- Work on 3 smaller codebases that have complete reports and try to understand the H/M risks. Important to work with foundry, run tests, create POCs etc. Findings from the reports should be categorised into relevant, NFT / Flash Loan / categories in PseudoAudits.
- Golem
- Y
- Z
- Take on any Sherlock/Codearena competitions on small codebases (up to 7 day comps).
- x
- y
- z
- Get the tooling required
- Complete all the Ethernaut challenges
- Damn Vulnerable DeFi seems much more promising
Honestly pretty dissapointed with with Ethernaut CTF challenges. The solutions are abstract and in the few codebases I've seen are kind of irrelevant. Coders know not to use msg.sender == tx.origin etc.
- https://www.youtube.com/watch?v=0aJfCug1zTM&t=1246s&ab_channel=Chainlink
- Secureum
- Ethernaut (https://ethernaut.zeppelin.com/)
- cmichel.io
- teachyourselfcrypto.com
- Understand modifiers more
- Storage Slots
- Working on tests / tooling
- Foundry [Anvil, Chisel, etc]
- Slither
- Abstract contracts & interfaces
- Calldata vs. Memory
- Assembly / OPCODES
- Really can't get into a codebase and understand what is happening still. Need to work on my understanding of protocols.