// the find
Cyfrin/security-and-auditing-full-course-s23
The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created.
A structured learning repository for becoming a smart contract security auditor, covering reentrancy, weak RNG, arithmetic bugs, oracle manipulation, proxy storage collisions, MEV, and more. It's a companion to a 50+ hour video course on Cyfrin Updraft, not a standalone read-the-README experience. Aimed at Solidity developers who know the basics and want to go professional in web3 security.
Progression is well-designed — starts with trivial access control bugs and builds to governance attacks and MEV, so you actually develop intuition rather than memorizing a checklist. Each audit section has a dedicated repo with intentionally buggy contracts, which is far more useful than hypothetical examples. Coverage of tooling is practical and current: Slither, Aderyn, Foundry fuzzing, Echidna, Certora — not just theory but shown in context of real audit workflows. The emphasis on invariant testing and stateful fuzzing (T-Swap section) teaches the mindset shift that separates competent auditors from tool-runners.
The repo itself is mostly a README and images — the actual contract code lives in seven separate repos you have to clone individually, which makes it awkward to work through offline or reference later. No guidance on reading Solidity assembly beyond a single bridge section, so the Yul/assembly coverage is thin relative to how often it matters in real audits. The course targets Ethereum/EVM and doesn't touch Solana, CosmWasm, or Substrate at all — a real gap as audit work has diversified. NFT completion badges are a gimmick that adds noise to the README without adding value.