INTERMEDIATE

Web3 Security & Auditing

The attacker's playbook and the auditor's methodology — reentrancy, oracle manipulation, access control failures, signature exploits, and governance attacks. Develop the threat-modelling mindset to read, audit, and harden production smart contracts.

14 hours$69 USDC to certifyOff-chain credential

Start learning

Curriculum

The Attacker's Mindset

Why smart contracts get hacked, how exploit developers think, and how to read the historical hack record to extract reusable security intuitions.

Why Smart Contracts Get Hacked25 min
Anatomy of an Exploit30 min
Reading the Hack Record35 min · 1 assessment(s)

Reentrancy & Control Flow

Classic and advanced reentrancy — single-function, cross-function, cross-contract, and read-only — with the full toolbox of defences including checks-effects-interactions and transient storage.

Classic Reentrancy35 min
Advanced Reentrancy Patterns40 min
Reentrancy Defences35 min · 1 assessment(s)

Arithmetic & Logic Bugs

Integer overflow and underflow, precision loss from integer division, and price oracle manipulation — the numerical attack surface that has drained billions from DeFi protocols.

Integer Overflow & Underflow30 min
Rounding, Precision & Truncation35 min
Price Oracle Manipulation40 min · 1 assessment(s)

Access Control & Authentication

Missing access controls, initializer vulnerabilities, tx.origin confusion, signature replay attacks, and governance flash-loan exploits — the authentication failures behind the largest DeFi hacks.

Access Control Failures35 min
Signature Replay & Malleability35 min
Governance & Flash Loan Attacks40 min · 1 assessment(s)

Audit Methodology & Capstone

The professional auditor's workflow — scope, threat modelling, manual review, automated tooling, and a capstone challenge to audit and fix a deliberately vulnerable DeFi protocol.

Audit Methodology40 min
Audit Tools & Testing40 min · 1 assessment(s)
Capstone: Audit a DeFi Lending Protocol90 min · 2 assessment(s)