Secureum Part 6: Audit Techniques & Tools 101

Content

1. Article on "Audit Techniques & Tools 101": https://secureum.substack.com/p/audit-techniques-and-tools-101
2. YouTube videos on "Audit Techniques & Tools 101":
   1. Block 1: https://youtu.be/M0C7z3TE5Go
   2. Block 2: https://youtu.be/QstpNY1IuqM
   3. Block 3: https://youtu.be/QmD2bJUe140
   4. Block 4: https://youtu.be/jZ81ebDJVe0
   5. Block 5: https://youtu.be/dgITqd3mkDk

Assignments

1. Read:
   1. How to Prepare for a Smart Contract Audit
   2. What is a Security Audit, When You Should Get One, and How to Prepare
   3. 246 Findings From our Smart Contract Audits: An Executive Summary
2. Run MythX (Use promotion code: redacted) on Fei Protocol contracts and analyze the reported findings: https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts
3. Run Slither on Uniswap V3 contracts and analyze the reported findings: https://github.com/Uniswap/uniswap-v3-core/tree/main/contracts
4. Watch “The Evolution of Smart Contract Security” by Dan Guido, Trail of Bits: https://www.youtube.com/watch?v=fOkQuNzVn_Q
5. Attempt Paradigm CTF: https://github.com/paradigm-operations/paradigm-ctf-2021

Thoughts

• Jokes aside, this was an entertaining chapter! I really liked the list of audit firms (I will repost them in a separate article) + an overview of all the security tooling one can use. It is a daunting overview to say the least, but such is life. Security is complex, and in such a fast-paced, emerging technology field it's to be expected that there is a exponential growth in supporting security tools.
• I might publish some articles with how-to's on each tool, that's perhaps helpful for 1/ myself and 2/ other people dipping their toes in smart contract security audits.