
- w3bs3c
- Awesome Web3 Security
- Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript
- Learn Blockchain, Solidity, and Full Stack Web3 Development with Python