How to make a jump from Web2 hacking to Web3 hacking?
โ๐๐ค๐ ๐๐๐๐๐ ๐๐๐ฃ๐๐๐๐๐ ๐๐ ๐ ๐ค๐๐๐ ๐๐๐ ๐ผ โ ๐ผ ๐ก๐๐๐ ๐กโ๐ ๐๐๐ ๐๐๐ ๐ ๐ก๐๐๐ฃ๐๐๐๐๐ ๐๐ฆ, ๐๐๐ ๐กโ๐๐ก โ๐๐ ๐๐๐๐ ๐๐๐ ๐กโ๐ ๐๐๐๐๐๐๐๐๐๐โ
โ ๐ ๐๐๐๐๐ก ๐น๐๐๐ ๐ก
๐งตโ
โ๐๐ค๐ ๐๐๐๐๐ ๐๐๐ฃ๐๐๐๐๐ ๐๐ ๐ ๐ค๐๐๐ ๐๐๐ ๐ผ โ ๐ผ ๐ก๐๐๐ ๐กโ๐ ๐๐๐ ๐๐๐ ๐ ๐ก๐๐๐ฃ๐๐๐๐๐ ๐๐ฆ, ๐๐๐ ๐กโ๐๐ก โ๐๐ ๐๐๐๐ ๐๐๐ ๐กโ๐ ๐๐๐๐๐๐๐๐๐๐โ
โ ๐ ๐๐๐๐๐ก ๐น๐๐๐ ๐ก
๐งตโ
{1}
As with everything, you need solid foundations before leaping into anything advanced.
That's why I recommend reading upon how Ethereum works first.
github.com/ethereumbook/eโฆโฆ
This should give you a great overview of inner workings of Ethereum.
Next, Solidity!๐
As with everything, you need solid foundations before leaping into anything advanced.
That's why I recommend reading upon how Ethereum works first.
github.com/ethereumbook/eโฆโฆ
This should give you a great overview of inner workings of Ethereum.
Next, Solidity!๐
{2}
All Ethereum DApps rely on Smart Contracts (SC)
Knowing what they are, how to write them is a big step towards findings bugs
Solidity is the most popular language for SCs and
@ProgrammerSmart
created an awesome resources for learning the language
solidity-by-example.org
All Ethereum DApps rely on Smart Contracts (SC)
Knowing what they are, how to write them is a big step towards findings bugs
Solidity is the most popular language for SCs and
@ProgrammerSmart
created an awesome resources for learning the language
solidity-by-example.org
{3}
Apart from the awesome website, he also creates YouTube videos on various Solidity/Security/DeFi topics.
It's worth checking it out!
youtube.com/channel/UCJWh7โฆ
Apart from learning the language, it's also essential knowing the application landscape and what the hell is DeFi ๐ฑ
Apart from the awesome website, he also creates YouTube videos on various Solidity/Security/DeFi topics.
It's worth checking it out!
youtube.com/channel/UCJWh7โฆ
Apart from learning the language, it's also essential knowing the application landscape and what the hell is DeFi ๐ฑ
{4}
DeFi apps are one of the most popular Ethereum based applications.
Knowing what they are and how they work will help you with finding bugs.
One of the best resources to learn more about the topic is
@finematics
Also check out
@officer_cia
guide to DeFi
DeFi apps are one of the most popular Ethereum based applications.
Knowing what they are and how they work will help you with finding bugs.
One of the best resources to learn more about the topic is
@finematics
Also check out
@officer_cia
guide to DeFi
{5}
One of the most fun way to see and learn how to break applications is by completing CTFs.
Web3 also got you covered on this front and there are multiple CTFs worth checking out.
1. ethernaut.openzeppelin.com
2. capturetheether.com/challenges/
3. damnvulnerabledefi.xyz
One of the most fun way to see and learn how to break applications is by completing CTFs.
Web3 also got you covered on this front and there are multiple CTFs worth checking out.
1. ethernaut.openzeppelin.com
2. capturetheether.com/challenges/
3. damnvulnerabledefi.xyz
When you have that knowledge and practice behind you, next step I could recommend is by reading Post Mortem on various hacks/bugs.
@adrianhetman already wrote few such articles on
@immunefi
where he covered for example Price Oracle manipulation.
@adrianhetman already wrote few such articles on
@immunefi
where he covered for example Price Oracle manipulation.
{6}
It's also worth checking out reputable auditing firms like @trailofbits / @ConsenSysAudits / @OpenZeppelin / @peckshield and others.
They always post something interesting and they make most of their audit reports public.
Reading such audit report is a knowledge mineโ๏ธ๐ฏ๏ธ
It's also worth checking out reputable auditing firms like @trailofbits / @ConsenSysAudits / @OpenZeppelin / @peckshield and others.
They always post something interesting and they make most of their audit reports public.
Reading such audit report is a knowledge mineโ๏ธ๐ฏ๏ธ
{7}
Having a dev/test env is a must for bug hunter
It's worth learning the basics of
@HardhatHQ
and
@BrownieEth
. Without them you won't go far with writing your own PoC.
Get familiar with Web3.js/Web3.py packages to be able to query Ethereum easily and manipulate transactions
Having a dev/test env is a must for bug hunter
It's worth learning the basics of
@HardhatHQ
and
@BrownieEth
. Without them you won't go far with writing your own PoC.
Get familiar with Web3.js/Web3.py packages to be able to query Ethereum easily and manipulate transactions
{8}
Some of the interesting security tools that can help you and improve your workflow are
1. Solidity Visual Developer
2. Surya
3. ethtx.info
4. github.com/dapphub/dapptoโฆ
5. seth
Some of the interesting security tools that can help you and improve your workflow are
1. Solidity Visual Developer
2. Surya
3. ethtx.info
4. github.com/dapphub/dapptoโฆ
5. seth
{9}
If you want to become a smart contract auditor,
@cmichelio
created an awesome blog post just about that.
It's worth giving it a read as you will find some valuable information.
If you want to become a smart contract auditor,
@cmichelio
created an awesome blog post just about that.
It's worth giving it a read as you will find some valuable information.
{10}
Here are other superb links you will find helpful that I didn't had a character count in previous tweets
1. useweb3.xyz
2. notonlyowner.com/learn/intro-seโฆโฆ
3. github.com/ConsenSys/etheโฆโฆ
4. devansh.xyz/blockchain-secโฆโฆ
Thread is not over continue to read ๐ง
Here are other superb links you will find helpful that I didn't had a character count in previous tweets
1. useweb3.xyz
2. notonlyowner.com/learn/intro-seโฆโฆ
3. github.com/ConsenSys/etheโฆโฆ
4. devansh.xyz/blockchain-secโฆโฆ
Thread is not over continue to read ๐ง
{11}
Armed with the knowledge and practice you are now prepared to start submitting bugs on bug bounty platforms like @immunefi.
If you want to know how to properly write your bug report (and you should!) Immunefi got you covered with the following article.๐ฅท
Armed with the knowledge and practice you are now prepared to start submitting bugs on bug bounty platforms like @immunefi.
If you want to know how to properly write your bug report (and you should!) Immunefi got you covered with the following article.๐ฅท
{12}
Another great article explaining how to get started with block hacking by @morphean_sec . I Highly recommend you read it(โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ)
Hacking the Blockchain: An Ultimate Guide
medium.com/immunefi/hackiโฆ
Another great article explaining how to get started with block hacking by @morphean_sec . I Highly recommend you read it(โญ๏ธโญ๏ธโญ๏ธโญ๏ธโญ๏ธ)
Hacking the Blockchain: An Ultimate Guide
medium.com/immunefi/hackiโฆ
{13}
I hope I you found the thread helpful to you and you will start making first steps towards Web3 Security.
I hope I you found the thread helpful to you and you will start making first steps towards Web3 Security.
{14/14}
If you like the article, please retweet๐ the first tweet, and if you have any other interesting links๐ or suggestions, please leave a comment๐.
If you like the article, please retweet๐ the first tweet, and if you have any other interesting links๐ or suggestions, please leave a comment๐.
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
ใ
