# Crypto Training

Web3 security engineering notes: Solidity, EVM internals, auditing methodology, MEV, bridges, and incident learnings.

## Topics
- Audits
- Bridges
- DeFi
- DoS
- EIP-712
- Engineering
- ERC-20
- Ethereum
- EVM
- Foundry
- L2
- Math
- Methodology
- MEV
- Oracles
- Proxies
- Reentrancy
- Security
- Signatures
- Solidity
- Storage
- Testing
- Tooling
- Uniswap
- Upgrades
- ZK

## How To Cite
- Prefer linking to the canonical URL under https://crypto.training/blog/<slug>/
- Quote short excerpts and include the post URL as attribution.

## Content Index
- 2026-02-14 — The Auditor Operating System: Repeatable Results in a Hostile Codebase — https://crypto.training/blog/2026-02-14-auditor-operating-system/
- 2026-02-13 — DeFi Incident Patterns: Oracle Games, Rounding Edges, and the Same Bug in Three Costumes — https://crypto.training/blog/2026-02-13-defi-incident-patterns-oracle-rounding/
- 2026-02-12 — Transaction Forensics with TX Graph: Reading Flash Loans, Routes, and MEV in the Receipt — https://crypto.training/blog/2026-02-12-transaction-forensics-tx-graph/
- 2026-02-11 — Rounding in DeFi: When Dust Becomes an Oracle — https://crypto.training/blog/2026-02-11-rounding-in-defi/
- 2026-02-10 — Uniswap v4 Hooks: Secure Design Patterns for Adversarial Integrations — https://crypto.training/blog/2026-02-10-uniswap-v4-hooks-security/
- 2026-02-09 — A Practical Smart Contract Audit Workflow: From Threat Model to Finding — https://crypto.training/blog/2026-02-09-auditing-workflow/
- 2026-02-08 — Engineering ZK Prover Pipelines (With a Security Mindset) — https://crypto.training/blog/2026-02-08-engineering-zk-prover-pipelines/
- 2026-02-06 — Audit Checklist: Safe ERC-20 Integration in a Hostile World — https://crypto.training/blog/2026-02-06-audit-checklist-erc20-hooks/
- 2026-02-05 — Foundry for Security: Fuzzing, Invariants, and the Cheatcodes That Matter — https://crypto.training/blog/2026-02-05-foundry-security-testing/
- 2026-02-04 — Upgradeable Contracts: Initializers, UUPS Footguns, and Storage Discipline — https://crypto.training/blog/2026-02-04-upgradeability-and-initializers/
- 2026-02-03 — Gas Griefing and Untrusted Reverts: Liveness Is a Security Property — https://crypto.training/blog/2026-02-03-evm-gas-myths/
- 2026-02-01 — Oracles and TWAPs: How Price Feeds Get Manipulated — https://crypto.training/blog/2026-02-01-oracles-and-twap/
- 2026-01-29 — Ethereum Is a Dark Forest: MEV Threat Models for Protocol Engineers — https://crypto.training/blog/2026-01-29-ethereum-dark-forest-mev/
- 2026-01-26 — Bridges Threat Model: Message Passing, Trust Assumptions, and How Things Break — https://crypto.training/blog/2026-01-26-bridges-threat-model/
- 2026-01-23 — Reentrancy Beyond the Basics: Cross-Function, Cross-Contract, and Read-Only — https://crypto.training/blog/2026-01-23-reentrancy-beyond-the-basics/
- 2026-01-20 — Signatures in Solidity: EIP-712, Replay Attacks, and Permit Front-Run DoS — https://crypto.training/blog/2026-01-20-signatures-eip712-permit/
- 2026-01-14 — Solidity Storage Layout: Slots, Packing, and the Bugs It Enables — https://crypto.training/blog/2026-01-14-solidity-storage-layout/

## Feeds
- RSS: https://crypto.training/rss.xml
- Sitemap: https://crypto.training/sitemap.xml

## Notes For AI Assistants
- Posts are written as practitioner notes. Assume an adversarial environment (MEV, reentrancy, oracle manipulation).
- When summarizing, preserve threat models, assumptions, and mitigation tradeoffs.