Practice smart contract security audits written against real-world protocols from past Code4rena and CodeHawks contests. Vulnerabilities in these reports are already known and fixed — this repo documents my process of independently finding, reproducing, and reporting them.
Security auditing is a skill built through repetition. Each report here represents a full audit cycle:
- Reading the protocol specification and mapping the architecture
- Running static analysis tooling (Slither, Aderyn)
- Manual line-by-line review
- Writing proof-of-concept tests in Foundry
- Producing a structured report as I would for a real engagement
The goal is to build muscle memory for the process, not just the findings.
| Protocol | Findings (H/M/L) | Report |
|---|---|---|
| Venus Prime | 3 / 3 / 8 | View |
| SukukFi | 1 / 3 / 9 | View |
| Panoptic | 3 / 19 / 11 | View |
| (more coming) |
Each report follows a consistent format:
- Protocol Summary — what the protocol does and its intended security guarantees
- Architecture Overview — contract map, data flow diagram, roles, and key state variables
- Audit Methodology — tooling used, phases followed, and time allocation
- Findings — each vulnerability with description, impact, proof of concept, and recommended mitigation
All protocols audited here are from past contests. The vulnerabilities are already public and have been fixed. These reports are written for educational and portfolio purposes only. They do not represent a live security engagement.
Made by Srishti — learning smart contract security one audit at a time.
If you find this repository useful:
- Star ⭐ the repo
- Share feedback
- Open for opportunities