#Solidity is the most adopted smart contract language for web3 devs. Going web2 โก๏ธ web3 requires a paradigm mindshift ๐คฏ
Here's how one can master solidity to the point of mastery ๐งโโ๏ธ Specially from a security perspective ๐๐งต
Solidity's syntax is very similar to that of JavaScript/Java, though typed.
Knowing CS fundamentals or at least prior knowledge of another programming language like Python or JS is quite helpful. It's good that you already went through the programming mind-blowing rabbithole ๐
The best way of getting acquainted with the Solidity syntax is to go through playful tutorials like the CryptoZombies one. But this is just a soft jump ๐
To actually go full chad mode you should eventually go to comprehensive tutorials like the ones by @PatrickAlphaC ๐ช
Though anybody can learn solidity syntax without knowing what a blockchain is, the fundamentals make a gigantic difference ๐
Master basic cryptography primitives (hashes, asymmetric encryption and DSAs, merkle trees) and fully understand the #Bitcoin whitepaper
In the meantime, follow right security-oriented players in the field, so that you cultivate both a cautionary approach to things and a "not trust, verify" perspective.
When solidity and blockchain fundamentals are mastered, jump into CTFs to get that hacker mindset + solidity experience ๐ต๏ธโโ๏ธ
Start with @OpenZeppelin Ethernaut, more beginner and give you an understanding of the EVM, and then jump to DeFi oriented ones like DamnVulnerableDeFi
As you do ctfs, start reading important DeFi codebases like @Uniswap@compoundfinance among many others. Check auditing reports as well and learn how auditors do their job ๐โ๏ธ
Approaching the code with the hacker mentality must be cultivated heavily here โ
Once you think you've read enough, start your own navigations through the whole DeFi dark forest. Start hunting bugs by exploring on-chain projects ๐ชฒ๐น
Hunting bugs on @immunefi projects can earn you handsome bounties ๐ฐ and save millions in user funds in the process ๐
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
If smart contract code on the #blockchain is immutable, what is this thing we've been hearing about called "contract upgradeability"?
Let me break it down easily, and talk about its pros and cons ๐งต
An incredible feature of a smart contract is that "code is law". The code will never change on a given contract account. That's actually true regardless of upgradeability, and I'll explain how this is in a bit.
This code stability creates trust and brings security to a product.
A downside of this, which immediately startles non web3 devs, is that the smart contract cannot be patched.
In web2, there's this established idea of CI/CD, continuous integration of stuff and seamless deployment of fixes.
Code cannot change, only account storage. What do?