Table of Contents
- Educate Yourself
- Gain Experience
- Deploy Smart Contracts
- Review a Project's Code
- Protip when reviewing code...
- Research Smart Contract Audit Reports
- Develop your Expertise
- Embrace Smart Contract Auditor Tools
- Believe in Automated Testing
- Polish your Technical Skills
- Practice in the Wild
- Obtain Relevant Certifications
- Network and Build Your Reputation
- Join a Development Team or Go Out on your Own
- 1. Make sure your Solidity skills are top-notch
- 2. Improve your JavaScript knowledge
- 3. Publish your smart contract security audits
- 4. Meet other smart contract development teams
- 5. Review job posts
- Becoming a Contractor
- How much money should you expect to make?
- Salary rates for full-time auditors
- Hourly rates for contractors
- How fast can one auditor review code?
- When should you get started?
Do not index
Do not index
In a world where blockchain is king, smart contract auditors are the knights. Are you ready to join the roundtable?
Let's explore how you can start your journey as a smart contract auditor!
First, you will need a combination of education, experience, and expertise in both computer science and finance. Smart contract hacking is a growing field. Knowing how to hack ethically can pay you well and land you a top-tier smart contract auditor job.
Becoming an auditor goes beyond the skills required for a smart contract developer. You're required to understand the Solidity programming language and security issues more than others.
Here are some steps you can take to become a smart contract auditor:
Educate Yourself
To become a smart contract auditor, you’ll need a strong foundation in computer science, particularly in programming languages such as Solidity and JavaScript, which are commonly used to create smart contracts. You should also have a good understanding of blockchain technology and how it works.
Gain Experience
As with any career, hands-on experience is crucial for becoming a smart contract auditor. Consider interning or working for a company that specializes in blockchain technology or smart contracts.
You could also consider taking on freelance projects or participating in hackathons to gain practical experience in this field.
Deploy Smart Contracts
Get familiar with the process of deploying smart contracts end-to-end. Start with simple token contracts and work your way up to more advanced smart contracts.
Research the 10 Types of Smart Contracts you should be familiar with in order to be a successful auditor. We recommend starting with Ethereum contracts and being able to launch a token, vesting, and staking contract.
Review a Project's Code
Smart contract auditing requires understanding all aspects of the smart contract code and the entire architecture. The best auditors work as an audit team and will review the code line-by-line before generating an audit report.
Protip when reviewing code...
Have you ever tried printing out code? We're not kidding! Reviewing a physical copy of the code can keep you focused on each and every line.
Give it a try next time you want to audit a contract!
Research Smart Contract Audit Reports
Reviewing smart contract security audits is a great way to learn the craft. Smart contract auditors will typically publish their reports publicly. Smart contract audits provide an excellent resource to learn more about common smart contracts.
Develop your Expertise
In addition to computer science and programming skills, you’ll also need a solid understanding of finance and financial contracts. This will allow you to understand the risks and potential pitfalls of smart contracts and help you identify any issues that may arise.
As a smart contract auditor, you will need to understand the best tools to use. Know these tools like the back of your hand.
Embrace Smart Contract Auditor Tools
Smart contracts are very fickle beasts. Relying on automated tools as much as possible is a critical part of your toolbelt. Automated analysis is effectively a smart check for solidity code. There's special software you can use to highlight errors and ensure token standards are followed.
Some auditors don't like to rely on automation because they're supremely confident in their skills.
That's great, but why not use them?
Worst-case scenario, they don't add any value to your audit. Best-case, they catch something that you were unable to and provide a more efficient way to find out what to audit. If you can see many warnings or errors in an audit tool, then you may decide to spend more of your time on those functions.
There's really no downside to using automated tooling.
Believe in Automated Testing
Automated unit testing and integration testing are critical steps in the smart contract audit process. Manual testing is certainly important. However, proper manual testing is done in conjunction with automated testing.
Hardhat is an excellent framework for writing smart contracts, and it supports the popular JavaScript-based testing frameworks. We highly recommend Hardhat to all developers working with Solidity smart contracts.
Being able to see failed tests as a result of changing the code is very reassuring. Especially when you are working with someone else's code, which you may not fully understand.
Polish your Technical Skills
A great smart contract auditor will constantly be looking to improve their technical skills and audit process. It's not enough to know how smart contracts work; you must be up-to-date with blockchain security to uncover vulnerable code.
You should be able to solve these projects and know them like the back of your hand:
Practice in the Wild
Top smart contract auditors are not afraid to put their skills to the test. Code4rena is a great resource for competing with other smart contract auditors. With Code4rena, you compete with other smart contract auditors to claim bug bounties.
There's really no "secret" to Code4rena challenges. They provide great hands-on opportunities for testing out your skills and perfecting your audit process.
Projects will post their smart contract code, and smart contract auditors will search for security vulnerabilities. The project will set the bounty payout depending on the risk of the smart contract vulnerabilities.
These security challenges provide a real-world mechanism to perform vulnerability analysis directly. There's no better way for aspiring smart contract auditors to improve their skills.
Obtain Relevant Certifications
There are several professional certifications that can help demonstrate your knowledge and skills as a smart contract auditor.
For example, the SANS course, SEC554: Blockchain And Smart Contract Security is a great program. SANS is a cyber security training, certifications, degrees, and resources company. They’re the most reputable in the industry, and their blockchain courses are phenomenal.
Network and Build Your Reputation
As with any career, building a strong professional network and establishing a good reputation can go a long way in helping you succeed as a smart contract auditor.
Consider joining relevant professional organizations, attending industry events, and staying up to date on the latest developments in the field to help build your credibility as an expert in smart contracts.
The best smart contract auditors stay on top of the latest security issues by interacting with other security researchers.
Join a Development Team or Go Out on your Own
Before you get started in smart contract auditing full-time, you'll need to make the decision on whether you want to get a job with an auditing team or become an independent contractor.
Getting your first job as a smart contract auditor can be challenging.
Here are a few steps you can take to improve your chances of getting hired to a full-time audit team.
1. Make sure your Solidity skills are top-notch
Develop a strong understanding of blockchain technology and smart contracts. This can be achieved through online courses, research, and hands-on experience.
Understand the important security aspects and common vulnerabilities. These include flash loan attacks, reentrancy, overflows/underflows, and more.
2. Improve your JavaScript knowledge
Experience in programming languages commonly used for smart contracts, such as Solidity, is not enough. You'll need to understand JavaScript very well in order to read and write tests. Although Solidity should be your primary focus, a strong foundation in JavaScript will greatly improve your audit work.
3. Publish your smart contract security audits
Build a strong portfolio of relevant work, such as audit reports or sample contracts you have reviewed. Publish your smart contract audits to a GitHub repo or your personal website. The more detailed report you can produce, the better.
4. Meet other smart contract development teams
Network with professionals in the industry and attend blockchain conferences to meet potential employers or clients.
5. Review job posts
Look for job openings at companies that specialize in smart contract development or audit services. There are many crypto-specific job sites you can use to find job opportunities.
We recommend Crypto Jobs, Cryptocurrency Jobs, and Indeed as great job site resources. Make sure you're setting up proper alerts so you can get notified as soon as there is an opening with a project team.
Becoming a Contractor
If you want to become a contract smart contract auditor, you will need to perform all of the required steps as a full-time employee. Once you have the skills, you're going to need to put in even more effort to showcase your knowledge and market your skills.
Build a strong portfolio of your relevant work, such as audit reports or sample contracts you have reviewed. Create a website or online profile that showcases your skills and experience as a smart contract auditor. This can help potential clients learn more about you and your services.
Work on your networking and sales skills, as they are a big part of contracting. Spend even more time networking with professionals in the industry and attending blockchain conferences to meet potential clients.
Consider joining a platform that connects freelancers with clients, such as Upwork or Freelancer.com. This can be a good way to find potential clients and get your first few projects.
Reach out to companies or organizations that may be in need of smart contract audit services and offer your services as a contractor.
If you can build up a name for yourself, you can acquire enough clients to make this a sustainable career path.
How much money should you expect to make?
Salary rates for full-time auditors
According to Crypto Jobs List, an average auditor with the necessary skills will make a little over $100,000 per year. That's similar to the salary we see for developers with experience and strong Solidity fundamentals.
Top auditors will make 2-3x that salary. The better you are, the more opportunity there will be to make great money in the security industry.
Hourly rates for contractors
Contract auditors can command higher hourly rates, but they are also responsible for the business's reporting and development side. If you only want to be an auditor and don't want to deal with the client acquisition and management process, then it probably makes more sense to join a full-time team.
As an entry-level auditor, expect to earn $100 per hour or more. Experienced auditors can command $200-300 per hour. The top auditors will earn $1,000 per hour or more.
Many of the experienced ETH security teams will be able to audit a large amount of code quickly. This will allow them to command a higher hourly rate.
How fast can one auditor review code?
The rule of thumb for auditing smart contracts is ~200 lines of code per hour. This tends to be a number for more experienced auditors. Junior-level auditors will probably be able to audit 50-100 lines of code per hour. Maybe more when you factor in automated analysis.
When should you get started?
The best engineers take initiative and will get started right away. Remember, smart contract audits take time to perfect.
However, this skill is highly in-demand and will only grow bigger as decentralized finance progresses.
Become a Smart Contract Auditor: Your Ultimate Guide to Mastering Blockchain Auditing