Are auditors eating elephants?
Heyo,
Jules here, from Cyfrin.
Smart contract security doesn’t start with audits, because the future of the entire blockchain industry depends on security.
This week
✍🏼 How to systematically approach an audit
📆 This week in Cyfrin
⭐️ Ecosystem highlights
📚 How to become an auditor, auditor salaries, and best auditing tools
10 Steps to Systematically Approach an Audit
Independent of code size or complexity, breaking the process into compartmentalized chunks makes auditing more approachable.
Gain context while going through the docs
Clone repo locally, go through the README, and test out the commands
Analyze the test suite to find the weaker tested areas
Create architecture diagrams to visualize how contracts connect
Assess the Solidity versions for bugs within that version
Use Solodit to familiarize with the vulnerabilities found in similar protocols
Study the most common vulnerability points (access controls, public/external functions, state changes, dependencies, etc)
Leverage static analyzers like Slither or Cyfrin Aderyn
Time to break line by line! The Solodit Checklist can be helpful in this stage.
Craft a compelling report to convincingly demonstrate the bug to the protocol.
— Read more about how to approach an audit here!
This week in Cyfrin
🕵🏻♀️ The Beanstalk contest part 2 kicks off in 5 days, April 1st for a chance to win up to $35,000!
🐱 Community First Flight, Kitty Connect, kicks off today! These are contests for new auditors to participate and hone their skills.
📆 Join us today 3PM UTC for Kitty Connect’s First Flight Kick-off and get started with the first flight!
Ecosystem Highlight ⭐️
This week we want to highlight our community member Shikhar Agarwal - who created this week’s Community First Flight.
We all help each other grow - thank you Shikhar!
Related articles
🕵🏻♀️ Secure the ecosystem by becoming a smart contract auditor. Here is our full roadmap to kick-off your auditing career.
💰 How much do security researchers earn? Here’s a salary guide for smart contract security auditors!
👩🏻💻 Check out our favorite, top industry-leading tools to smart contract auditing.
Would love to hear what you think about Cyfrin newsletter and how we can improve it for you. Let’s chat!
Sending lots of cyber love,
Jules 🤸🏻