1-Introduction | 2-Best Practices | 3-Development | 4-Auditing


This document is a work in progress. It is meant to be a guide to understanding and implementing security in the context of Web3, Blockchain, Smart Contracts and Cryptocurrency.

Target Audience

Anyone interested in gaining a greater understanding of security as it pertains to Web3, Blockchain, Smart Contracts and Cryptocurrency can find value in this guide. That includes:

  • Software Developers
  • Security Researchers
  • Software Architects
  • Information Technology Professionals
  • Executives and Managers
  • Investment Analysts

Focus and Scope

The first section should be accessible to anyone with IT or technology experience. The second section starts to become more technical. An effort is made to make all the content accessible to as many people as possible by (eventually) providing links and suggestions in areas where more information is required.

Nonetheless, it is impossible to avoid the inevitable narrowing of audience focus as things progress. Again, the idea is to provide as much as possible so that section by section while keeping the requirement for previous technical experience as low as possible. The third section begins to steepen as we begin a deeper dive into the programmatic aspects of Smart Contract security. Things become more technical still in our fourth section as we discuss the process of auditing Smart Contracts.

Layout and Organization

The book can be read through serially but it is also arranged to be accessed in an ad-hoc fashion with each section and subsection standing alone. If you are familiar with Smart Contracts and the basics of Web3 you will may find section 1 “Intro to Web3 Security” is redundant.

Each major section is broken down into multiple subsections that contain multiple parts with covering particular subjects.

The focus on Web3 Security and this site favors security concerns over other aspect of developing smart contracts or creating projects, subjects that are covered in-depth by many others.

Process and Publication

This a working draft that is actively being developed. It is meant to offer resources for those interested in Web3 Security. We welcome corrections, updates and additions from those who wish to contribute. Issues and changes can be made in the repository


Creative Commons BY-NC-ND 4.0(https://creativecommons.org/licenses/by-nc-nd/4.0/)

And thanks for all the fish…

Thanks to all who’ve contributed and inspired.