Last year I built Solidity fundamentals into practice: multisig wallets, DAO governance, AMM pools, and more.
This year I’m focusing on security and advanced Foundry techniques with @CyfrinUpdraft .
Grateful for mentors who teach depth over hype. @PatrickAlphaC
Starting today, I’m going full monk mode on the @CyfrinUpdraft Advanced Foundry course.
No distractions, no shortcuts just focus, practice, and mastery.
Roadmap 1.0 complete. Updates off socials while I go all in.
Completed a full practice audit of the Vault Guardian protocol as part of
@CyfrinUpdraft
Findings:
5 High
1 Medium
2 Low
7 Informational
Most issues stemmed from business logic and economic assumptions, not syntax-level bugs around protocol invariants #Audit#Solidity
Starting tomorrow, I’ll be auditing the Vault Guardian project from @CyfrinUpdraft
If anyone wants to join, feel free to hop in let’s walk through the codebase together, share findings, and sharpen our audit skills as a group.
After months of intense building, I’m finally starting to understand why @CyfrinUpdraft pushes you to build safely even as a beginner.
Learning security changes how you think about code.
You don’t just make it work… you make it hard to break. 🔐🚀
Started the @CyfrinUpdraft security course this week.
Time to move beyond just building protocols to and start thinking like an attacker.
Let’s see how many assumptions I’ve been getting away with.
big thanks to @PatrickAlphaC and the Cyfrin team.
Just finished building a V2 style AMM.
Learned how constant product math behaves in practice, how rounding errors affect swaps, how storage slot layout impacts safety, and how @Uniswap handled overflow before Solidity made checks default.
Next: @CyfrinUpdraft security course.
Just finished building a V2 style AMM.
Learned how constant product math behaves in practice, how rounding errors affect swaps, how storage slot layout impacts safety, and how @Uniswap handled overflow before Solidity made checks default.
Next: @CyfrinUpdraft security course.
Been reading the @Uniswap V2 source code before building my own AMM pool.
The math is elegant. The gas optimisation is ruthless.
Every line has a reason. Nothing is accidental.
Now it's time to build.
#Solidity#DeFi#BuildInPublic
Been reading the @Uniswap V2 source code before building my own AMM pool.
The math is elegant. The gas optimisation is ruthless.
Every line has a reason. Nothing is accidental.
Now it's time to build.
#Solidity#DeFi#BuildInPublic
Protocol milestone update: just finished building a COLLATERALISED STABLECOIN SYSTEM.
This time I moved beyond targetContract fuzzing to selector level fuzzing, which exposed edge cases I would’ve otherwise missed.
Next stop: AMM Pool -> security course
#Solidity
Protocol milestone update: just finished building a COLLATERALISED STABLECOIN SYSTEM.
This time I moved beyond targetContract fuzzing to selector level fuzzing, which exposed edge cases I would’ve otherwise missed.
Next stop: AMM Pool -> security course
#Solidity
Built a cross-chain bridge from scratch lock & mint, off-chain relayer, full test suite.
Biggest lesson: most bridge hacks are access control failures, not reentrancy.
Next up: collateralised stablecoin.
#Solidity#Web3Security#BuildInPublic
Built a cross-chain bridge from scratch lock & mint, off-chain relayer, full test suite.
Biggest lesson: most bridge hacks are access control failures, not reentrancy.
Next up: collateralised stablecoin.
#Solidity#Web3Security#BuildInPublic
Building a cross-chain bridge taught me most bridge hacks are not reentrancy or oracle manipulation they are access control failures. Ronin. Wormhole. Nomad. Multichain.
Same pattern every time.
Still building.
#Solidity#Web3Security#BridgeSecurity
@dev_lawal Instead of exploiting smart contract code directly attackers found ways to call privileged functions they should never have had access to.
Ronin compromised validator keys gave attackers signing authority
Wormhole mint function was callable without going through the bridge
@dev_lawal Challenging but rewarding. Built it without relying on CCIP or LayerZero
tools: Solidity, Foundry, OpenZeppelin, Ethers.js for the off chain relayer.
Hardest part was getting the access control and message verification right which is exactly where most real bridge hacks happen
Building a cross-chain bridge taught me most bridge hacks are not reentrancy or oracle manipulation they are access control failures. Ronin. Wormhole. Nomad. Multichain.
Same pattern every time.
Still building.
#Solidity#Web3Security#BridgeSecurity
on my cross-chain bridge
Read the Chainlink CCIP and LayerZero docs then decided not to build on either.
Not because they are bad because I want to feel the pain of the messaging problem myself before using their solution
trying to understand how they break without safety net
on my cross-chain bridge
Read the Chainlink CCIP and LayerZero docs then decided not to build on either.
Not because they are bad because I want to feel the pain of the messaging problem myself before using their solution
trying to understand how they break without safety net
Finished my lending & borrowing protocol from scratch. RoadMap2.0 project 1 ✅
What building this taught me:
Bad debt & protocol insolvency
Ghost variables in invariant testing
Liquidation math & health factors
ERC20 hooks & flash loan attacks
Fuzz ordering with targetSelector
Been on my lending protocol for week from scratch to learn smart contract security Today the fuzzer humbled me: found bugs unit tests completely missed learned ghost variables to track off-chain state used targetSelector to weight fuzzer toward realistic sequences
#solidity
@CryptoInteay67@CyfrinUpdraft@PatrickAlphaC @RockoFinance Thanks. learned it the hard way invariant testing broke my pool and forced me to understand the economic logic deeply. No shortcut for that one.
Been on my lending protocol for week from scratch to learn smart contract security Today the fuzzer humbled me: found bugs unit tests completely missed learned ghost variables to track off-chain state used targetSelector to weight fuzzer toward realistic sequences
#solidity
Spent the whole day fuzzing my liquidation logic.. turns out my liquidator is underprofiting
Fuzz testing doesn’t lie it broke my math and exposed how tiny mistakes in HF & bonus calculations can silently ruin profits.
Smart contract dev is brutal, but that’s why we test.