Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions messages/de/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@
"title": "TypeScript Client Developer",
"description": "Lerne, Solana-Client-Anwendungen mit TypeScript und web3.js zu entwickeln."
},
"security-specialist": {
"title": "Security Specialist",
"description": "Tauche tief in Solana-Programmsicherheit, Kryptografie und Best Practices ein."
"solana-security-auditor": {
"title": "Solana Security Auditor",
"description": "Von Sealevel-Angriffen über DeFi-Exploits bis hin zu professionellem Auditing und formaler Verifikation. 50 Stunden bis zu Auditor-Level Sicherheitskenntnissen."
},
"testing-and-tooling": {
"title": "Testing & Tooling",
Expand Down
6 changes: 3 additions & 3 deletions messages/en/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -79,9 +79,9 @@
"title": "TypeScript Client Developer",
"description": "Learn to build Solana client applications using TypeScript and web3.js."
},
"security-specialist": {
"title": "Security Specialist",
"description": "Deep dive into Solana program security, cryptography, and best practices."
"solana-security-auditor": {
"title": "Solana Security Auditor",
"description": "From Sealevel attacks through DeFi exploits to professional auditing and formal verification. 50 hours to auditor-level security skills."
},
"testing-and-tooling": {
"title": "Testing & Tooling",
Expand Down
120 changes: 120 additions & 0 deletions messages/en/courses.json
Original file line number Diff line number Diff line change
Expand Up @@ -793,6 +793,126 @@
"description": "Prepare mobile dApps for production. Implement crash reporting, analytics, RPC monitoring, and establish update strategies for live applications."
}
}
},
"arithmetic-and-accounting-exploits": {
"title": "Arithmetic and Accounting Exploits",
"description": "Math bugs cause 40% of real audit findings. Master overflow, precision loss, fee calculation errors, and accounting invariant violations with examples from production audits.",
"lessons": {
"introduction": {
"title": "Introduction",
"description": "Arithmetic vulnerabilities dominate real audit reports. Understand why math is the #1 finding category across Solana protocols."
},
"integer-math-safety": {
"title": "Integer Math Safety",
"description": "Overflow wraps silently in release mode. Silent truncation via as casts discards bits. Division truncation and directional rounding create extractable value."
},
"accounting-patterns": {
"title": "Accounting Patterns",
"description": "Basis point math, fee-on-transfer tokens, fee-exempt paths, compounding errors, and the invariant assertions that catch state corruption."
},
"defi-math-exploits": {
"title": "DeFi Math Exploits",
"description": "LP token rounding drains, exchange rate staleness, and concentrated liquidity precision. Share math vulnerabilities from Raydium and Kamino findings."
},
"conclusion": {
"title": "Conclusion",
"description": "A defensive checklist for every arithmetic operation in your program."
}
}
},
"protocol-level-attacks": {
"title": "Protocol-Level Attacks",
"description": "Individual bugs chain into protocol exploits. Learn oracle manipulation, first-depositor attacks, flash loans, state timing issues, DoS vectors, and MEV from real audit findings.",
"lessons": {
"introduction": {
"title": "Introduction",
"description": "Protocol exploits combine multiple vulnerability classes. Understand the anatomy of real-world attacks from reconnaissance through extraction."
},
"oracle-manipulation": {
"title": "Oracle Manipulation",
"description": "Stale Pyth prices trigger false liquidations. Spot price differs from TWAP. Master confidence intervals, staleness checks, and multi-oracle validation patterns."
},
"first-depositor-and-share-attacks": {
"title": "First Depositor and Share Attacks",
"description": "Empty vaults enable share inflation through donation attacks. Trace the math step-by-step and implement virtual reserves, minimum deposits, and dead shares."
},
"flash-loan-attack-patterns": {
"title": "Flash Loan Attack Patterns",
"description": "Atomic composability turns into a weapon. Manipulate prices within a single transaction, amplify fee bugs through iterations, and exploit CPI re-entrancy."
},
"state-and-timing-vulnerabilities": {
"title": "State and Timing Vulnerabilities",
"description": "State changes between instructions create TOCTOU windows. Cross-program dependencies and slot-based time assumptions break under real conditions."
},
"denial-of-service-vectors": {
"title": "Denial of Service Vectors",
"description": "Unwrap panics in production, division by zero on empty pools, dust griefing, and CU exhaustion. Every error path is an attack surface."
},
"front-running-and-mev-on-solana": {
"title": "Front-Running and MEV on Solana",
"description": "Solana has no mempool but MEV still exists. Understand Jito bundles, leader schedule exploitation, sandwich attacks, and slippage protection."
},
"conclusion": {
"title": "Conclusion",
"description": "Finding bugs is step one. Proving them, classifying severity, and communicating them professionally is the audit craft."
}
}
},
"auditing-solana-programs": {
"title": "Auditing Solana Programs",
"description": "From finding individual bugs to conducting systematic security reviews. Learn audit methodology, code reading, PoC writing, report craft, and the auditor career path.",
"lessons": {
"introduction": {
"title": "Introduction",
"description": "Security auditors scope, review, report, and verify fixes for Solana protocols. Understand the audit lifecycle and why demand exceeds supply."
},
"audit-methodology": {
"title": "Audit Methodology",
"description": "Systematic review phases from scoping through cross-cutting analysis. Compare checklist-driven and exploration-driven approaches with the invariant-first method."
},
"reading-unfamiliar-code": {
"title": "Reading Unfamiliar Code",
"description": "Trace control flow through Anchor programs top-down. Map trust boundaries, identify critical paths, and reconstruct state machines from unfamiliar codebases."
},
"writing-proof-of-concept-exploits": {
"title": "Writing Proof of Concept Exploits",
"description": "Transform findings into working exploits. Set up test environments, craft malicious transactions, demonstrate impact with specific extracted amounts."
},
"severity-classification-and-reporting": {
"title": "Severity Classification and Reporting",
"description": "Classify findings using impact-likelihood matrices. Write clear vulnerability descriptions, actionable recommendations, and executive summaries."
},
"conclusion": {
"title": "Conclusion",
"description": "Manual review catches design flaws and logic errors. Automated tools find edge cases in state spaces too large for human review."
}
}
},
"formal-verification-with-kani": {
"title": "Formal Verification with Kani",
"description": "Prove your programs correct, not just tested. Use AWS Kani model checker to verify arithmetic safety, invariant preservation, and absence of panics in Solana programs.",
"lessons": {
"introduction": {
"title": "Introduction",
"description": "Testing shows the presence of bugs. Verification proves their absence. Understand bounded model checking and when formal verification is worth the investment."
},
"verification-concepts": {
"title": "Verification Concepts",
"description": "SAT/SMT solvers exhaust state spaces that fuzzing samples. Understand bounded vs unbounded verification, soundness, completeness, and practical tradeoffs."
},
"kani-for-rust": {
"title": "Kani for Rust",
"description": "Write proof harnesses with kani::any() symbolic inputs. Constrain state with assumptions, assert properties, and interpret counterexamples when proofs fail."
},
"verifying-solana-programs": {
"title": "Verifying Solana Programs",
"description": "Apply Kani to on-chain code following OtterSec's Squads v4 approach. Verify arithmetic safety, prove invariants hold, and work around CPI modeling limitations."
},
"conclusion": {
"title": "Conclusion",
"description": "Manual review, fuzzing, and formal verification form complementary layers. Each catches what others miss. Security is a practice, not a destination."
}
}
}
}
}
6 changes: 3 additions & 3 deletions messages/fr/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@
"title": "TypeScript Client Developer",
"description": "Apprenez à créer des applications client Solana avec TypeScript et web3.js."
},
"security-specialist": {
"title": "Security Specialist",
"description": "Plongez dans la sécurité des programmes Solana, la cryptographie et les meilleures pratiques."
"solana-security-auditor": {
"title": "Solana Security Auditor",
"description": "Des attaques Sealevel aux exploits DeFi jusqu'a l'audit professionnel et verification formelle. 50 heures pour atteindre le niveau auditeur."
},
"testing-and-tooling": {
"title": "Testing & Tooling",
Expand Down
6 changes: 3 additions & 3 deletions messages/id/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@
"title": "TypeScript Client Developer",
"description": "Learn to build Solana client applications using TypeScript and web3.js."
},
"security-specialist": {
"title": "Security Specialist",
"description": "Deep dive into Solana program security, cryptography, and best practices."
"solana-security-auditor": {
"title": "Solana Security Auditor",
"description": "From Sealevel attacks through DeFi exploits to professional auditing and formal verification. 50 hours to auditor-level security skills."
},
"testing-and-tooling": {
"title": "Testing & Tooling",
Expand Down
6 changes: 3 additions & 3 deletions messages/uk/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@
"title": "TypeScript Client Developer",
"description": "Learn to build Solana client applications using TypeScript and web3.js."
},
"security-specialist": {
"title": "Security Specialist",
"description": "Deep dive into Solana program security, cryptography, and best practices."
"solana-security-auditor": {
"title": "Solana Security Auditor",
"description": "From Sealevel attacks through DeFi exploits to professional auditing and formal verification. 50 hours to auditor-level security skills."
},
"testing-and-tooling": {
"title": "Testing & Tooling",
Expand Down
6 changes: 3 additions & 3 deletions messages/vi/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,9 @@
"title": "Lập trình client với TypeScript",
"description": "Học cách xây dựng ứng dụng client Solana sử dụng TypeScript và web3.js."
},
"security-specialist": {
"title": "Chuyên gia bảo mật",
"description": "Tìm hiểu sâu về bảo mật chương trình Solana, mật mã học các phương pháp tốt nhất."
"solana-security-auditor": {
"title": "Kiểm toán viên bảo mật Solana",
"description": "Từ tấn công Sealevel qua khai thác DeFi đến kiểm toán chuyên nghiệp xác minh hình thức. 50 giờ để đạt kỹ năng bảo mật cấp kiểm toán viên."
},
"testing-and-tooling": {
"title": "Kiểm thử và công cụ",
Expand Down
6 changes: 3 additions & 3 deletions messages/zh-CN/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,9 @@
"title": "TypeScript Client Developer",
"description": "Learn to build Solana client applications using TypeScript and web3.js."
},
"security-specialist": {
"title": "Security Specialist",
"description": "Deep dive into Solana program security, cryptography, and best practices."
"solana-security-auditor": {
"title": "Solana Security Auditor",
"description": "From Sealevel attacks through DeFi exploits to professional auditing and formal verification. 50 hours to auditor-level security skills."
},
"testing-and-tooling": {
"title": "Testing & Tooling",
Expand Down
6 changes: 3 additions & 3 deletions messages/zh-HK/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@
"title": "TypeScript Client Developer",
"description": "Learn to build Solana client applications using TypeScript and web3.js."
},
"security-specialist": {
"title": "Security Specialist",
"description": "Deep dive into Solana program security, cryptography, and best practices."
"solana-security-auditor": {
"title": "Solana Security Auditor",
"description": "From Sealevel attacks through DeFi exploits to professional auditing and formal verification. 50 hours to auditor-level security skills."
},
"testing-and-tooling": {
"title": "Testing & Tooling",
Expand Down
12 changes: 9 additions & 3 deletions src/app/components/CourseCard/CourseCard.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -156,16 +156,22 @@ export default function CourseCard({
<Divider direction="vertical" className="h-[20px]" />
<Badge
size="sm"
variant="beginner"
label="Beginner"
variant={
badgeDifficulty.toLowerCase() as
| "beginner"
| "intermediate"
| "advanced"
| "expert"
}
label={badgeDifficulty}
className="leading-[100%] min-h-[20px]!"
crosshair={{
size: 4,
corners: ["top-left", "bottom-right"],
animationDelay: 0,
animationDuration: 0.01,
}}
icon={<Difficulty size={12} difficulties={[1]} />}
icon={<Difficulty size={12} difficulties={[difficulty ?? 1]} />}
/>
</motion.div>
)}
Expand Down
Loading