# Module 2 – Introduction to Tezos for developers
## Sprint 3 – Tezos in-depth
## Part 2 – Security, testing and optimisation in Tezos

The amount of money that gets lost in web3 projects due to security issues is immense. You can find news about various hacks leading to hundreds of thousands worth of dollars being stolen almost every week. This is not surprising however, when you consider the financial nature of many web3 applications and the difficulty of changing smart contract code once it’s deployed. Because of this, it is of utmost importance to know about the common vulnerabilities in smart contracts and how to avoid them (you can be certain that if your project becomes successful, someone will test those vulnerabilities, but not necessarily with benevolent intentions). Furthermore, the danger of losing funds comes not only from malicious actors, but often from bugs and errors in the smart contract. This part will therefore cover various good practices to make sure the smart contracts you write (or audit) minimises all of these risks. 


## Part Tasks
- [Security, common flaws and how to avoid them](https://opentezos.com/smart-contracts/avoiding-flaws ) *(120 minutes)*
- [Timelocks](https://tezos.gitlab.io/active/timelock.html) *(20 minutes)*
- [Timelocks Open Tezos section](https://opentezos.com/smart-contracts/smart-contracts-concepts/#timelocks) (15 minutes)
- [Optimisation of smart contracts](https://ligolang.org/docs/tutorials/optimisation/) *(40 minutes)*
- [Testing](https://opentezos.com/ligo/unit-testing/ ) *(100 minutes)*
<BR> Try to write some unit tests with PyTezos for a smart contract that you have already implemented.
- (Optional) [Formal verification in Tezos](https://opentezos.com/formal-verification) - whole chapter up to “Exam” (inclusive) *(180 minutes)*
<BR> Note: formal verification is a large, maths-heavy topic and may be created as a separate specialisation module in the future. For now, if you are strong in maths and are interested in this topic, you can use this link to start your research. Understanding formal verification can put you in a very strong position for working with security of smart contracts in the Tezos ecosystem. 

## Direction for further research
- Look at some of the smart contract you have written so far, or smart contracts of others (this can even be an example smart contract in the teaching material) – can you find obvious ways to optimize them? Do you see obvious security issues in them?
- Can you think of any other optimisation techniques. E.g. when would you consider splitting your smart contract into several separate ones?
- Keep an eye out for bug bounty programs when reading about Tezos projects. Checking the smart contracts of these projects is a great way to improve your skills, while finding & reporting a bug is an amazing way to prove your skills. [Example project with a bug bounty](https://www.smartlink.so/bug-bounty/)