Cyber security

Web3 Security Researcher Roadmap – Mastering Solidity And Smart Contract Audits By 2024

Embark on a journey to become a Web3 security expert with our comprehensive 2024 roadmap.

This guide delves deep into mastering Ethereum, Solidity, and essential security practices through strategic courses, hands-on exercises, and community audits.

Equip yourself with the knowledge and skills to navigate the complex landscape of smart contract security and blockchain vulnerabilities.

An updated (by 2024) roadmap to help you become a successful Web3 security researcher with Solidity

  1. Read or listen the Mastering Ethereum book and read the EVM from Scratch website
  2. Complete all of the courses in Cyfrin Updraft
  3. Watch Solidity 0.8 and Hack Solidity playlists by Smart Contract Programmer
  4. Complete the Secureum Mindmap
  5. Watch Owen Thurm on YouTube (Web3 Security 101 playlist and then Advanced Web3 Security Course Part 1 & Part 2)
  6. Exercise most common smart contract vulnerabilities with the DeFiVulnLabs repository
  7. Reproduce DeFi hack incidents with the DeFiHackLabs repository
  8. Do at least 2-3 shadow audits (redo past contests, which already have final reports out), examples are BeedleFi, Asymmetry, Curve, DYAD, Revolution Protocol and also participate in First Flights by Cyfrin
  9. Learn bugs while reading reports from previous audits in Solodit

Now you should be ready to participate in live contests on audit platforms like Code4rena, Sherlock, CodeHawks, Cantina, HatsFinance and Immunefi.

Before participating in a public contest, be sure to read the documentation of the audit platform that organizes it!

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

7 hours ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

7 hours ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

7 hours ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

1 day ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

1 day ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

1 day ago