Day 8 of documenting my Smart Contract Dev Journey
Advanced Foundry ✍️
Wrapped up setting up IPFS today, getting my environment ready for the NFT side of the @cyfrin course.
Everything’s now in place to start building and shipping
NFT contract loading…
Day 7 of documenting my Smart Contract Dev Journey
Advanced Foundry ✍️
Kicked off the NFT session of the @cyfrin course today.
Wrote tests for the contract and they finally passed
Ngl the testing phase stressed me out
Had to wrestle with bugs for a while, but I pushed through and made it work.
On to the next level
Day 6 of documenting my Smart Contract Dev Journey
Diving deeper into Advanced Foundry ✍️ today.
Completed Session 1 of the Advanced Foundry course and focused on writing tests for the contract.
Happy to report all tests passed successfully ✅
Slowly but surely leveling up.
On to the next one
Most protocols are over audited and under tested.
You can't audit your way to security.
If you're not embarrassed by your first deployment's security posture, you're not learning fast enough.
The key is getting better.
Always have a goal that scares you.
Keep your curiosity alive like a kid.
Never stop taking risks for your vision.
Growth has no expiration date and it is amazing to see you sharing this energy.
You got so much more to do!
You are never too old to set another goal or to dream a new dream.
Always have a goal that scares you.
Keep your curiosity alive like a kid.
Never stop taking risks for your vision.
Growth has no expiration date and it is amazing to see you sharing this energy.
You got so much more to do
Gm Gm.
Don’t forget; The future belong to those that can:
> Build AI Agents
> Write Solidity & Build onchain.
> Understand on-chain privacy systems
> Know about Ethereum & Crypto
Many people are uncertain about the future of Web3 security because of AI.
I will quote a very famous phrase:
"It is not the strongest of the species that survives, nor the most intelligent that survives.
It is the one that is the most adaptable to change."
Whether you worry about it or not doesn't matter. What matters is that you can adapt quickly and use the latest AI tools to support your work.
this is the right take.
AI isn't replacing security researchers, it's changing what the job looks like
the ones who survive are the ones who adapt; using AI to move faster on the mechanical parts so they can focus on the adversarial thinking and novel attack vectors that AI can't do yet
Day 4 of documenting my Smart Contract Dev Journey
Advanced foundry ✍️
Today was all about the fundamentals.
I built an ERC-20 token and successfully deployed it to Anvil.
From defining the token logic to seeing it live on a local chain everything finally clicked especially how deployment scripts and local testing fit into the bigger picture.
Small win, but a solid step forward.
One block at a time.
Every major exploit is followed by "how could we have prevented this?"
The answer is usually "automated tools that already exist."
Use them.
Security isn't a feature you ship.
It's a practice you maintain.
The moment you stop, the vulnerabilities start accumulating.
Every developer who's shipped a smart contract knows that feeling when you realize your "simple" token transfer has 47 edge cases you didn't think about.
This is why we need continuous testing, not one-time audits.
Q: How can I write more secure Smart Contracts?
A: By understanding this key principle: Smart Contracts are NOT SOFTWARE.
Smart Contracts are HARDWARE.
“Abraham, WTF are you talking about?”… hear me out…
For the past 20 years, writing software has meant iterating quickly: Getting an MVP out there ASAP, moving fast, and breaking things.
So, what happens when something goes wrong? UI misalignment? No worries: 10-minute hotfix. 404 error? Release a patch.
Impact: Low,
Cost to fix: Low.
Software Engineers and Product teams approach software this way because it works. When the impact of issues is low, and the cost to fix them is low, the rapid feedback loop of agile development is extremely effective. The benefits outweigh the drawbacks. It’s a no-brainer.
Consider Hardware.
Many web3 security researchers are feeling anxiety when it comes to AI security solutions.
DON'T.
Instead, do what you always did - adopt and study new technology, work with it, use it to serve you, to your advantage.
Lots of talent will be needed in the years to come🫡
the security researchers who figure out how to use AI to automate the boring parts and focus on the hard adversarial thinking will 10x their output
How to get good at auditing smart contracts:
- Start an audit (contest or shadow audit)
- Understand what the codebase is trying to do
- Try to break assumptions/ find bugs
- Read the report for all the bugs you missed
- Repeat
Its that simple, no need to complicate it.
Even if you find no bugs at first, you are gaining intuition each time you look at what you missed.
Consistent repetition is the key.
