web3-hunt-foundation
WEB3 HUNT FOUNDATION
Mindset + Recon + Setup. Read this before touching any new target's code. Replaces: 01-mindset, 02-recon-setup, 20-chain-complete
PART 1: THE HUNTER MINDSET
The Core Mental Shift
You are NOT looking for "vulnerabilities" in the abstract. You are looking for specific actions an attacker can take TODAY that result in profit.
Everything flows from one question: "What can I STEAL, FREEZE, or DESTROY — and what do I END UP WITH?"
The Bug Validation Template
Apply to every finding before writing a single line:
More from shuvonsec/web3-bug-bounty-hunting-ai-skills
web3-triage-report
Bug triage validation system, Immunefi report format, and 20 real paid bounty examples dissected. Use this when validating a finding before submitting, writing an Immunefi report, checking if a bug is actually valid, or studying real examples of paid vulnerabilities.
4web3-poc-foundry
Complete Foundry PoC writing guide + all cheatcodes + DeFiHackLabs reproduction patterns. Use this when building a proof of concept exploit, setting up a fork test, using Foundry cheatcodes, or reproducing a known DeFi hack for learning.
3web3-ai-tools
AI-powered tools for Web3 bug bounty automation. Use when you want to automate recon, run autonomous audits, or use AI agents for vulnerability discovery.
3web3-start-here
Master index for the web3 smart contract security knowledge base. Use this to navigate the skill chain. Read files in order — each ends with NEXT.
3web3-bug-classes
Complete reference for all 10 DeFi smart contract bug classes. Use this when hunting for specific vulnerability types, need attack patterns for accounting desync, access control, incomplete path, off-by-one, oracle manipulation, ERC4626 vaults, reentrancy, flash loans, signature replay, or proxy/upgrade bugs.
3web3-hunt-zksync-era
ZKsync Era (Immunefi) completed hunt — 0 findings after exhaustive 5-session audit. Use as a DEFENSE STUDY — learn what makes a protocol unhuntable, which patterns block all 10 bug classes, and when to abandon a target. Contains architecture breakdown, 25 tested attack vectors, and pre-dive scoring refinements for large L1 bridge protocols.
3