Secereum - Audit Techniques and Tools 101 (Ethereum Smart Contract Security)

Join me on this journey from Web3 security n00b to slightly above n00b.

This is part 4 of a multipart video series to document my public learning journey… First we start with the Secereum - Smart Contract Auditing Boot-camp.

Today's episode… Audit Techniques & Tools 101

My digital dumping ground - dylandavis.net

Additional Resources
Audit Techniques & Tools 101 - https://secureum.substack.com/p/audit...
OpenZeppelin Contracts - https://docs.openzeppelin.com/contrac...
Smart Contract Live Review with Mudit Gupta -    • Auditing Smart Contracts - Security R...  
Symbolic Checking Lecture -    • Symbolic Execution and Model Checking...  
Slither (static analysis) - https://github.com/crytic/slither
Formal Verification (Cardano video) -    • Cardano Blackboard Series #12: What i...  
Solidity Visual Developer - https://marketplace.visualstudio.com/...
Xkcd explained (funny dependency graphic) - https://www.explainxkcd.com/wiki/inde...


Timeline
00:00 - Intro and Preface
01:30 - Audit Techniques Intro
02:07 - Audit Techniques (Spec/Doc analysis)
03:46 - Audit Techniques (review tests)
05:08 - Audit Techniques (static analysis)
06:42 - Audit Techniques (fuzzing)
07:40 - Audit Techniques (symbolic checking)
09:15 - Audit Techniques (formal verification)
11:10 - Audit Techniques (manual analysis)
12:53 - Auditing Firms
13:47 - Audit Process Intro
15:51 - Audit Process (Read Docs/Specs)
17:47 - Audit Process (call a friend)
20:19 - Audit Process (writing report)
21:27 - Audit Process (present findings)
22:40 - Manual Analysis Intro
24:37 - Manual Analysis (Access Control)
26:39 - Manual Analysis (Asset Flow)
27:45 - Manual Analysis (Control Flow)
30:14 - Manual Analysis (Data Flow)
32:22 - Manual Analysis (Constraints)
33:51 - Manual Analysis (Dependencies)
35:08 - Manual Analysis (Assumptions)
37:33 - Manual Analysis (Checklists)
38:25 - Outro