Curated Web3 security learning hub by Raiders0786 / DigiBastion for smart contract auditors and protocol teams: roadmaps, audit tools, public reports, fuzzing, formal verification, AI-assisted workflows, offchain security, incident response, compliance, and launch checklists.
This repository is no longer a giant bookmark dump. It is a GitHub Pages knowledge base for people who want to learn, audit, build, launch, investigate, and operate Web3 systems safely.
Best experience: Browse the full mapped site with roadmaps, resource pages, diagrams, and maintained links: raiders0786.github.io/web3-security-resources
| Goal | Best entry point |
|---|---|
| I am new to Web3 security | Start From Zero |
| I want to become an EVM auditor | Solidity/EVM Auditor |
| I want to become a smart contract auditor who stays relevant with AI | AI-era Smart Contract Auditor |
| I audit Solana programs | Rust/Solana Auditor |
| I work on Move, Cairo, or ZK systems | Move, Cairo/Starknet, ZK Security |
| I run security for a protocol | Protocol Security Engineer |
| I secure a Web3 frontend or app stack | Full-Stack Web3 Security |
| I want AI-assisted audit workflows | AI-Assisted Auditor |
| I want tools by analysis method | Analysis Methods |
| I want offchain or compliance coverage | Offchain Security, Compliance & Investigations |
- Smart contract auditing across Solidity/EVM, Solana/Rust, Move, Cairo/Starknet, and ZK.
- Static analysis, fuzzing, invariant testing, symbolic execution, formal verification, and dynamic analysis.
- AI-assisted auditing with benchmark caveats and verification-first workflows.
- Public reports, vulnerability intelligence, CTFs, exploit reproduction, and research.
- Frontend, DNS, wallet UX, API, cloud, CI/CD, dependency, and supply-chain security.
- Monitoring, incident response, investigations, compliance, sanctions/AML tooling, and launch readiness.
- OWASP Smart Contract Top 10 2026
- OWASP Smart Contract Security Verification Standard
- OpenZeppelin Readiness Guide
- SEAL Frameworks
- Solodit
- DeFiHackLabs
- Pashov AI Web3 Security
- TestMachine EVMbench
- DigiBastion Threat Intel
- VANTAGE by DigiBastion
- Must learn: Foundational resources worth studying deeply.
- Use in real audits: Tools and references that repeatedly help on live work.
- Situational / advanced: Specialized material for specific systems or risks.
- Paid / certification: Useful but not required; cost or access may limit use.
- Watchlist: Promising, niche, or changing quickly; verify before relying on it.
This is an educational resource hub. Links, listings, categories, tiers, summaries, and mentions are not endorsements by Raiders0786, DigiBastion, maintainers, contributors, or this project.
Third-party resources can change without notice. Verify tools, firms, projects, courses, reports, datasets, dependencies, and services before relying on them, especially before running anything against sensitive code or infrastructure. Nothing here is legal, financial, investment, compliance, or professional security advice. See the full site disclaimer.
Maintained by Raiders0786 / DigiBastion.
- X: @__Raiders
- Telegram: t.me/raiders0786
- DigiBastion: digibastion.com
- DigiBastion Threat Intel: daily, weekly, or immediate alerts
- VANTAGE: vantage.digibastion.com
pip install -r requirements.txt
mkdocs serve
mkdocs build --strictThe deployed site is configured for:
https://raiders0786.github.io/web3-security-resources/
Deployment uses GitHub Actions. If Pages deployment reports that the Pages site
does not exist, configure the repository under Settings -> Pages -> Build and deployment -> Source -> GitHub Actions; the workflow also asks GitHub to enable
Pages automatically.
Please read CONTRIBUTING.md. New resources must include a title, URL, category, why it matters, free/paid status, and last verified date. This project favors high-signal curation over exhaustive indexing.