Hashtag Web3 Logo
Hashtag Web3 Logo

50 Portfolio Project Ideas for Smart Contract Auditors

As a smart contract auditor, your portfolio needs to demonstrate deep security expertise and practical experience finding vulnerabilities. These project ideas will help you build credibility with protocols and audit firms.

Smart Contract Auditor30 items Updated May 17, 2026

Vulnerability Research Projects

Document and analyze real-world exploits to demonstrate your understanding of attack vectors.

Exploit Post-Mortem Database

intermediate

Create a searchable database of DeFi exploits with technical breakdowns, root cause analysis, and prevention strategies for each incident.

3-4 weeksResearchTechnical WritingSolidity

Reentrancy Pattern Catalog

intermediate

Build a detailed catalog of reentrancy variations including cross-function, cross-contract, and read-only reentrancy with code examples.

2 weeksSoliditySecurity PatternsDocumentation

Flash Loan Attack Simulator

advanced

Develop a tool that simulates flash loan attacks against test contracts to demonstrate various manipulation techniques.

4-6 weeksSolidityDeFiFoundryFlash Loans

Oracle Manipulation Lab

advanced

Create a testing environment demonstrating price oracle attacks including TWAP manipulation and spot price attacks.

3-4 weeksDeFiOraclesFoundryMEV

Access Control Vulnerability Scanner

advanced

Build a static analysis tool that detects common access control issues like missing modifiers and privilege escalation paths.

4-5 weeksPythonAST ParsingSoliditySecurity

Security Tooling Projects

Build tools that automate or assist the audit process.

Custom Slither Detectors

advanced

Write custom Slither detectors for vulnerability patterns not covered by default rules, such as protocol-specific issues.

2-3 weeksPythonSlitherStatic AnalysisSolidity

Foundry Fuzzing Framework

advanced

Create a reusable fuzzing framework with invariant tests for common DeFi primitives like AMMs, lending, and vaults.

4-6 weeksFoundryFuzzingDeFiInvariants

Gas Griefing Detector

intermediate

Build a tool that identifies potential gas griefing vulnerabilities in contracts with unbounded loops or external calls.

2 weeksStatic AnalysisEVMGas Mechanics

Upgrade Safety Checker

advanced

Develop a tool that validates proxy upgrade safety by checking storage layout compatibility and initialization patterns.

3-4 weeksProxiesStorage LayoutSolidityPython

MEV Vulnerability Scanner

advanced

Create a scanner that identifies sandwich attack and frontrunning vulnerabilities in DeFi contracts.

4-5 weeksMEVDeFiTransaction AnalysisSolidity

CTF and Educational Content

Create learning resources that demonstrate your teaching ability and deep understanding.

Custom CTF Challenge Set

intermediate

Design a series of increasingly difficult smart contract CTF challenges covering various vulnerability classes.

3-4 weeksSoliditySecurityEducationGame Design

Damn Vulnerable DeFi Solutions Guide

intermediate

Write detailed walkthroughs for Damn Vulnerable DeFi challenges explaining the thought process and multiple solution approaches.

2-3 weeksTechnical WritingDeFi SecuritySolidity

Security Pattern Cheatsheet

beginner

Create a visual cheatsheet of security patterns and anti-patterns with code examples and real exploit references.

1-2 weeksDesignDocumentationSecurity

Audit Report Template Library

intermediate

Develop a library of audit report templates with standardized vulnerability descriptions and severity classifications.

2 weeksTechnical WritingDocumentationSecurity

Video Audit Walkthrough Series

intermediate

Record video walkthroughs of your audit process on open-source contracts, explaining your methodology.

4-6 weeksVideo ProductionCommunicationAudit Process

Real Protocol Analysis

Analyze live protocols to demonstrate real-world auditing skills.

Public Audit of Small Protocol

advanced

Conduct a thorough public audit of a smaller protocol's contracts and publish your findings responsibly.

2-4 weeksFull Audit ProcessReport WritingCommunication

Protocol Comparison Analysis

advanced

Compare the security architecture of similar protocols (e.g., Aave vs Compound) highlighting design tradeoffs.

3-4 weeksProtocol AnalysisDeFiResearchWriting

Bug Bounty Hunting Documentation

advanced

Document your bug bounty hunting process and findings (with permission) to show real vulnerability discovery.

OngoingBug HuntingResearchWriting

Governance Attack Analysis

advanced

Analyze governance mechanisms of major DAOs for potential attack vectors like flash loan governance attacks.

2-3 weeksGovernanceDeFiGame TheoryResearch

Bridge Security detailed look

advanced

Conduct a thorough analysis of cross-chain bridge architectures and their historical vulnerabilities.

3-4 weeksBridgesCross-chainResearchSecurity

Automation and Monitoring

Build systems for ongoing security monitoring and automated checks.

Contract Monitoring Bot

advanced

Build a bot that monitors deployed contracts for suspicious transactions or state changes indicating exploitation.

3-4 weeksNode.jsEthers.jsMonitoringAlerts

Automated Audit Pipeline

intermediate

Create a CI/CD pipeline that runs security tools (Slither, Mythril, custom checks) on every commit.

2 weeksCI/CDDevOpsSecurity ToolsAutomation

Exploit Alert System

intermediate

Build a system that scrapes security feeds and alerts on new exploits relevant to protocols you're monitoring.

2-3 weeksWeb ScrapingAlertsAPIsPython

Storage Slot Monitor

advanced

Create a tool that monitors critical storage slots in contracts and alerts on unexpected changes.

2-3 weeksEVM StorageMonitoringEthers.js

Mempool Watcher for Attacks

advanced

Build a mempool monitoring tool that detects potential attack transactions before they're mined.

3-4 weeksMempoolMEVReal-time AnalysisNode.js

Specialized Security Research

Deep dives into specific vulnerability classes and emerging threats.

L2 Sequencer Risk Analysis

advanced

Research and document risks from centralized L2 sequencers including liveness failures and censorship attacks.

3-4 weeksL2 architectureResearchRisk analysis

Account Abstraction Security Guide

advanced

Analyze security considerations for ERC-4337 account abstraction including paymaster and bundler risks.

3-4 weeksERC-4337Account abstractionSecurity research

Cross-Chain Message Verification

advanced

Research vulnerabilities in cross-chain messaging protocols and verification mechanisms.

4-5 weeksCross-chainMessaging protocolsSecurity research

EIP Implementation Analysis

advanced

Analyze security implications of new EIPs before they're widely adopted.

2-3 weeks per EIPEIP processSpecification analysisForward thinking

Compiler Bug Investigation

advanced

Research historical Solidity compiler bugs and build detector for affected contracts.

3-4 weeksCompiler internalsVersion analysisDeep Solidity

Pro Tips

Start with Code4rena contests to build a public track record of findings before pitching to protocols directly.

Document every finding in a personal database. Patterns you see once will appear again, and quick reference saves time.

Build relationships with protocol teams even when you don't find bugs. Reputation matters more than individual audits.

Specialize in one area deeply (bridges, lending, AMMs) before broadening. Deep expertise commands premium rates.

Always disclose responsibly. Never publish exploit details before the protocol has patched. Your reputation depends on trust.

More for Smart Contract Auditor

Ready to build your Web3 career?

Browse hundreds of open roles across the decentralized ecosystem.

Explore Jobs