// Master index for the web3 smart contract security knowledge base. Use this to navigate the skill chain. Read files in order — each ends with NEXT.
| name | web3-start-here |
| description | Master index for the web3 smart contract security knowledge base. Use this to navigate the skill chain. Read files in order — each ends with NEXT. |
Built from: 2,749 Immunefi reports + 100+ paid writeups + DeFiHackLabs (681 hacks) + ConsenSys + SlowMist + Trail of Bits + Foundry + Nethermind + Lido + AI agent research + live hunt experience
00-START-HERE.md ← YOU ARE HERE
01-foundation.md ← Mindset, target selection, recon setup
02-bug-classes.md ← All 10 bug classes with patterns + real examples
03-grep-arsenal.md ← Master grep patterns for every class
04-poc-and-foundry.md ← Foundry PoC writing, cheatcodes, 18 exploit templates
05-triage-report-examples.md ← 7-Question Gate, report format, 20 real paid examples
06-methodology-research.md ← ToB, SlowMist, ConsenSys, Immunefi, Cyfrin, Lido, Nethermind
07-live-hunt-ern.md ← Completed hunt: Ern protocol (2 findings)
09-live-hunt-zksync.md ← Completed hunt: ZKsync Era (0 findings — defense study)
08-ai-tools.md ← Shannon, LuaN1ao, SmartGuard, CAI Framework, AI code hunting
36-solidity-audit-mcp.md ← MCP server: Slither+Aderyn+SWC in Claude Code
| Metric | Number |
|---|---|
| Immunefi reports analyzed | 2,749 |
| Protocols covered | 51 |
| Critical reports | 406 |
| High reports | 616 |
| Total paid by Immunefi | $100M+ |
| Avg critical payout | $50K–$2M |
| Nethermind reports analyzed | 166 |
| DeFiHackLabs hacks reproduced | 681 |
"Read ALL sibling functions. If
vote()has a modifier, checkpoke(),reset(),harvest(). The missing modifier on the sibling IS the bug."
This single rule explains 19% of all Critical findings.
→ NEXT: 01-foundation.md
Bug triage validation system, Immunefi report format, and 20 real paid bounty examples dissected. Use this when validating a finding before submitting, writing an Immunefi report, checking if a bug is actually valid, or studying real examples of paid vulnerabilities.
MCP server integrating Slither + Aderyn + SWC patterns into Claude Code for smart contract auditing. Use when analyzing Solidity files, running DeFi-specific detectors, or generating invariants. 10 MCP tools, 86 SWC detectors, DeFi preset pack, CI/CD workflow.
Complete Foundry PoC writing guide + all cheatcodes + DeFiHackLabs reproduction patterns. Use this when building a proof of concept exploit, setting up a fork test, using Foundry cheatcodes, or reproducing a known DeFi hack for learning.
External research synthesis from Trail of Bits, SlowMist, ConsenSys, Immunefi, and Cyfrin. Use this for advanced audit methodology, Echidna/Medusa fuzzing setup, Slither custom detector writing, attack pattern deep dives, or the 4-phase learning roadmap.
ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10 bug classes, and when to abandon a target. Contains architecture breakdown, 25 tested attack vectors, and pre-dive scoring refinements for large L1 bridge protocols.
Hunter mindset, recon setup, and target scoring for Web3 bug bounty. Use at the START of any new protocol hunt - scoring targets, setting up environment, understanding architecture.