Skip to content

Web3 security learning resources

Posted on:January 27, 2024 at 05:17 AM

Web3 security learning resources by Jose María de la Cruz

Hello everyone, my name is Jose María, 0xjmaria in Twitter (X). I entered the blockchain space three years ago and have been working as a Blockchain Engineer for the past two years. Over a year ago, I delved deeply into the smart contract security ecosystem. During this time, I made efforts to read and learn from various resources, including articles, courses, videos, and more. After a year of studying and conducting Smart Contract audits, I continue to dedicate time every day to further my knowledge. I have compiled a list of resources that I have found impactful in shaping my career, and I would like to share them with you.

When discussing specific topics that every auditor should learn, it is assumed that the auditor already possesses a foundational understanding of Blockchain and Solidity. However, if not, it is recommended to begin with the principles of Blockchain and conduct research on topics related to:

  1. Blockchain nodes
  2. Consensus mechanism
  3. Game theory
  4. RPC nodes
  5. Nonces
  6. EIPs

Once you have a solid grasp of the basics and have written and deployed some Smart Contracts, it’s time to delve into DeFi. While knowing TradFi (Traditional Finance) will aid in understanding many concepts, you will need to truly immerse yourself in learning how the most popular protocols work:

  1. Uniswap
  2. Balancer
  3. Compound
  4. Aave
  5. GMX

At this stage, you may be ready to start doing research and reading about specific bugs in various protocols that have been reported in the past. I highly recommend delving into the most common and well-known attack types and concepts:

  1. Front-running
  2. Oracle manipulation
  3. Slippage
  4. Hash collisions
  5. Proxies
  6. Signature attacks
  7. Liquidations
  8. Precision loss

About this last point, there are numerous additional concepts that you should familiarize yourself with. The ecosystem is vast, and the more you learn, the more proficient you will become. To assist you in this regard, I have compiled external resources that other auditors or companies have published over time. This will enable you to directly explore these resources without spending time searching for them.

I have compiled numerous resources covering a wide range of topics:

Alt text

The link to access these resources has been freely shared within BoostHub’s Discord community. I invite you to join and locate the materials in the ‘free-resources’ channel. The BoostHub community actively brings together experienced developers and auditors to assist newcomers in the space. It’s the ideal platform for you to pose any questions related to web3.

About the Writer