Smart contract security from threat model to audit report. Every task: REPRODUCE the bug → PATCH the contract → VERIFY with a Foundry invariant.
This is the course for builders who want to defend (and audit) smart contracts. Every module covers a vulnerability family with the same structure: see the real-world hack, build a Foundry test that reproduces it, apply the canonical fix, then write an invariant test that catches regression. By the end you can read an open-source DeFi protocol and produce a senior-grade audit report. Covers the canonical vulnerability families: reentrancy (single, cross-function, read-only, cross-contract), access control and initialization, arithmetic and rounding, external calls and DeFi composability, oracle manipulation and flash loans, MEV (frontrunning, sandwich, JIT), bridges, gas and DOS, and audit methodology with Slither, Echidna, Foundry, and Halmos. Five capstones (you pick one): exploit + patch all 14+ challenges in Damn Vulnerable DeFi, build + exploit a flash-loan attack on a toy lending pool you control, write Echidna invariants that catch overflow + reentrancy + access-control bugs across three contracts, conduct a full audit of an open-source DeFi protocol with a real report, or design + build an oracle-manipulation-resistant price feed with formal proof of safety. Anchored in real CVEs (The DAO, Cream, Parity, BeautyChain, Wormhole, Nomad, Ronin, Curve, Euler), and the canonical references (Solodit, Trail of Bits, OpenZeppelin, Code4rena, Damn Vulnerable DeFi).
Built by Lakshya Kumar
Paste this into any AI chat. Fill in the bracketed parts with your context — you'll get back a straight answer on whether this belongs on your plate.
We grant free access case-by-case — students, career-switchers, builders on a tight budget. Sign in to send us a note.
Sign in to applyComplete all modules, then submit the required number of capstone projects. Each must earn a passing rating from an admin reviewer.
Complete the 14+ challenges in Damn Vulnerable DeFi end-to-end. For each: produce the exploit transaction in Foundry, the canonical fix, and an invariant test that proves the fix holds across 100k fuzz rounds. Submit the Foundry repo with all challenges passing.
In Foundry, build a toy lending pool that prices collateral via a single Uniswap V2 pool. Build an attacker that uses an Aave flash loan + single-swap manipulation to over-borrow + exit profitably. Apply the canonical fix (TWAP + Chainlink fallback). Add invariants proving the patched version is safe against any flash-loan-funded transaction sequence.
I am learning smart contract security and pentesting — threat modeling for smart contracts, reentrancy (single, cross-function, read-only, cross-contract), access control and initialization, arithmetic and rounding errors, external calls and DeFi composability, oracle manipulation and flash-loan attacks, MEV (frontrunning, sandwich, JIT), cross-chain bridge attacks, gas and DOS attacks, and audit methodology with Slither / Echidna / Foundry / Halmos. Every concept I learn is paired with: how to reproduce the bug in Foundry, how to apply the canonical fix, and how to write an invariant test that catches regression. Help me work through the actual mechanics with reference to real CVEs (The DAO, Cream, Parity, Wormhole, Nomad, Ronin, Curve, Mango, Euler), real audit reports (Trail of Bits, OpenZeppelin, Spearbit), and real tooling.
Write Echidna invariants for three vulnerable contracts (each demonstrating: overflow, reentrancy, access-control bug). Tune Echidna config to find each bug in <10 minutes. Apply fixes; verify invariants pass on patched versions. Deliverable: the contracts + invariant suites + a 1-page note on Echidna's strengths vs Foundry invariant tests.
Pick an open-source DeFi protocol (e.g., a smaller-TVL Uniswap V2 fork, a lending market, a vault). Conduct the full audit workflow: protocol understanding, manual review, Slither + Echidna + Foundry invariants. Produce a professional audit report (~10-20 pages) following the Trail of Bits / Spearbit format. Findings should include severity, reproduction, impact, recommendation, and references.
Design and build a price-feed contract that combines: Chainlink primary + Pyth secondary + Uniswap V3 TWAP tertiary; cross-source divergence detection with circuit breaker; staleness checks; governance-pause + emergency-override. Prove safety against flash-loan-funded manipulation with invariant tests. Deliverable: the contract, test suite, and a design document explaining the threat model + defences.
Searchable index of every public audit finding across major firms.