- 📌 Note: Roadmap 1 is designed to work best for average to above-average learners.
- ⚡ Alternate Roadmap-2 provided if you're a sharp and fast learner.
- 🎯 Choose only one out of these two.
🎯 Goal: Become a Smart Contract Auditor / Smart Contract Security Researcher – starting with Solidity + Yul, then progressing to Rust, Cairo, etc. If you are confused about any resource/term mentioned below just google it
⚠️ Note: Motivation will fluctuate. Don’t stop midway — finish what you start.
🌍 Non-Hindi Speakers: Skip the Hindi courses(CodeEater-C-C++). For C++, choose an English course. All core courses are in English.
- 📐 Basic understanding of mathematics (up to 10th grade)
- ✍️ Ability to read, write, and understand basic English
💡 Pro Tip: Don’t just watch videos — practice actively. Code everything yourself, explore more than what’s taught, and learn by doing.
Roadmap 1 -Normal
- Playlist Video 1-56 (Codeblocks Videos can be skipped if using any other software to code C)
- 👨💻 Intro to programming basics
- ✍️ Write 20+ small programs using an online compiler or CodeBlocks. Search from Google or chatgpt leap year,Even Odd, star printing(You can find these problems easily in C in Depth Book chapter 5 to 11 examples)
- 🚫 Do not use Turbo he used in his course it is outdated. Just grasp the concept
- 👨💻 DSA First 2 Videos by Shukla Sir 1 & 2
- ⌨️ CodeWithHarry Videos 1 to 18, 33, 34, 53, 63 To 74 STL
- ⌨️ Learn syntax & Standard Template Library (STL)
- 🔍 Use GeeksForGeeks (G4G) to learn about any STL whenever needed.
- 📈 Build foundation for DSA
-
📘 Recommended:
-
GeeksForGeeks DS&A OR GeeksForGeeks Sandeep Jain DSA Paid Course OR From Any Top YouTube creator
-
✅ Topics:
- 📊 Arrays 1D 2D
- 🔁 Sorting
- 🔍 Searching
- 🌀 Recursion**
- 🪢 String
- 🧵 Linked List
- 📚 Stack & Queue
- 🌳 Binary Tree
- 🧮 Heap
- 🌐 Graph
- 0️⃣1️⃣ Bitwise Algos
-
🧠 Practice Requirement
For each topic, solve at least 10 problems on GeeksforGeeks: 3–4 should be basic-level, and 5–6 should be easy to medium-level. You can find these problems either in the provided DS&A links or within Sandeep Jain course material. -
🧪 Self-Assessment Check
If you're able to solve 40% or more of the problems on your own, you're ready to move ahead. If not, it's better to pause, strengthen your fundamentals, and build confidence before progressing further.
-
📦 Learn key OOPs principles From = ~10 Hr
- 🧬 Inheritance
- 🌀 Polymorphism
- 🔐 Encapsulation
- 🎭 Abstraction
-
⚙️ Constructor = ~2.5 Hr
-
💥 Exception Handling -- Only Relevant Videos(1,2,4,5,6,10, 11,13,19,20,21)(Intro., Default, Hierarchy,Customized, Control-flow,throw,throws) = ~3 Hr
-
⏱️ 16 hrs of videos → ~30 hrs total time needed
-
🖥️ Setup VS Code with essential extensions:
VSCode InstallVSCode ExtensionsOnly Verified- Solidity Visual Developer, Juan Blanco Solidity,TOML and others Patrick recommends or on need with time
-
💻 Learn basics of:
- Terminal
- npm
- Git Bash Now (+ WSL in Foundry Course Later)
- For These Use Colt Steele’s Web Dev course: Sections 2, 31, 32 Or From Youtube
- 🧩 Optional But recommended
- 💻 Colt Steele’s Web Dev course
- 🔤 Study Sections: 1–6, 14–23, 27–28, 30–32, 74
- 🔧 Build a simple Frontend project using HTML + JS
- 🚀 Push the project to GitHub
-
🧭 Learn Git from YouTube OR Colt Steele’s Git & GitHub Udemy Course:
- Sections 1–7, 11–14
-
🧑💻 Don’t just watch code-along and perform actions with him in real-time.
-
🛠️ Key Topics:
- 🔁 Cloning, Branching, Commits, Merges
- 🌐 GitHub basics: pushing, pull requests, collaboration
- 📂 Start maintaining your GitHub account professionally
- 🧠 Basics of Operating Systems
- 🌐 Intro to Computer Networking
- 🏗️ Introduction to System Design
- 📝 For notes Use Code Files/.md files to write concepts you learned. which you feel that may be needed in future.
- 🛠️ Resolve errors actively — don’t skip them
- 🐞 Learn debugging techniques
- 🧠 Use Google, ChatGPT, and official documentation
- 🔄 Be flexible — You can tweak the roadmap to your progress and comfort, or build your own from it—choose what works best for you. Or Just follow this. Until you start auditing then make your own roadmap for way forward. Or Edit this based on your convenience.
| ✅ Component | ⏱️ Time |
|---|---|
| Programming + GitHub Setup | ~260 hours |
| 💪 Effort Span | ~2 months |
🕒 5-6 Hrs/ Day for 25 Days/Month --(Or tweak it based on your pace how fast you learn and how much you can devote. Here is avg. time) Consistency matters more than intensity. Focus on completing, not perfecting.
🌟 You now have the base muscle of Coding built to move into Solidity, Foundry, and real-world auditing.
Ready for the next stage? 📈
Stay consistent. Build momentum. Keep shipping! 💻🚀
- 📺 YouTube Playlist (1–50 videos)
- ⏱️ 8 hrs of videos → ~15 hrs total time needed
- Watch-only course to grasp blockchain fundamentals in Hindi. Just search on google to explore with him.
- 🧩 Cryptography video – Watch twice (now + after Course 7)
- 🎓 Udemy: Bitcoin & Cryptocurrency Bootcamp
- ⏱️ 8 hrs of videos × 3 times = ~30 hrs
- Watch-only course, no coding needed
- Watch now and again after Course 7 or while doing Ethernaut CTFs
- 📺 YouTube Playlist (1–33 videos)
- ⏱️ ~15 hrs
- Learn and code along actively
- Use Sepolia Testnet+Alchemy (Faucet+ Node API Provider) instead of Rinkeby, skip Truffle (It is closed Use hardhat instead from Docs/Videos if Truffle used in this course)
-
⏱️ ~20 hrs (with debugging, hands-on, Code-Along)
-
Setup and small projects:
-
Minimal React knowledge needed. Follow instructor. Google for doubts. Hardhat docs/Debug when stuck
📢 Register: https://updraft.cyfrin.io
🗂️ All Updraft Courses Below 4 Courses are present in these.
- ⏱️ ~3.25 hrs video → ~10 hrs your time will be needed(This extra time goes in Searching/Coding/Re-watching by backtracking when not understand in one time)
- Learn: Wallets, transactions, gas, ERC standards
- ⏱️ ~5 hrs Videos → ~20 hrs (repeat Section 3)
- Intermediate Solidity with projects
- Section 3 = crucial → watch twice if unclear
- ⏱️ ~12 hrs Videos → ~40 hrs
- Focus: Testing, fuzzing, mocks
- ⏱️ ~26 hrs Videos → ~100 hrs
- Deep dive into Foundry architecture and Smart Contracts
- 🔁 Repeat Sections 5 & 6 → esp. Section 6 (Proxy patterns) with openzeppelin code for UUPS etc.
-
📝 For notes Use comments in Code Files/.md files to write concepts you learned. If you think you might need them in future.
-
🔁 After completing Courses 6, 7, and 8, whenever you feel stuck, revisit the code you wrote for these courses. Or 🔍 search on Google.
-
📘 This instructor is fast and provides GitHub README in course — so 📂 search topic-wise from the README with course completing, learn about them for 🕒 20–30 minutes, and 🔖 bookmark them for future reference. Use them whenever needed.
-
📬 He keeps updating the course and sends ✉️ email notifications. You may check those if you feel it's necessary to learn the updates.
-
🧭 During the audit cycle (given at the bottom), you’ll naturally figure out what’s ✅ needed and ❌ what’s not.
-
🎯 Our goal is to help you reach there first — in the group of smart contract auditors.
- 🕒 ~250 hrs → ~2 months with consistency
- ⏳ Note: This is just an estimate. If you learn quickly, you may finish this earlier — or you can take more time to understand crucial concepts.
⚠️ However, we advise you to stick to the average time here and move forward to the audit.- 🎯 Just focus on understanding the core concepts at this stage.
-
🧠 You’re a researcher – enjoy the process and dig deeper whenever needed.
🔁 The importance of many things will become clear during audits, so feel free to revisit this content or 🔍 search on Google when needed. -
🌐 Use Google, 💬 ChatGPT, and 📄 official docs for errors, confusion, or curiosity.
-
🛠️ Add new useful topics to your roadmap ✅ and ❌ skip the ones that aren't relevant.
- ✅ Good for average learners: complete structure, deep dive
- 🚀 Fast learners: Feel free to skip or speed up sections (Alternate fast-track roadmap available at bottom)
- 📚 Crash Course
- Do after you start auditing by putting this in learning bucket.
⚠️ [OPTIONAL] For the Hardhat path to dive deeper:
-
📚 You can follow this YouTube course by Patrick Collins— Lesson 5 to 17 (except Lesson 15).
-
🧪 Do this only if you start auditing and feel the need to learn Hardhat specifically.
-
🛠️ Alternatively, after learning the basics, you can skip the course and just learn by doing using the official Hardhat Docs.
-
📚 Most concepts are the same as in the Foundry course — the main difference is that Hardhat uses JavaScript tests and Solidity for contracts, while Foundry uses Solidity For Both.
-
💡 While Foundry is more commonly used in Solidity projects, many developers also use Hardhat for its additional benefits.
After completing Parts 1 and 2, you'll now focus on learning vulnerabilities, security principles, and actual auditing.
Do twice: now and post-Damn Vulnerable DeFi
These Vulnerabilities costs most of the financial loss in DeFi
- 🧩 Ethernaut Challenges – 33 Levels
- Tools: Solve them with Remix or browser console and also with Foundry (VSCode) to practice foundry also. It helps in making POC.
- 📌 Goal: Solve at least 40% independently
- 🎯 DVDeFi Challenges – Real-world DeFi hacks
- 🎓 Course Link
- Topics: Reentrancy, overflows, tx.origin, full audit cycle
- 🔄 Clone Code from GitHub or platforms like Cantina, CodeArena, CodeHawks
- 👓 Understand deeply with focus— avoid distractions, find unique bugs
- 📝 Write & submit report
- 📊 Compare your report with official/community ones
- 📚 Learn from missed bugs and Other's reports
- 🔁 Repeat → Cycle: Audit → Read Report → Repeat
-
🧠 55% – Auditing & research with it.
-
📄 20% – Reading & analyzing reports
-
🧪 25% – Continuous learning bucket (new techs, trial-error, protocol deep dives)
-
🧘 In your free time, always try to explore new technologies and ideas in this space. 🎧 Listen to podcasts by experienced auditors, 📬 read newsletters, and 👀 observe how others approach things — if you find something important, add it to your learning bucket. 💡 Dive into DeFi concepts and protocols. 📖 Explore the codebases of leading projects like Uniswap, OpenZeppelin, Aave, and Chainlink to deepen your understanding. Add them to your learning bucket to read their code. Or whenever needed during a audit. Make new plans to proceed further and update your roadmap if needed.
🔁 Keep exploring consistently — this adds long-term depth to your skills.
- 🎯 Ideally, you'll begin earning within this phase. Have patience of auditing 400 Hrs. without expecting earning.
- 🕰️ ~1400–1500 total hours (~8–9 months) Yet.
- This is never ending part.
✅ If you’ve made it this far, welcome—you’ve arrived. Now go deeper, strengthen your understanding, and secure your space.
🧭 Follow reputed auditors on X (Twitter), listen to their YouTube podcasts, read their blogs, and constantly reflect on your experience.
- 📌 Must See: C Michel’s Roadmap. He is Goat in this space.
- ✅ To Ensure nothing is missed from your learning stack
- 🗂️ Maintain lists of common bugs (per project type: DEX, L2, NFT…)
- 📚 Maintain your personal knowledge base: blogs, snippets, checklists
- 🧍♂️ Compare only with your past self, not others
- 🛠️ Regularly update your tech stack
- 📖 Use official documentation when stuck
- 🔀 Adapt strategies based on personal experience
- 📈 Start Investing with less money 💰(so loosing wont hurt) in DeFi/Crypto DEX/CEX on L2s Just for knowledge not to get rich.
Focus: Visibility = Opportunity
- 📝 Write blog posts on audits, tricks, bugs, CTFs
- 🧵 Thread findings on Twitter (CTFs, audit analysis)
- 👥 Collaborate with other auditors (Discord, Guilds, GitHub)
- ✅ Build small tooling (e.g. vulnerability scanner, template, test harnesses)
- 🎤 Host a walkthrough or workshop if possible (even for small audience)
- 📚 Other Updraft Courses
- 🧑🏫 Hardhat Course – Patrick Collins (YouTube)
- 📺 Smart Contract Programmer (YouTube)
- 🧾 Whiteboard Crypto (YouTube-Basics of DeFi)
- 🏦 DeFi Concepts – DEXs, LPs, lending/Borrowing, Staking, Re-staking protocols
- 💰 Finance Basics
- 🏛️ Top Protocols – Aave, Chainlink, Uniswap
- 🧪 RareSkills Bootcamp & blog
- 🧠 Solodit, Rekt, Blockthreat Newsletter
- 🎙️ Podcasts from top auditors
- 📃 Important EIPs/ERCs
- 🔐 Cryptography
- 🧩 Paradigm CTF
- 🦀 Rust (Solana, Cosmos, etc.)
- 🌀 ZK Tech (SNARKs, STARKs, etc.)
- ...and more — because it never ends 💡
Roadmap 2 -Fast Paced
🧠 Designed for self-learners, fast movers, and those who prefer learning by doing.
If you're a sharp, fast learner, you might not need a slow-paced course or endless tutorials. Some smart folks jump straight into Patrick Collins’ Updraft course and begin auditing directly. Others read articles, explore codebases, and build hands-on without watching much video content.
Whatever your style, this roadmap outlines a fast and efficient path (~550 hours) to start auditing real protocols in just 3–4 months.
⚠️ Customize this path to fit your skills and learning style. Use other great roadmaps like C Michel's to fill any gaps.
- 💡 Learn by Doing
- 🧭 Follow or Modify this Path
- 📚 Mix Docs, Code & Challenges
- 🛠️ Focused on Efficiency, Not Hand-holding by someone
| Topic | Content | Duration |
|---|---|---|
| ✅ C++ Basics | Syntax, loops, etc. | 20 hrs |
| ✅ Data Structures | C++ STL, via GeeksforGeeks – 4–5 Qs/topic | 50 hrs |
| ✅ OOP & Error Handling | Constructors, exceptions (YouTube/Google) | 15 hrs |
| ✅ Tools & Basics | HTML, JavaScript, VS Code, Node.js, npm, Git & GitHub | 25 hrs |
⚒️ Build a simple JS + HTML project and push to GitHub.
| Topic | Resource | Duration |
|---|---|---|
| 📘 Blockchain Basics | Colt Steele’s Course | 15 hrs |
| 🎯 Solidity + Foundry | Updraft First 4 Courses by Patrick Collins | 125 hrs |
-4 Updraft Courses --> Blockchain Basics, Smart Contract Solidity, Foundry, Advanced Foundry
⛏️ Hardhat can be learned later during audits if needed.
| Topic | Resource | Duration |
|---|---|---|
| 🧠 Gas + Opcodes | Advanced Solidity – Jeffrey Scholz | 15 hrs |
| 🛠️ Yul & Assembly | Assembly & Yul – Scholz | (Included above) |
| 🐞 Vulnerabilities | Top 10 by OWASP | 5 hrs |
| 🧩 Ethernaut | Ethernaut Challenges | 50 hrs |
| 💣 DamnVulnerableDeFi | DVDeFi – First 10 challenges | 20 hrs |
🔥 Optional: Try Paradigm CTF after 200 hrs of auditing experience – it's advanced.
🎯 Start here after you're comfortable with Solidity, Foundry, and basic exploits.
-
🔎 Platforms:
-
📊 Time Split Strategy:
55% Audit–20% Read Reports–25% Research & Learn -
This is never ending part. So keep auditing keep Improving.
-
📑 Study reports, try replicating bugs, reverse-engineer writeups
🧪 Most growth happens here. Use reports to discover gaps and plug them in real-time.
-
You’ve now invested ~550 Hours. You will start earning within this time or definitely after this time without expecting money in these last 200 Hrs take them as learning time.
-
That’s just 3–4 months with focus
-
Welcome. You’ve made it.
-
Now dig deeper, keep building, and stay updated
✅ If you’ve made it this far, welcome—you’ve arrived. Now go deeper, strengthen your understanding, and secure your space.
🧭 Follow reputed auditors on X (Twitter), listen to their YouTube podcasts, read their blogs, and constantly reflect on your experience.
- 🗂️ Maintain lists of common bugs (per project type: DEX, L2, NFT…)
- 📚 Maintain your personal knowledge base: blogs, snippets, checklists
- 🧍♂️ Compare only with your past self, not others
- 🛠️ Regularly update your tech stack
- 📖 Use official documentation when stuck
- 🔀 Adapt strategies based on personal experience
- 📈 Start Investing with less money 💰(so loosing wont hurt) in DeFi/Crypto DEX/CEX on L2s Just for knowledge not to get rich.
Harder for beginners but a goldmine after you’ve got momentum. Take inspiration and refine your journey.
- 🧠 Read docs > Watch videos
- 🧰 Learn what you need, when you need
- 🧺 If something requires deep learning, drop it in your "learning bucket" for later
- 🧭 Keep iterating your approach based on your audits
Focus: Visibility = Opportunity
- 📝 Write blog posts on audits, tricks, bugs, CTFs
- 🧵 Thread findings on Twitter (CTFs, audit analysis)
- 👥 Collaborate with other auditors (Discord, Guilds, GitHub)
- ✅ Build small tooling (e.g. vulnerability scanner, template, test harnesses)
- 🎤 Host a walkthrough or workshop if possible (even for small audience)
- 📚 Other Updraft Courses
- 🧑🏫 Hardhat Course – Patrick Collins (YouTube)
- 📺 Smart Contract Programmer (YouTube)
- 🧾 Whiteboard Crypto (YouTube-Basics of DeFi)
- 🏦 DeFi Concepts – DEXs, LPs, lending/Borrowing, Staking, Re-staking protocols
- 💰 Finance Basics
- 🏛️ Top Protocols – Aave, Chainlink, Uniswap
- 🧪 RareSkills Bootcamp & blog
- 🧠 Solodit, Rekt, Blockthreat Newsletter
- 🎙️ Podcasts from top auditors
- 📃 Important EIPs/ERCs
- 🔐 Cryptography
- 🧩 Paradigm CTF
- 🦀 Rust (Solana, Cosmos, etc.)
- 🌀 ZK Tech (SNARKs, STARKs, etc.)
- ...and more — because it never ends 💡
If you made it here — you're ready to start auditing real protocols.
Get your hands dirty. Read, break, fix, learn. Repeat.
The journey doesn’t end here — it evolves.