New courses now live: Wallets, deployment and formal verification. Sign up to get started đ
Video
Video Lesson
Written
Written Lesson
Note: Despite this, many protocols still insist on requesting a "smart contract audit," so it's eminent to know that the terms are interchangeable. When you hear "security review", think "smart contract audit" and vice versa. Protocols are often unaware of these nuances, but you, as a trained security researcher, know better!
1. Initial Review
a. Scoping
b. Reconnaissance
c. Vulnerability identification
d. Reporting
2. Protocol fixes
a. Fixes issues
b. Retests and adds tests
3. Mitigation Review
a. Reconnaissance
b. Vulnerability identification
C. Reporting
To give you a heads-up, there really isn't a "one-size-fits-all" approach to smart contract auditing. There are several unique strategies, each bringing a different set of pros and cons to the table."the Tincho"
and "the Hans"
, to help familiarize you with the process. However, remember that these are just examples; there isnât a definitive, "correct" way of performing a security review.A smart contract audit is a timeboxed, security based review of your smart contract system. An auditor's goal is to find as many vulnerabilities as possible and educate the protocol on ways to improve their codebase security and coding best-practices moving forward.
commit hash
and down payment
by the protocol and start date can be set!Note: The commit hash
is the unique ID of the codebase an auditor will be working with.
Remember: One audit might not be enough. Getting more eyes on your code is only going to increase the chances of catching vulnerabilities before it's too late
competitive
and private
audits in a later section."There is no silver bullet in smart contract auditing. But understanding the process, methods, and importance of regular security reviews can significantly enhance your protocol's robustness."
Previous lesson
Previous
Next lesson
Next
Join the discussions!
GitHub
DiscussionsGive us feedback
Testimonials
Read what our students have to say about this course.
If thereâs one resource that Web3 developers point to, itâs Cyfrinâs ultimate tutorials. Theyâre standout resources that have empowered countless developers to learn blockchains, learn Solidity, and dive deep into Web3 development.
We can build systems for Ethereum scaling but without education, itâs all for nothing. Updraft is the first step towards adoption for Web3 education. We can now mint security focused developers at scale!
Cyfrin's course was a cornerstone of my journey into Web3, providing me with the fundamentals and hands-on experience that have been pivotal to my journey in the blockchain space.
Cyfrin Updraft videos on smart contract development have been instrumental in my blockchain journey, standing out with their clarity and accessibility. Their readiness to support and engage with learners makes me excited for more of their interactive and insightful content in the Web3 space
I took Cyfrin course and Iâve been working as a solutions developer at OpenZeppelin for the last few months. It was by far the most comprehensive resource and the one that really teached me the fundamentals and made me want to switch from web2 to web3
The Cyfrin courses were a game-changer for me. They provided a well-structured and comprehensive introduction to web3 and blockchain development. The knowledge I gained allowed me to transition into a full-time role as a blockchain developer. I can't recommend these courses enough!
I took Cyfrinâs courses, and I took them seriously. At least one hour every day, documented the progress, didnât skip any second. Havenât found a better web3 course since. Now Iâm full-time in web3, working as Senior Developer Advocate at Ceramic Network.
Cyfrin have been an absolute game-changers in my journey into blockchain. Saying their courses were remarkable, would be an understatement. Thanks to their expert guidance, I gained a deep understanding of blockchain to its roots. I'm forever grateful for their role in helping me get started in web3.