10 Steps to Systematically Approach A Smart Contract Audit
In this article, we will go through 10 key steps to systematically approach a smart contract audit, independently of code size or complexity, as security researchers.
On March 5th 2024, WOOFi’s synthetic proactive market making (sPMM) algorithm that controls the pricing of WOOFi Swaps was exploited on Arbitrum for $8.6M. Here's how.
Seneca Protocol is a decentralized finance product which was exploited for $6million. Here is how it happened, a proof of concept, and how to mitigate it.
What is Sybil Resistance in Blockchain? Understanding Sybil Attacks
Sybil attacks undermine the integrity and security of blockchain networks. This article explores what is Sybil resistance, its consequences, and mitigations.
EIP 3664 - The full guide to advanced NFT properties
EIP 3664 extends NFT standards to enable customizable, interoperable, and evolvable NFT attributes. You'll learn how to use it, how it works, and its ecosystem impact.
How did the Euler Finance hack happen? - Full Hack Analysis
Euler Finance was hacked for ~$200M due to a missing check on the liquidity status. We explore a step by step of how this attack happened, including a proof of concept.
Smart Contract Fuzz Tests Using Foundry | Full guide (updated)
Learn how to write Solidity smart contract fuzz tests (fuzzing) using the Foundry framework. Write tests, use prank addresses, and execute them using forge.
What is the Elliptic Curve Digital Signature Algorithm? - ECDSA Signatures
The Elliptic Curve Digital Signature Algorithm (ECDSA) is based on Elliptic Curve Cryptography (ECC) and is used to generate keys, authenticate, sign, and verify messages
What Is Blockchain Interoperability: A Complete Guide
Learn what blockchain interoperability is and why it matters. Discover how leading protocols combine its core components to deliver value across industries.
7 Tips To Transition from Cybersecurity to Blockchain Security Researcher
Explore 7 tips to transition from traditional cybersecurity into blockchain security research. Get tips for navigating the industry and maximizing your opportunity.
Introducing Aderyn's Language Server: Elevating Solidity Security with Real-time Feedback
Aderyn's Language Server elevates Solidity developers' experience by providing real-time security diagnostics and coding best practices in any code editor.
Flash loans are unique financial products, only available in DeFi. This blog post will teach you what a flash loan is, how it works, and what it can be used for.
A Full Comparison: What are Fraud Proofs and Validity proofs?
Fraud proofs and validity proofs are both used by rollups to check the validity of transactions. Delve into their differences, functions, and advantages and disadvantages
Explore ZK and Succinct rollups. Answer the questions: what are ZK rollups, how do they work, and why are they considered the future of Ethereum scaling?
What is a Zero-Knowledge Proof | A Practical Guide for Programmers
What is a zero-knowledge proof (ZKP) and how do they work? Explore ZKPs, survey mathematical ZKPs, and understand what programmers need to know to implement them.
Top 10 Solidity interview questions to help you prepare for your next Solidity technical initerview. Join your dream team as a smart contract developer!
Hackathon 101: How to Prepare for a Web3 Hackathon and Be Successful
Discover how to prepare for a Web3 hackathon—from selecting the right event to building a team and managing deadlines—to boost your skills and maximize your fun.
Five Beginner Solidity Projects to Build a Developer Portfolio
Build your Solidity developer portfolio with 5 beginner projects, including crypto lotteries and DAOs. Master smart contracts and excel in the Web3 job market.
Cyfrin To Support Soneium As Ecosystem Security Provider
Cyfrin supports Soneium as ecosystem security partner for their public blockchain ecosystem. Read more about the collaboration and what it means for security.
5 Web3 Development Tools to Make Building dApps Easier
Build dApps faster with Web3 tools like Chainlink, Alchemy, and Thirdweb. Use pre-built components and trusted resources for secure, scalable projects.
Learn what Soulbound Tokens (SBTs) are, their differences from NFTs, and explore use cases like digital identity and certifications with insights into ERC-5114 and ERC-54
Learn to implement Permit2, the token approval system compatible with all ERC-20 tokens that streamlines user experience and reduces their economic burden.
What is Solidity Programming Language: A Complete Guide
Solidity is a high-level programming language designed for writing smart contracts. It is the standard for smart contract development on most EVM-compatible blockchains.
Introduction to Ethereum Improvement Proposals (EIPs)
Cyfrin's Iintroduction to Ethereum improvement proposals (EIPs). A guide to understanding what they are, how they work, and their importance to the Ethereum ecosystem.
What is a Merkle Tree, Merkle proof, and Merkle Root
Deep dive into a Merkle Tree's data structure and how Merkle proofs prove data is there. Answer the question: What is a Merkle Tree, Merkle Proof, and Merkle Root?
Blockchain technology opens new avenues of commerce and asset ownership. It also comes with a lot of hype. What are the real use cases for blockchain technology?
Introducing Hooks into DEX Liquidity Pools ushers in a new era of customization. Discover how they add functionality, reduce risk, and increase potential rewards.
Ethereum Distributed Validator Technology (DVT) - Full Introduction
Learn about Distributed Validator Technology (DVT) and how it can increase the Ethereum's decentralization, make staking more appealing, and increase network security.
A completely redesigned competitive smart contract security audit platform with new features and functionality, improved processes, and industry-leading usability.
How to fix ‘Data location must be memory or calldata‘ | Where can the EVM read and write data?
Learn where the EVM can read and write data, what calldata, memory, and storage are, and the best practices to know when writing your solidity or Vyper smart contracts
What is a Blockchain Beacon Chain: The Foundation for Ethereum 2.0
The beacon chain is a fundamental component of Ethereum 2.0, designed to enhance scalability, security, and efficiency by transitioning from a proof of work (PoW) to a pr
Tokenized RWAs are real-world assets represented as tokens on the blockchain. Learn what crypto RWAs means, how they work and the list of projects to keep an eye on.
What is EIP-4844? Proto-Danksharding and Blob Transactions Explained
What is the EIP-4844? Learn what proto-danksharding and blobs are, how they work, and how to send your first blob transaction using the new Ethereum improvement proposal
Proof of Stake (PoS) Vs Proof of Work (PoW) - The Full Comparison
In this guide, we explore what are the differences between Proof of Work (PoW) and. Proof of Stake (PoS), two Sybil resistance mechanisms used in blockchain networks.
What Are Blockchain Rollups? A Full Guide to ZK and Optimistic Rollups
What are crypto blockchain rollups? Learn everything you need to know about optimistic and zero-knowledge based rollups, how they work, and their differences.
Cyfrin Launches Smart Contract Courses and Security Audits to Support Projects and Developers on zkSync
Cyfrin supports projects and developers on zkSync in accessing high-quality public and private audits as well as top-notch smart contract development and security courses
What is a Layer 1 Blockchain? A Comprehensive Guide to L1s
An L1, or Layer 1 blockchain, refers to the base layer of a blockchain ecosystem. Learn everything you need to know about what are layer 1 blockchains and how they work.
Blockchain Architecture Layers: Guide and Topology
Learn the intricacies of blockchain architectures like Ethereum and Bitcoin, broken down into easy-to-understand pieces. From functional layers to layers 1 and 2.
Find Vulnerabilities in Your Solidity Codebase Using Cyfrin Aderyn
Open-sourced Rust-based Smart Contract static analyzer designed to help protocol engineers and security researchers find vulnerabilities in Solidity code bases
The ABI of a smart contract is an acronym for the “Application Binary Interface.” It defines the standard way to interact with contracts in the Ethereum ecosystem;
A comprehensive guide to Ethereum Blockchain Testnets
What is an Ethereum blockchain testnet? Learn everything you need to know about crypto testnets, faucets and how blockchain test networks work in this comprehensive guide
A cold storage crypto wallet is a type that isn’t connected to the internet and is less likely to be exposed to online threats like malware or phishing attacks.
The Full Guide on Reentrancy Attacks in Solidity Smart Contracts
What is a Reentrancy Attack in Solidity smart contracts? Learn how blockchain reentrancy attacks work and how to protect your smart contracts from them.
5 Best Courses To Learn Solidity From Scratch - For Free
The best smart contract development courses, boot camps, certifications, and resources to learn Solidity development from scratch and kickstart your career for free.
10 Steps to Systematically Approach A Smart Contract Audit
In this article, we will go through 10 key steps to systematically approach a smart contract audit, independently of code size or complexity, as security researchers.
On March 5th 2024, WOOFi’s synthetic proactive market making (sPMM) algorithm that controls the pricing of WOOFi Swaps was exploited on Arbitrum for $8.6M. Here's how.
Seneca Protocol is a decentralized finance product which was exploited for $6million. Here is how it happened, a proof of concept, and how to mitigate it.
What is Sybil Resistance in Blockchain? Understanding Sybil Attacks
Sybil attacks undermine the integrity and security of blockchain networks. This article explores what is Sybil resistance, its consequences, and mitigations.
EIP 3664 - The full guide to advanced NFT properties
EIP 3664 extends NFT standards to enable customizable, interoperable, and evolvable NFT attributes. You'll learn how to use it, how it works, and its ecosystem impact.
How did the Euler Finance hack happen? - Full Hack Analysis
Euler Finance was hacked for ~$200M due to a missing check on the liquidity status. We explore a step by step of how this attack happened, including a proof of concept.
Smart Contract Fuzz Tests Using Foundry | Full guide (updated)
Learn how to write Solidity smart contract fuzz tests (fuzzing) using the Foundry framework. Write tests, use prank addresses, and execute them using forge.
What is the Elliptic Curve Digital Signature Algorithm? - ECDSA Signatures
The Elliptic Curve Digital Signature Algorithm (ECDSA) is based on Elliptic Curve Cryptography (ECC) and is used to generate keys, authenticate, sign, and verify messages
Learn what is a smart contract security audit, and how a time-boxed security-based code review on a smart contract or protocol helps enhance their security
Smart contracts have been tested and audited, but are they truly bulletproof? When you think your code is secure, an attacker might exploit a vulnerability that you
Smart Contract Formal Verification and Symbolic Execution Testing
We look at formal verification & symbolic execution with two Trail of Bits Web3 security team members. Additionally, we review the value these techniques bring and compar
Today, we are excited to announce that we have taken a significant step towards achieving this goal by acquiring Solodit, a powerful tool committed to...
If you want to debug your code using AI, this is the place to learn the 7 steps to debug anything using AI-assisted code debugging, broken down in 7 easy steps.
Top 10 smart contract auditing companies and services
There are many smart contract auditing companies and services that can provide the best solutions for your audit. Find the best smart contract security auditors this year
With an average of $105k per year, smart contract auditor salaries range between $33k and $200k, recently rising as blockchain protocols demand more security,
The full blockchain developer roadmap to bring you from beginner to advanced with the world's top courses and smart contract development resources- completely free.
Competitive vs Private Audits - Pros and Cons | The full comparison
Competitive vs private audits? In this guide, you will learn when and how to decide which smart contract security audit type is the best for your protocols.
Top 5 Web3 Developer Tools | Languages, frameworks, and security
Top tested industry-leading web3 development tools for blockchain and smart contract developers to help you speed up your workflows and allow you to code.
How to become a Smart Contract Auditor | Full Roadmap
Learn how to become a smart contract auditor (security researcher) and kickstart your career from this full roadmap with the best resources and courses in web3
