How to study every attack vector in web3 security? Easy step-by-step plan: 1. Go to Cyfrin Solodit 🟪 -> Report Tag and choose an attack vector you want to learn (there are 200+ different tags). 2. Search and read a bunch of articles on the topic (ChatGPT could be quite helpful

💣 The MOTHER of ALL ALPHA is here. I officially present to you: THE ART OF AUDITING web3-sec.gitbook.io/art-of-auditing The first community-driven resource that consolidates thousands of hours of expertise from the sharpest minds in the industry. I have spent the past 3 months scraping

Back when I was in Web2 hacking, there was a book - "Web Hacking 101" . Which explained all the vulnerabilities in summary, then with real examples. I found that version for Web3 Security/ Smart Contract Auditing as well - zokyo-auditing-tutorials.gitbook.io/zokyo-tutorial… Great work zokyo, thanks <3

I've become convinced that #DeFi Liquidation code is the trickiest to safely implement with highest "bug density". New Epic Liquidation Deep Dive coming soon with 37 vuln types - but first check these 10 niche findings that could be your next unique contest winner! 👇

Cursor is useless for explaining complex code logic. That’s what I thought after repeating the same mistakes again and again. Turns out my prompts didn't contain enough details. Here is how I use it to explain user flows:

A collection of resources on EVM fuzzing: github.com/perimetersec/e…

Just found a GOLDMINE for ZK security researchers🔥 A Github repository containing close to 100 security vulnerabilities related to zero-knowledge proofs. Whenever you do ZK audits, make sure to go through those🫡 github.com/zksecurity/zkb…

💡I’ve been asked numerous times to provide a checklist for auditing a LayerZero integration. ⚡️You asked, so here it is: github.com/windhustler/In… 🧠 I’ve dumped everything I could think of that can go wrong and more. Goran spent years building and breaking the core

More than 100 new projects get launched in the web3 space every month, most often under the DeFi category. Here is one of the best places to track fundraises, new projects and ecosystems in web3, mostly for free, a great database you can directly use🫡 rootdata.com

If you are a Solidity dev or a Junior-Mid auditor, make sure you pay attention here.✍️ Must-know contracts: Token contracts: The most used token standards are EIP20 for fungible tokens, and EIP721 for NFTs. Proxies: There are many different proxy implementations, have

I built a dev tool called ByteGaze — try it at bytegaze.vercel.app You can use it for visualizing Ethereum ABI-encoded data in a human-readable format. It detects 4-byte selectors and splits the rest into 32-byte chunks for easier analysis.

I love study exploit’s / bug bounties attack’s Bounty hunters are the most creative guys. You brain works totally different during bounty hunt VS audit Here’s some nice attack vector’s, which i’ve studied recently 👇🏻 github.com/ArsenSecurity/…

These articles would save me +50 hours of understanding how Lending & Borrowing works. Key concepts. Formulas. Very well written. 🔸blog.smlxl.io/defi-lending-c… 🔸blog.smlxl.io/defi-lending-c… 🔸 blog.smlxl.io/defi-lending-c…

The most effective way to learn Solana auditing (resources provided at the end) Most people will simply link a bunch of resources, but I also wanted to share important advice to make sure you're learning effectively. When transitioning to Solana from the EVM, there are just 3

x.com/i/article/1934…

🔥To all struggling to understand vulnerabilities in the Estelle Siener smart contract ecosystem: We wrote an article explaining issues, beyond logical vulnerabilities, that can lead to your contract being exploited. arjunasec.xyz/blogs/Soroban%…

If you want to understand $50K Merkle Tree Bug, open this:

The best smart contracts, all in one repo. Study them!! A curated list of top DeFi protocols with links to code, docs and Bytecode breakdowns. Must-bookmark for auditors and devs. github.com/shafu0x/awesom…

A great resource that lists all the non-evm and non-solidity auditing competitions, check it out or bookmark for later 🫡 meowing-earth-cff.notion.site/Non-Solidity-A…

DeFi Protocols Resources - repost & bookmark sir🫡 ♦️AMM Audit Checklist 🔗github.com/Decurity/audit… ♦️AMM Security & Audit Insights 🔗mirror.xyz/millietez.eth/… ♦️CDP Audit Checklist 🔗github.com/Decurity/audit… ♦️LSD Audit Checklist 🔗github.com/Decurity/audit… ♦️Guidelines for