Awesome

AuditorsRoadmap

Available at: Ethereum Smart Contract Auditor Roadmap

PDF: Smart_Contract_Auditor_PDF.pdf

Step by Step Approach

1) Blockchain Fundamentals

• Mastering Ethereum
• Proof of Work vs. Proof of Stake
• The Eth2 Book

2) Solidity Fundamentals

• Solidity Documentation
• Solidity Docs
• Smart Contract Programmer - Solidity 0.8
• Secureum Solidity 101
• Secureum Solidity 201

3) Gas Optimizations

• Aggregated Tricks by pcaversaccio and Harikrishnan Mulackal
• Kaden: Gas Optimization Tips
• Juan: Advanced Gas Optimizations

4) Smart Contract Testing/Debugging

• Hardhat Docs
• Rodrigo Herrera Itie
• Code Eater - Hindi
• Foundry
• Tenderly

5) ERC Standards

• Token Standards - ERC 20, 721, 777, 1155, 4626
• Other Standards: ERC2981

6) Openzeppelin Helper Libraries/Contracts

7) Upgradeable Contracts

• Smart Contract Programmer - Upgradeable Contracts
• Smart Contract Programmer - Risks of Upgradeable Contracts
• Different Proxy Patterns - EIPs 897, 1822, 1967, 1538, 2535

8) Smart Contract Attack Vectors

• Secureum Security Pitfalls 101
• Secureum Security Pitfalls 201
• SWC Registry
• Smart Contract Programmer - Hack Solidity
• Kaden: Smart Contract Attack Vectors

9) Yul

• Inline Assembly
• OPCODES
• PRECOMPILES
• Dynamic Gas Costs & Memory Expansion

10) CTFs

• CTFs & WriteUps - A curated list (for reference)
• Ethernaut
• Capture The Ether
• CipherShastra
• Damn Vulnerable DeFi (After Completing Step 11)

11) DeFi Deep Dive

• Finematics - DeFi
• DeFi MOOC
• Smart Contract Programmer - DeFi
• Protocol Deep Dives: Uniswap v2/v3/v4, Compound, Curve, Aave, Balancer, Gearbox
• Stablecoins => Algorithmic Stablecoins
• Staking Rewards, Vaults

12) DeFi Attack Vectors

• Flash Loan => Price Oracle Manipulation
• Front-Running => Sandwich attacks
• Rug Pulls => Unlimited Token Allowance

13) Postmortems & BugFixes

• Immunefi
• BlockSec
• SlowMist
• Rekt News
• PeckShield

14) Report Reading

• Secureum Audit Findings 101
• Secureum Audit Findings 201
• Consensys, Trail of Bits, Openzeppelin, Code4rena, Sherlock, QuillAudits
• Database: Solodit

15) Security Standards & Checklists

• SCSVS
• Rari-Capital Solcurity

16) Important Ethereum Improvement Proposals (EIPs)

• Core: 150, 1559, 2929, 2930, 3198, 3529, 3675, 4399, 1153, 4758
• Interface: 712
• ERC: 165, 1167, 1271, 2535, 2612, 2771, 2981, 4337, 4626
• Meta: All

17) Arsenal

• Remix
• VS Code IDE
• Slither
• Mythril
• Mythx
• Echidna
• Manticore
• Surya
• Scribble
• BlockSec ETH/BSC Tx Analysis
• ethtx ETH Tx Analysis

18) Continuous Learning and Research

• Ethereum Magicians
• Ethereum Yellow Paper
• Eth Research
• Newsletters: Blockthreat
• Ethereum Execution Specs
• Ethereum Consensus Specs
• Join Security Communities on Discord: Immunefi, Secureum, Blockchain Pentesting, Eth Security, Eth R&D
• Deep Dive Research Papers: Arxiv
• Be Active on Twitter & follow up with latest research, and attack vectors