Crypto Training

Web3 security engineering, Solidity, and EVM internals.

Practical writeups and checklists: secure contract design, audit heuristics, Solidity gotchas, MEV and mempool threat models, bridges, and the tooling that catches bugs before mainnet does.

Read the blog RSS

Bias

adversarial thinking, liveness-aware

Focus

Solidity, EVM, DeFi, bridges, MEV

Aim

audit intuition you can apply tomorrow

Latest

New posts drop as soon as they are useful.

All posts

Audits11 min

Crypto Training|2026-02-14

The Auditor Operating System: Repeatable Results in a Hostile Codebase

Auditing is a craft with artifacts: models, maps, experiments, and writeups. This post is an 'operating system' for doing web3 security work that scales beyond vibes.

DeFi10 min

Crypto Training|2026-02-13

DeFi Incident Patterns: Oracle Games, Rounding Edges, and the Same Bug in Three Costumes

Cream, PancakeBunny, and bZx are not three unrelated stories. They are variations of one meta-pattern: untrusted external state crossing into accounting. Here's how to spot the variants.

MEV11 min

Crypto Training|2026-02-12

Transaction Forensics with TX Graph: Reading Flash Loans, Routes, and MEV in the Receipt

Block explorers show what happened, not why it happened. This is a practical workflow for reconstructing intent using receipts, logs, and call graphs, with two mainnet transactions as examples.

Math10 min

Crypto Training|2026-02-11

Rounding in DeFi: When Dust Becomes an Oracle

Integer math is deterministic. Your rounding policy is not. This post connects fixed-point arithmetic, share accounting, and real exploit patterns where dust becomes profit.