Lesson 1Runtime protections: on-chain limits, slippage bounds, debt ceilings, rate limitsThis section explains runtime protections that enforce safe operating bounds, including on-chain limits, slippage controls, debt ceilings, and rate limits that constrain protocol behavior under stress or attack, keeping things stable.
On-chain limits and guardrail parametersSlippage bounds and price impact capsDebt ceilings and exposure controlsRate limits and throughput throttlingKill switches and graceful degradationLesson 2Safe upgrade and deployment strategies: immutable core vs upgradeable modules, upgrade governanceThis section explains safe deployment and upgrade strategies, comparing immutable cores and upgradeable modules, defining upgrade governance, testing pipelines, and rollback plans to minimize risk during contract changes, updating carefully.
Immutable core versus upgradeable modulesProxy patterns and storage safetyUpgrade governance and voting flowsStaging, canary, and phased rolloutsRollback, freezes, and migration plansLesson 3Secure smart contract design patterns: checks-effects-interactions, pull-over-push, nonReentrant, circuit breakersThis section introduces core secure design patterns for smart contracts, such as checks-effects-interactions, pull-over-push payments, nonReentrant guards, and circuit breakers that limit damage from bugs or attacks, designing securely.
Checks-effects-interactions patternPull over push payment mechanismsReentrancy guards and nonReentrantCircuit breakers and emergency stopsAccess control and capability patternsLesson 4Developer processes: code review checklists, pre-merge CI gates, dependency management, reproducible buildsThis section covers secure development processes, including code review checklists, pre-merge CI gates, dependency management, and reproducible builds that ensure consistent, auditable, and tamper-resistant releases, following best practices.
Security-focused code review checklistsPre-merge CI and mandatory test gatesManaging third-party dependenciesReproducible and deterministic buildsRelease signing and artifact verificationLesson 5Key management and operational hygiene: hardware wallets, threshold signatures, secret rotation policiesThis section covers secure key lifecycle management for blockchain operations, including hardware wallets, threshold signatures, backup and recovery, rotation policies, and operational hygiene to prevent key theft, misuse, or accidental loss, handling keys responsibly.
Hardware wallets for operational signersThreshold and MPC signing architecturesSecure key backup and recovery plansKey rotation and revocation proceduresWorkstation and network hygiene controlsLesson 6Documentation and transparency: security disclosures, public parameters, bug bounty visibilityThis section describes how to document security assumptions, public parameters, admin powers, and upgrade policies, and how to run transparent bug bounties that help users and auditors understand and trust the system, promoting openness.
Documenting trust and threat modelsPublishing admin roles and powersPublic parameters and risk disclosuresBug bounty scope and visibilityChangelogs and user-facing updatesLesson 7Monitoring and incident response: metrics to track, alert thresholds, playbooks, and forensics preparationThis section details how to monitor blockchain systems, define security and reliability metrics, configure alert thresholds, prepare incident playbooks, and collect forensic data to support rapid investigation and effective postmortems, staying alert.
Core security and reliability metricsAlert thresholds and escalation pathsIncident response playbook designOn-chain and off-chain log collectionForensics readiness and evidence handlingLesson 8Admin controls and governance: multisig, timelocks, role separation, emergency pause proceduresThis section explains how to design robust admin governance using multisig wallets, timelocks, role separation, and emergency pause controls, reducing single points of failure and limiting the blast radius of privileged actions, governing wisely.
Designing secure multisig admin walletsConfiguring timelocks for critical actionsRole separation and least privilege modelsEmergency pause and circuit breaker runbooksDelegation, signers rotation, and auditsLesson 9Oracle hardening controls: multi-source feeds, TWAP, oracle guardians, dispute windowsThis section focuses on hardening oracle designs using multi-source feeds, TWAP mechanisms, guardians, dispute windows, and failover strategies to reduce manipulation risk and ensure resilient, trustworthy price data, strengthening data sources.
Multi-source and medianized price feedsTWAP and liquidity-aware pricingOracle guardians and kill switchesDispute windows and challenge flowsFailover, liveness, and stale data checksLesson 10Testing and QA best practices: deterministic tests, fuzz targets, simulated attacker testsThis section presents testing and QA strategies for smart contracts, including deterministic unit tests, fuzzing, property-based tests, and simulated attacker scenarios that reveal edge cases and security weaknesses, testing thoroughly.
Deterministic unit and integration testsFuzzing and property-based testingSimulated attacker and chaos testsTest coverage and invariant trackingTest data, fixtures, and environments
