How I Started My Journey in Web3 Security
Hello Readers, I’m Karan Bharda from India. I’m the founder of PinakShield and a Web3 Security Trainer at TheCyberBoy. I love Web3 security, and in this blog, I’ll share how I started my journey in Web3, when I first learned about it, and some free resources and tips to help you get started too!
A Little About Me
Before diving into Web3, I was involved in the Web2 security world, working as a bug bounty hunter and a security analyst. I also built websites for fun and to earn some extra income.
However, bug bounty hunting became frustrating because I often faced issues like:
Reports being marked as "Not Applicable" (NA)
Receiving duplicate reports where someone else had already found the same bug
That's when a friend advised me, "Forget this. Learn Web3. It's a growing field with fewer people and better opportunities to earn." It was the first time I heard terms like smart contract auditing and Web3 security.
Jumping Into Web3
Without much thought, I Googled:
Smart contract hacking courses
Web3 security courses
However, I didn't realize that Web3 is very different from Web2, and I didn't know the basics. The courses talked about blockchain fundamentals, Ethereum, EVM, and Solidity—all of which were completely new to me.
I felt overwhelmed and wondered, "Where do I even begin?"
Starting With the Basics
To clear up my confusion, I went back to Google and searched for the prerequisites for Web3 security. I found out I needed to understand:
Blockchain fundamentals (how blockchain works, its components, etc.)
Ethereum and the EVM (Ethereum Virtual Machine)
Basic programming in Solidity
I started with the basics of blockchain by watching YouTube videos and reading articles. I also read the Bitcoin whitepaper to learn how Bitcoin and blockchain work. Once I had this foundation, I moved on to Ethereum and the EVM.
Learning Solidity
Solidity is a programming language used to write smart contracts, which are the backbone of Web3. Initially, I found it challenging.
I encountered many errors while coding, and it was frustrating. I thought, “Why am I even doing this? I hate debugging!”
But my curiosity about Web3 security kept me motivated. Here’s what I did:
When I encountered an error, I searched for solutions on Google.
If I couldn’t find anything, I used ChatGPT to help me figure it out. 😅
😡😤🤬
Eventually, I got the hang of Solidity and practiced it on a platform called CryptoZombies, where I built small projects step by step. This was a game-changer for me!
Diving Deeper Into Smart Contracts
Once I understood Solidity, I wanted to challenge my skills further. That's when I discovered tools like:
Foundry: A testing framework for smart contracts
Updraft: A platform to learn Foundry
These tools helped me learn how to test and deploy smart contracts correctly. A big thanks to Patrick Collins, whose tutorials made everything much clearer!
Exploring Vulnerabilities
After becoming comfortable with the basics, I began learning about smart contract vulnerabilities—weaknesses that hackers can exploit. To practice, I used platforms like:
EtherHunt
Damn Vulnerable DeFi
These platforms offered hands-on challenges that helped me improve my skills.
The Turning Point
After months of learning and practicing, Vaidik Pandya offered me a role as a Web3 Security Trainer at TheCyberBoy. This was a huge milestone in my journey!
This role also inspired me to start my own firm, and that's how PinakShield was born.
The Challenges I Faced
Learning Web3 wasn't always easy. There were times when I felt like giving up, especially when I faced:
Endless errors in Solidity and Foundry
The pressure of learning completely new concepts
The frustration of debugging
But I realized that consistency and curiosity are key. Every time I hit a roadblock, I found ways to overcome it, whether through Google, ChatGPT, or by reaching out to the community.
What’s Next?
As I write this on December 30, 2024, I'm excited about a new year full of growth and opportunities. My current goals include:
Growing PinakShield
Participating in public contests like Code4rena and Immunefi
Securing private audits for smart contracts
In my next blog, I'll share the story of my first smart contract audit. Stay tuned!
Resources to Get Started
If you're interested in Web3 security, here are some resources I recommend:
Feel free to reach out to me on Twitter or LinkedIn if you need more guidance.
Final Thoughts
Web3 security is a vast and exciting field. If you're passionate about learning and exploring new opportunities, don't let initial challenges stop you. With patience and the right resources, you'll succeed!