web3-grep-arsenal
GREP ARSENAL — MASTER REFERENCE
All grep commands in one place. Run in the first 30 minutes of any new target. Replaces: 03-grep-surface-map, 14-grep-master-patterns + grep sections from 04-13
HOW TO USE THE SURFACE MAP
Process:
- Run ALL 10 blocks below (takes ~5 min)
- Collect all results in a notes file
- Tier-rank the hits (see Tier System below)
- In pass 1: READ everything, DON'T investigate yet
- In pass 2: Deep-dive on Tier 1 + 2 items
Tier System:
- Tier 1 — Near privileged code, external calls, or state changes with no guards → Investigate first
- Tier 2 — Interesting patterns that need context before judging → Investigate after Tier 1
- Tier 3 — Informational only (documentation, test files, comments) → Skip unless Tier 1+2 exhausted
More from shuvonsec/web3-bug-bounty-hunting-ai-skills
web3-triage-report
Bug triage validation system, Immunefi report format, and 20 real paid bounty examples dissected. Use this when validating a finding before submitting, writing an Immunefi report, checking if a bug is actually valid, or studying real examples of paid vulnerabilities.
4web3-poc-foundry
Complete Foundry PoC writing guide + all cheatcodes + DeFiHackLabs reproduction patterns. Use this when building a proof of concept exploit, setting up a fork test, using Foundry cheatcodes, or reproducing a known DeFi hack for learning.
3web3-ai-tools
AI-powered tools for Web3 bug bounty automation. Use when you want to automate recon, run autonomous audits, or use AI agents for vulnerability discovery.
3web3-start-here
Master index for the web3 smart contract security knowledge base. Use this to navigate the skill chain. Read files in order — each ends with NEXT.
3web3-bug-classes
Complete reference for all 10 DeFi smart contract bug classes. Use this when hunting for specific vulnerability types, need attack patterns for accounting desync, access control, incomplete path, off-by-one, oracle manipulation, ERC4626 vaults, reentrancy, flash loans, signature replay, or proxy/upgrade bugs.
3web3-hunt-zksync-era
ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10 bug classes, and when to abandon a target. Contains architecture breakdown, 25 tested attack vectors, and pre-dive scoring refinements for large L1 bridge protocols.
3