You can now learn: - Assembly - Huff - Formal Verification - High-Level Wallet/Web3 DevOps On Cyfrin Updraft, in an outstanding new 13 hours of content. 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉 Let's give you a taste of what you'll learn in these two new courses:

We created two courses: 1. Wallets & Post Deployment 2. Assembly & Formal Verification But #1 should probably be rebranded to "Web3 DevOps". And let's start there. In 2023, we saw a massive rise in off-chain issues, including: - Private key leaks - Slow attack response - etc

You can watch BOTH courses in all their glory here, on @CyfrinUpdraft. As always, for free, because knowledge gating is lame, and Web3 needs this information.

Starting with Wallets, we took developers & protocols in mind and went over solutions like: - @Trezor - @CypherockWallet - @MetaMask - @Rabby_io - @rainbowdotme - @0xFrame As our "starter" wallets and then 👇

We use the BEST solution: multi-sig wallets. Like @safe & @AragonProject's DAO wallet. Additionally, we go over social recovery wallets, which is a favorite of @VitalikButerin's Then, we have bonus content with @WalletScrutiny, who shows us what to stay away from w/ wallets.

Then we start our trial post-deployment course (Web3 DevOps), which will grow over time as we as a community get better at it. We talk about and walk through building transaction detectors, which alert us of malicious attacks and go over how to build your own @FortaNetwork bot.

We teach about incident response and what resources we have, like bounty platforms or the @_SEAL_Org 911 program. We talk about when to/when not to perform a white hat and responsible disclosure. In 2024+, it's not enough to get an audit. You will need to practice warrooms.

Now... Most of you have been waiting for the Assembly and Formal Verification course (previously known as "Part 2" of the security course) And good lord have mercy, this isn't one to miss. You will literally be a savant after you watch this. ...or a gas degen. idk gas bad

We take you through 3 projects, each with ramping difficulty in tooling. 1. Horse Store 2. Math Master 3. Gas Bad NFT Marketplace 🐎🐎🐎🐎🐎🐎🐎🐎 Gas may be bad, but @huff_language be good.

We kick it off in Horse Store, where you'll LITERALLY rewrite contracts in raw hex/opcodes, using the Huff language to learn. With this power, we'll rewrite the codebase AGAIN in Yul, the low-level solidity inline/assembly. Anyone who wants to learn opcodes should watch this.

Then, in Math Masters, we start to venture into formal verification, using @a16z's halmos and @CertoraInc, and a little bit of @rv_inc's Kontrol. We use a technique that @zachobront used on a REAL(ish) contract to spot bugs!

And we get some wonderful guest appearances from @trailofbits (@trailofblocks) @Montyly and @0xalpharush to explain Formal Verification... AND HOW YOU SHOULD FUZZ FIRST. Using FV, we are able to find some outliers that fuzzing missed though!

Then finally, we end with our "Gas Bad NFT Marketplace", where we use Certora to rewrite the marketplace with inline assembly/yul and ensure our functions still work exactly the same. Giving rise to potentially a brand new pipeline for deploying gas-optimized smart contracts.

I said the last security course was difficult... but for this one, you need to have all 50 hours of Cyfrin Updraft as a prerequisite. So... buckle up, and let's teach you how to build some badass and secure smart contracts. Happy learning, let's build the web3 we promised.

And finally, a huge thanks to some of the giga-brains who helped me learn a lot of this well enough to give it back. - @palinatolmach - @0xkarmacoma - @Montyly - @0xalpharush - @SoosMate - @LewellenMichael - @LeoWandersleb - @ChandrakanaNaN And probably many more!