web3-start-here
WEB3 SKILLS — MASTER INDEX
Built from: 2,749 Immunefi reports + 100+ paid writeups + DeFiHackLabs (681 hacks) + ConsenSys + SlowMist + Trail of Bits + Foundry + Nethermind + Lido + AI agent research + live hunt experience
THE CHAIN (read in this exact order)
00-START-HERE.md ← YOU ARE HERE
01-foundation.md ← Mindset, target selection, recon setup
02-bug-classes.md ← All 10 bug classes with patterns + real examples
03-grep-arsenal.md ← Master grep patterns for every class
04-poc-and-foundry.md ← Foundry PoC writing, cheatcodes, 18 exploit templates
05-triage-report-examples.md ← 7-Question Gate, report format, 20 real paid examples
06-methodology-research.md ← ToB, SlowMist, ConsenSys, Immunefi, Cyfrin, Lido, Nethermind
07-live-hunt-ern.md ← Completed hunt: Ern protocol (2 findings)
09-live-hunt-zksync.md ← Completed hunt: ZKsync Era (0 findings — defense study)
08-ai-tools.md ← Shannon, LuaN1ao, SmartGuard, CAI Framework, AI code hunting
More from shuvonsec/web3-bug-bounty-hunting-ai-skills
web3-triage-report
Bug triage validation system, Immunefi report format, and 20 real paid bounty examples dissected. Use this when validating a finding before submitting, writing an Immunefi report, checking if a bug is actually valid, or studying real examples of paid vulnerabilities.
4web3-poc-foundry
Complete Foundry PoC writing guide + all cheatcodes + DeFiHackLabs reproduction patterns. Use this when building a proof of concept exploit, setting up a fork test, using Foundry cheatcodes, or reproducing a known DeFi hack for learning.
3web3-ai-tools
AI-powered tools for Web3 bug bounty automation. Use when you want to automate recon, run autonomous audits, or use AI agents for vulnerability discovery.
3web3-bug-classes
Complete reference for all 10 DeFi smart contract bug classes. Use this when hunting for specific vulnerability types, need attack patterns for accounting desync, access control, incomplete path, off-by-one, oracle manipulation, ERC4626 vaults, reentrancy, flash loans, signature replay, or proxy/upgrade bugs.
3web3-hunt-zksync-era
ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10 bug classes, and when to abandon a target. Contains architecture breakdown, 25 tested attack vectors, and pre-dive scoring refinements for large L1 bridge protocols.
3web3-solidity-audit-mcp
MCP server integrating Slither + Aderyn + SWC patterns into Claude Code for smart contract auditing. Use when analyzing Solidity files, running DeFi-specific detectors, or generating invariants. 10 MCP tools, 86 SWC detectors, DeFi preset pack, CI/CD workflow.
3