Auditing Courses

Formal training in smart contract security has matured rapidly. The list below covers the courses and programs most consistently recommended by practicing auditors, grouped by format and depth. Prices and curricula change frequently — confirm details on each provider's site before enrolling.

Free, Self-Paced

These are the highest-leverage starting points; most working auditors began here.

  • Cyfrin Updraftupdraft.cyfrin.io — comprehensive, free, video-and-code curriculum covering Solidity, Foundry, smart-contract security, assembly, and full assurance/audit courses. Patrick Collins' security and assurance tracks are the closest thing to a canonical curriculum the field has.
  • Secureum Bootcamp materialssecureum.xyz — slides, articles, and the "RACE" quizzes that gate entry to their flagship CARE program. Free to study; the bootcamp itself runs cohorts periodically.
  • Smart Contract Programmer (YouTube)youtube.com/@smartcontractprogrammer — concise, no-nonsense Solidity and DeFi mechanics videos used as reference by many practitioners.
  • Owen Thurm — Guardian Audits (YouTube) — practical, exploit-driven walkthroughs and explainers.
  • Trail of Bits — Building Secure Contractsgithub.com/crytic/building-secure-contracts — the canonical, no-cost reference for security-aware development and review patterns.
  • Solidity by Examplesolidity-by-example.org — short, runnable patterns and hacks; useful as a quick-reference companion.

Structured, Free Programs (Cohort-Based)

  • Secureum RACE / CARE / Epoch programs — periodic cohorts that culminate in an extremely difficult exam; alumni are well-regarded by hiring firms.
  • Code4rena First Flights and Codehawks First Flights — short, beginner-friendly audit contests run as learning vehicles; the post-contest report walkthroughs are part of the curriculum.
  • RareSkills — Solidity Bootcamp / Advanced Solidityrareskills.io — paid cohort-based courses on Solidity, DeFi, and security with a heavy emphasis on assembly and gas optimization.
  • ChainShot / Alchemy University Ethereum Developer Bootcampuniversity.alchemy.com — broader developer curriculum with security modules.
  • Consensys Academy — periodic developer programs with security content.

University and Academic

  • MIT OCW 15.S12 Blockchain and Money and similar — useful for the economic and game-theoretic foundations behind DeFi exploits.
  • Stanford CS251 Cryptocurrencies — for the cryptography and consensus background that informs cross-chain and signature-related audits.

Mode-Specific Deep Dives

  • Certora Verification Tutorialdocs.certora.com — free, official tutorial for the Certora Prover; required reading for anyone interested in formal verification work.
  • Foundry Bookbook.getfoundry.sh — official documentation; the chapters on fuzzing and invariant testing are required reading for any modern auditor.
  • Halmos docs and example reposgithub.com/a16z/halmos — for symbolic-execution-based verification.

How to Choose

A practical sequence for someone starting out:

  1. Cyfrin Updraft full-stack track → Secureum slides → solve Ethernaut and Damn Vulnerable DeFi.
  2. Patrick Collins' security and audit courses on Updraft → start reading public reports on Solodit.
  3. Enter a Code4rena or Codehawks First Flight → write up findings and compare to the published report.
  4. Apply to Secureum CARE → start participating in paid contests at Code4rena, Sherlock, Cantina.
  5. Choose a specialty (DeFi, account abstraction, ZK, bridges) and read every public report and post-mortem in that domain.

Course completion is not a hiring signal in isolation. Public report contributions, contest results, and demonstrable findings are.