All information was original created by 0xRajeev that he has developed from other public sources. This content is for the Secureum Epoch0 Bootcamp for Smart Contract auditing. The plan is to grow this over time. Pull requests accepted.
Information I would like to add (my wish list):
Please report any errors or rendering issues. Happy to accept PR's that improve upon the content.
The impetus for this project was self-edification as well as providing better accessibility to the content 0xRajeev has produced. Plus, I really wanted to make some cool graphs and play with Obsidian. :)
If you open this in Obsidian you can graph the notes.
Here is an awesome resource from patrickd who is in Epoch0: Link (Place in the contracts
folder on Remix)
Topics
Blog Article
Course Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Read the Ethereum whitepaper: https://ethereum.org/en/whitepaper/
- Read the Ethereum yellow paper: https://ethereum.github.io/yellowpaper/paper.pdf
- Read Chapters 1, 2, 3, 4, 6, 13 and 14 from Mastering Ethereum: https://github.com/ethereumbook/ethereumbook and other references in Secureums Ethereum 101 article
- Browse through topics at https://ethereum.org/en/developers/docs/
- Explore blocks, transactions and other protocol internals at https://etherscan.io/
Quiz
Quiz Writeups
Blog Article
Course Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Read Chapter 7 from Mastering Ethereum: https://github.com/ethereumbook/ethereumbook/blob/develop/07smart-contracts-solidity.asciidoc
- Understand Solidity syntax and semantics implemented in OpenZeppelins ERC20 contract: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol
- Understand Solidity syntax and semantics implemented in OpenZeppelins ERC721 (NFT) contract: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol
- Understand Solidity syntax and semantics implemented in OpenZeppelins security-related contracts Ownable, Pausable and ReentrancyGuard: https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/access and https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/security
- Experiment with the various Solidity concepts using https://remix.ethereum.org/
Quiz
Quiz Writeups
Blog
Youtube Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Understand all the OpenZeppelin Library contracts (many of which are widely-used): https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts
- Understand Solidity syntax and semantics implemented in Uniswap V3 contracts and related dependencies: https://github.com/Uniswap/uniswap-v3-core/tree/main/contracts
- Understand Solidity syntax and semantics implemented in Fei Protocol contracts and related dependencies: https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts
- Understand Solidity syntax and semantics implemented in Chainlink contracts and related dependencies: https://github.com/smartcontractkit/chainlink/tree/develop/contracts/src/v0.4
- Understand Solidity syntax and semantics implemented in Opyn Gamma Protocol contracts and related dependencies: https://github.com/opynfinance/GammaProtocol/tree/master/contracts/core
Quiz
Quiz Writeups
Blog
Youtube Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Explore the SWC Registry list and test cases: https://swcregistry.io/
- Watch Intro to Security First Development by Gonalo S @GNSPS, ConsenSys Diligence: https://www.youtube.com/watch?v=72K57I9yvyI
- Watch Protect your Crypto and Avoid Getting Hacked by Mehdi Zerouali @ethzed, Sigma Prime: https://www.youtube.com/watch?v=L2DRC6PjTgk
- Watch DeFi Security: With So Many Hacks, Will It Ever Be Safe? on Unchained Podcast with Dan Guido @dguido (Trail of Bits) and Taylor Monahan (MyCrypto): https://www.youtube.com/watch?v=Sc5fZ-Wprx8
- Attempt CTF: https://capturetheether.com/
Quiz
Quiz Writeups
Blog
Youtube Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Read https://samczsun.com/so-you-want-to-use-a-price-oracle/ and https://samczsun.com/the-dangers-of-surprising-code/
- Watch Security By Design & Smart Contract Audits by Shayan Eskandari, Ex-ConsenSys Diligence: https://www.youtube.com/watch?v=gfD1KBtLWZI
- Watch How to Build Secure Smart Contracts by Josselin Feist (@Josselin Feist - Trail of Bits), Trail of Bits: https://www.youtube.com/watch?v=yP01yH4plT8
- Watch White Hat Panel: DeFi Exploits: https://www.youtube.com/watch?v=Df2zzfoTfMc
- Attempt CTF: https://www.damnvulnerabledefi.xyz/
Quiz
Quiz Writeups
Blog
Youtube Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Read the following:
- How to Prepare for a Smart Contract Audit: https://consensys.net/diligence/blog/2019/09/how-to-prepare-for-a-smart-contract-audit/
- What is a Security Audit, When You Should Get One, and How to Prepare (by @petty) : https://our.status.im/what-is-a-security-audit-when-you-should-get-one-and-how-to-prepare/
- 246 Findings From our Smart Contract Audits: An Executive Summary: https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/
- Run MythX on Fei Protocol contracts and analyze the reported findings: https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts
- Run Slither on Uniswap V3 contracts and analyze the reported findings: https://github.com/Uniswap/uniswap-v3-core/tree/main/contracts
- Watch The Evolution of Smart Contract Security by Dan Guido, Trail of Bits: https://www.youtube.com/watch?v=fOkQuNzVn_Q
- Attempt Paradigm CTF: https://github.com/paradigm-operations/paradigm-ctf-2021
Quiz
Quiz Writeups
Blog
Youtube Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Read the audit report along with the smart contracts to understand all the reported findings for Fei Protocol: https://consensys.net/diligence/audits/2021/01/fei-protocol
- Read the audit report along with the smart contracts to understand all the reported findings for Uniswap V3: https://github.com/Uniswap/uniswap-v3-core/blob/main/audits/tob/audit.pdf
- Read the audit report along with the smart contracts to understand all the reported findings for Chainlink: https://github.com/sigp/public-audits/blob/master/chainlink-1/review.pdf
- Read the audit report along with the smart contracts to understand all the reported findings for Opyn Gamma protocol: https://blog.openzeppelin.com/opyn-gamma-protocol-audit/
- Watch: OpenZeppelin @tinchoabbate's Secure Development Series: https://www.youtube.com/playlist?list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz
Quiz
Quiz Writeups
Blog
Youtube Videos
- Block 1
- Block 2
- Block 3
- Block 4
- Block 5
Participant Created Content
Assignment
- Read the audit report along with the smart contracts to understand all the reported findings for 1inch Liquidity Protocol: https://consensys.net/diligence/audits/2020/12/1inch-liquidity-protocol/
- Read the audit report along with the smart contracts to understand all the reported findings for Origin Dollar: https://github.com/trailofbits/publications/blob/master/reviews/OriginDollar.pdf
- Read the audit report along with the smart contracts to understand all the reported findings for Synthetix EtherCollateral: https://github.com/sigp/public-audits/blob/master/synthetix/ethercollateral/review.pdf
- Read the audit report along with the smart contracts to understand all the reported findings for Holdefi: https://blog.openzeppelin.com/holdefi-audit
- Stay updated with Ethereum security articles/news:
- WeekInEthereumNews (security section): https://weekinethereumnews.com/
- BlockThreat Newsletter: https://www.blockthreat.io/
- Rekt: https://rekt.news/
- Secureum Newsletter: https://secureum.substack.com/
Quiz
Quiz Writeups
Extras