Curated Web3 Security Resources

As I dive deeper into Web3 security and smart contract auditing, I keep finding high-value resources that I want to revisit, but they quickly pile up and get lost in bookmarks.
Instead of letting them scatter across different folders, I’m compiling them here in one place — for my own learning path, and to keep track of what I want to explore.

These links cover everything from foundational knowledge to official guides, CTF challenges, and core documentation that aligns with the learning paths recommended by top audit firms. I’ll come back to check them, work through them one by one, and update the list as I go.

Curated Links

• Smart Contract Auditor Mind Map
• Ethereum is a Dark Forest
• Trail of Bits Secure Contracts Guide
• Building Secure Contracts(GitHub Source & Practice Code)
• Ethereum Official Documentation
• Ethereum Yellow Paper
• Ethereum Yellow Paper (Chinese Version)
• Mastering Ethereum (Open-Source Book)
• Mastering Ethereum 2nd Edition
• uniswapV3-book-zh-cn
• Mastering Bitcoin (Open-Source Book)
• Mastering Bitcoin Online Reading
• How Crypto Actually Works
• Neodyme Workshop
• Formal Verification: The Ultimate Form of Software Development (Vitalik 2026)
• OpenZeppelin Ethernaut CTF
• CaptureTheEther CTF
• CryptoZombies Solidity Tutorial
• Damn Vulnerable DeFi (DeFi Security CTF)
• Trail of Bits CTF
• Solodit - Audit & Bug Database
• Art of Auditing
• yaudit.dev Blog
• Asymmetric Research Blog
• Ventral Digital (Patrick D)
• rareskills Blog
• Hexens Blog
• The Red Guild Blog
• Introduction to Modern Cryptography (Katz/Lindell)
• A Graduate Course in Applied Cryptography (Boneh/Shoup)
• Real-World Cryptography (David Wong)
• Cryptographic Right Answers (Latacora 2018 Update)
• CryptoBook - Cryptography Learning Materials
• CryptoHack (Cryptography CTF Platform)
• CryptoPals (Cryptography Challenges)
• Berkeley Zero Knowledge Proof MOOC(Spring2023, full open lecture/slide/lab)
• How to Become a Smart Contract Auditor (cmichel)

Interview & Preparation Resources

• 50 Web3 Technical Interview Questions (Solidity, DeFi, Security)
• Blockchain Developer Skill Test (Solidity, Ethereum, NFT, OpenZeppelin)
• Trail of Bits Blog (Security Research, Tools, Audits)
• Trail of Bits Publications & Research Library
• Trail of Bits Hiring Process (Official)
• Pashov Audit Group (Top Independent Web3 Security Audits)

Bug Bounty

• Immunefi (Web3 Bug Bounty & Leaderboard)
• Sherlock (Competitive Web3 Audit & Bounty)
• Code4rena (Smart Contract Audit Contests)
• HackerOne (Global Web2 & Web3 Bug Bounty)
• Bugcrowd (Enterprise & Web3 Security Bounty)
• HackenProof (Web3 Focused Vulnerability Bounty)
• BBRadar
• DailyWarden (Web3 Security Contest Aggregator)