{"id":19564293,"url":"https://github.com/quillhash/quillaudit_auditor_roadmap","last_synced_at":"2025-05-15T14:06:47.848Z","repository":{"id":58841510,"uuid":"533357404","full_name":"Quillhash/QuillAudit_Auditor_Roadmap","owner":"Quillhash","description":"This repository contains a mindmap and stepwise resource to get started with Smart Contract Auditing. If you find anything missing or want to update existing resources, feel free to create a pull request.","archived":false,"fork":false,"pushed_at":"2024-11-05T12:20:57.000Z","size":6221,"stargazers_count":554,"open_issues_count":0,"forks_count":93,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-05-15T14:06:31.377Z","etag":null,"topics":["blockchain","ethereum","evm","security","solidity"],"latest_commit_sha":null,"homepage":"https://www.quillaudits.com/academy","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Quillhash.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-06T14:16:36.000Z","updated_at":"2025-05-14T16:32:32.000Z","dependencies_parsed_at":"2024-12-28T15:02:13.879Z","dependency_job_id":"8d71e67c-099e-4b94-b07b-b7a1c4917717","html_url":"https://github.com/Quillhash/QuillAudit_Auditor_Roadmap","commit_stats":{"total_commits":20,"total_committers":5,"mean_commits":4.0,"dds":"0.19999999999999996","last_synced_commit":"fa7be41f209232077745c57b2bd02d7f52794b99"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FQuillAudit_Auditor_Roadmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FQuillAudit_Auditor_Roadmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FQuillAudit_Auditor_Roadmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FQuillAudit_Auditor_Roadmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Quillhash","download_url":"https://codeload.github.com/Quillhash/QuillAudit_Auditor_Roadmap/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254355335,"owners_count":22057354,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","ethereum","evm","security","solidity"],"created_at":"2024-11-11T05:21:15.716Z","updated_at":"2025-05-15T14:06:42.745Z","avatar_url":"https://github.com/Quillhash.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# QuillAudit's SmartContract Auditor Roadmap\n\n![](https://github.com/Quillhash/QuillAudit_Auditor_Roadmap/blob/main/files/QuillAudits_Auditor's_Roadmap.png)\n\nPdf Link: [QuillAudit_Auditor_Roadmap.pdf](https://github.com/Quillhash/QuillAudit_Auditor_Roadmap/blob/main/files/QuillAudits_Auditor's_Roadmap.pdf)\n\nXmind Link: https://xmind.works/#/share/OjLKsLSh\n\n---\nHere is the best roadmap for you to become a Smart Contract Auditor!\nIf you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.\n\n## Steps to Follow:\n\n### 1. Blockchain \u0026 Ethereum Basics:\n\n- ***Blockchain :***\n - [Blockchain Technology Explained](https://www.youtube.com/watch?v=qOVAbKKSH10)\n - [Blockchain Cryptography](https://101blockchains.com/blockchain-cryptography/)\n- ***Ethereum:***\n - [Mastering Ethereum](https://github.com/ethereumbook/ethereumbook)\n - Mandatory Chapters 1,4,5,6,7,9,13 \u0026 14\n - [Ethereum Documentations](https://ethereum.org/en/developers/)\n \n\n### 2. Solidity Fundamentals:\n\n- [Solidity Docs](https://docs.soliditylang.org/en/latest/)\n- [smartcontract.engineer](https://www.smartcontract.engineer/)\n- [Cryptozombies](https://cryptozombies.io/en/course/)\n- [Solidity-by-example](https://solidity-by-example.org/)\n- ***Secureum***:\n - [Secureum Solidity 101](https://secureum.substack.com/p/solidity-101?s=r)\n - [Secureum Solidity 201](https://secureum.substack.com/p/solidity-201?s=r)\n- **[Solidity Gas Optimizations List](https://github.com/iskdrews/awesome-solidity-gas-optimization)**\n\n### 3. Testing and Debugging Frameworks\n\n- [Foundry](https://github.com/foundry-rs/foundry)\n- [Hardhat](https://hardhat.org/guides/waffle-testing.html)\n- [Brownie](https://eth-brownie.readthedocs.io/en/stable/)\n- [Tenderly](https://tenderly.co/)\n\n### 4. Commonly used Libraries and Token Standards:\n\n- **ERC Token Standards:**\n - [ERC 20](https://ethereum.org/en/developers/docs/standards/tokens/erc-20/)\n - [ERC 721 (NFT)](https://ethereum.org/en/developers/docs/standards/tokens/erc-721/)\n - [ERC 777](https://ethereum.org/en/developers/docs/standards/tokens/erc-777/)\n - [ERC 1155](https://ethereum.org/en/developers/docs/standards/tokens/erc-1155/)\n - [ERC 4626](https://ethereum.org/en/developers/docs/standards/tokens/erc-4626/)\n - [ERC 2981](https://eips.ethereum.org/EIPS/eip-2981)\n \n- **[OpenZeppelin Helper Library/Contracts.](https://github.com/OpenZeppelin/openzeppelin-contracts)**\n\n- **Upgradable Contracts:**\n - [Upgradeable Contracts - Smartcontract Programmer](https://www.youtube.com/watch?v=JgSj7IiE4jA)\n - [yAcademy Proxies Research](https://proxies.yacademy.dev/)\n - [Risks of Upgradeable Contracts - Smartcontract Programmer](https://www.youtube.com/watch?v=XmxfB5JOt1Q)\n - [Different Proxy Patterns - EIPs 897, 1822, 1967, 1538, 2535](https://ethereum-blockchain-developer.com/110-upgrade-smart-contracts/00-project/)\n - [Openzeppelin Proxy docs](https://docs.openzeppelin.com/contracts/4.x/api/proxy)\n \n\n### 5. Solidity Security Standard \u0026 Best Practice:\n\n- [solidity-patterns](https://github.com/fravoll/solidity-patterns)\n- [solcurity](https://github.com/transmissions11/solcurity)\n- [Smart Contract Security Verification Standard](https://github.com/securing/SCSVS)\n- [Consensys Smart-contract-best-practices](https://consensys.github.io/smart-contract-best-practices/)\n- [Security Pitfalls \u0026 Best Practices 101](https://secureum.substack.com/p/security-pitfalls-and-best-practices-101)\n- [Security Pitfalls \u0026 Best Practices 201](https://secureum.substack.com/p/security-pitfalls-and-best-practices-201)\n\n### 6. Smart Contract Vulnerabilities:\n\n- [SWC Registry](https://swcregistry.io/)\n- [Kaden: Smart Contract Attack Vectors](https://github.com/KadenZipfel/smart-contract-attack-vectors)\n- [Solidity Attack Vectors](https://github.com/Quillhash/Solidity-Attack-Vectors)\n- [Common Vulnerabilities in Smart contracts MindMap](https://github.com/Anugrahsr/Awesome-web3-Security/blob/main/image/Vulnerabilities_in_Smart_contracts.png)\n\n### 7. CTF Challenges:\n\n- [Ethernaut](https://ethernaut.openzeppelin.com/)\n- [Capture The Ether](https://capturetheether.com/)\n- [QuillCTF](https://www.quillaudits.com/academy/ctf)\n- [Curta CTF](https://www.curta.wtf/)\n- [Paradigm CTF](https://ctf.paradigm.xyz/)\n- [ciphershastra CTF](https://ciphershastra.com/index.html)\n- [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)\n- [unhackedctf](https://github.com/unhackedctf)\n\n**100+ CTF blockchain challenges:** [https://github.com/minaminao/ctf-blockchain](https://github.com/minaminao/ctf-blockchain#ethereumcontract-basics)\n\n### 8. Finance and DeFi:\n\n- **Finance:**\n - [Khan Academy’s Finance](https://www.khanacademy.org/economics-finance-domain/core-finance/derivative-securities)\n\n- **DeFi (Decentralized Finance)**\n - [DeFi - Teachyourselfcrypto](https://teachyourselfcrypto.com/#ftoc-module-4-decentralized-finance-defi)\n - [Finematics - DeFi](https://www.youtube.com/watch?v=pWGLtjG-F5c\u0026list=PLjrTIwaNiTwn39tg3sR_bPBWGHoznv47D)\n - [Smart Contract Programmer - DeFi](https://www.youtube.com/watch?v=qB2Ulx201wY\u0026list=PLO5VPQH6OWdX-Rh7RonjZhOd9pb9zOnHW)\n- **Well known DeFi Protocols:**\n - [Uniswap](https://mvpworkshop.co/blog/uniswap-v3-explained-all-you-need-to-know/)\n - [Compound](https://mvpworkshop.co/blog/uniswap-v3-explained-all-you-need-to-know/)\n - [Aave](https://www.youtube.com/watch?v=WwE3lUq51gQ)\n - [Balancer](https://medium.com/token-terminal/eli5-what-is-balancer-labs-16c8cfe092d9)\n\n- **Common DeFi Attack Vectors:**\n - [Flash Loan Attack](https://www.moonpay.com/blog/defi-flash-loans-explained)\n - [Price Oracle Manipulation](https://medium.com/beaver-smartcontract-security/defi-security-lecture-7-price-oracle-manipulation-d716cdeaaf77)\n - [Front-Running](https://www.securing.pl/en/front-running-attack-in-defi-applications-how-to-deal-with-it/)\n - [Exit Scams](https://www.acamstoday.org/cryptocurrency-exit-scams-what-they-are-and-how-to-avoid-them/)\n - [Sandwich attacks](https://medium.com/coinmonks/defi-sandwich-attack-explain-776f6f43b2fd)\n - [Unlimited Token Allowance](https://kalis.me/unlimited-erc20-allowances/)\n \n### 9. Auditing Tools and Techniques:\n- **Auditing Tools:**\n - [Slither](https://github.com/crytic/slither)\n - [QuillShield](https://shield.quillai.network/)\n - [Mythril](https://github.com/ConsenSys/mythril)\n - [Mythx](https://mythx.io/)\n - [Echidna](https://github.com/crytic/echidna)\n - [Foundry FUZZ](https://book.getfoundry.sh/forge/fuzz-testing)\n - [Manticore](https://github.com/trailofbits/manticore)\n - [Surya](https://github.com/ConsenSys/surya)\n- **VS Code Extensions**\n - [Solidity Visual Developer](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor)\n - [Solidity Metrics](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-metrics)\n - [Slither VSC](https://marketplace.visualstudio.com/items?itemName=trailofbits.slither-vscode)\n - [EthOver](https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-ethover)\n\n- **Auditing Books and Guides**\n - [Audit Hero](https://audit-hero.com/finding)\n - [solodit](https://solodit.cyfrin.io/)\n - [Audit Checklist](https://github.com/tamjid0x01/SmartContracts-audit-checklist)\n\n- **[Complete List of Web3 Security Tools](https://github.com/Quillhash/Web3-Security-Tools)**\n\n### 10. Postmortem \u0026 Audit Reports:\n\n- **Postmortems:**\n - [Immunefi](https://medium.com/@immunefi)\n - [QuillAudits](https://quillaudits.medium.com/)\n - [BlockSec](https://blocksecteam.medium.com/)\n - [SlowMist](https://slowmist.medium.com/)\n - [Rekt News](https://rekt.news/)\n - [Neptune Mutual](https://medium.com/@neptunemutual)\n - [PeckShield](https://twitter.com/peckshield)\n - [hacxyk](https://medium.com/@hacxyk)\n - [Coinmonk](https://medium.com/coinmonks)\n - [TrailOfBits](https://blog.trailofbits.com/)\n - [Secureum](https://secureum.substack.com/)\n - [Openzeppelin](https://blog.openzeppelin.com/security-audits/)\n - [OfferCIA](https://officercia.mirror.xyz/)\n\n- **Audit Report Reading**\n - [QuillAudits](https://github.com/Quillhash/QuillAudit_Reports)\n - [Code4rena](https://code4rena.com/reports)\n - [Sherlock](https://github.com/sherlock-audit)\n - [Spearbit](https://github.com/spearbit/portfolio/tree/master/pdfs)\n - [Consensys](https://consensys.net/diligence/audits/)\n - [Openzeppelin](https://blog.openzeppelin.com/security-audits/)\n - [Chainsecurity](https://chainsecurity.com/audits/)\n - [Ackee Audit Reports](https://ackeeblockchain.com/blog/)\n - **[Complete List of Audit Reports](https://github.com/0xNazgul/Blockchain-Security-Audit-List)**\n\n### 11. Keep Yourself Updated:\n\n- **Newsletters**: [Blockthreat](https://newsletter.blockthreat.io/), [Hashingbits](https://quillaudits.substack.com/), [Immunefi](https://immunefi.com/)\n- **Discord Communities**: [QuillAudits](https://discord.gg/b8y4Z8p7Qg), [Immunefi](https://discord.gg/immunefi), [Secureum](https://discord.gg/vGebCTSfNx), [Blockchain Pentesting](https://discord.gg/5JZERC5Vxs), [OpenSense](https://discord.gg/opensense), [Web3SeucurityDAO](https://discord.gg/9SQqMHkQxK), [DeFiHackLabs](https://discord.gg/HtqdYn2ECa)\n- **Twitter**: [Mudit Gupta,](https://twitter.com/Mudit__Gupta/) [Samczun](https://twitter.com/samczsun), [Certik Alert](https://twitter.com/CertiKAlert), [PeckShieldAlert](https://twitter.com/PeckShieldAlert), [QuillAudits](https://twitter.com/QuillAudits), [BlockSec](https://twitter.com/BlockSecTeam), [BeosinAlert](https://twitter.com/BeosinAlert), [Officer_CIA](https://twitter.com/officer_cia)\n\n### 12. Miscellaneous Resources:\n\n- [Security and Audting Course by Cyfrin Updraft](https://updraft.cyfrin.io/courses/security)\n- [Smart Contract Hacking Course by JohnnyTime](https://smartcontractshacking.com/)\n- [Web3-Security-Library](https://github.com/immunefi-team/Web3-Security-Library)\n- [TeachYourselfCrypto](https://teachyourselfcrypto.com)\n- [w3bs3c](https://www.w3bs3c.com/)\n- [Awesome Web3 Security](https://github.com/Anugrahsr/Awesome-web3-Security)\n- [Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript](https://www.youtube.com/watch?v=gyMwXuJrbJQ)\n- [Learn Blockchain, Solidity, and Full Stack Web3 Development with Python](https://www.youtube.com/watch?v=M576WGiDBdQ)\n\n\n### Credits:\n\n[**Auditor Mindmap by Razzorsec**](https://github.com/razzorsec/AuditorsRoadmap)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquillhash%2Fquillaudit_auditor_roadmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fquillhash%2Fquillaudit_auditor_roadmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquillhash%2Fquillaudit_auditor_roadmap/lists"}