Pdf Link: QuillAudit_Auditor_Roadmap.pdf
Xmind Link: https://xmind.works/#/share/OjLKsLSh
Here is the best roadmap for you to become a Smart Contract Auditor! If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.
- Blockchain :
- Ethereum:
- Mastering Ethereum
- Mandatory Chapters 1,4,5,6,7,9,13 & 14
- Ethereum Documentations
- Mastering Ethereum
- Solidity Docs
- smartcontract.engineer
- Cryptozombies
- Solidity-by-example
- Secureum:
- Solidity Gas Optimizations List
-
ERC Token Standards:
-
Upgradable Contracts:
- solidity-patterns
- solcurity
- Smart Contract Security Verification Standard
- Consensys Smart-contract-best-practices
- Security Pitfalls & Best Practices 101
- Security Pitfalls & Best Practices 201
- SWC Registry
- Kaden: Smart Contract Attack Vectors
- Solidity Attack Vectors
- Common Vulnerabilities in Smart contracts MindMap
- Ethernaut
- Capture The Ether
- QuillCTF
- Curta CTF
- Paradigm CTF
- ciphershastra CTF
- Damn Vulnerable DeFi
- unhackedctf
100+ CTF blockchain challenges: https://github.com/minaminao/ctf-blockchain
-
Finance:
-
DeFi (Decentralized Finance)
-
Well known DeFi Protocols:
-
Common DeFi Attack Vectors:
-
Auditing Tools:
-
VS Code Extensions
-
Auditing Books and Guides
-
Postmortems:
-
Audit Report Reading
- Newsletters: Blockthreat, Hashingbits, Immunefi
- Discord Communities: QuillAudits, Immunefi, Secureum, Blockchain Pentesting, OpenSense, Web3SeucurityDAO, DeFiHackLabs
- Twitter: Mudit Gupta, Samczun, Certik Alert, PeckShieldAlert, QuillAudits, BlockSec, BeosinAlert, Officer_CIA
- Security and Audting Course by Cyfrin Updraft
- Smart Contract Hacking Course by JohnnyTime
- Web3-Security-Library
- TeachYourselfCrypto
- w3bs3c
- Awesome Web3 Security
- Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript
- Learn Blockchain, Solidity, and Full Stack Web3 Development with Python