How to Create a New Foundry Project
A step-by-step guide to creating a new, empty Foundry project using forge init, with a real-world example from a Code4rena contest.
When I start a new security review, the first thing I do is get the project set
up locally. Most projects use Foundry, so forge init is a command I run a lot.
This recipe is a quick guide to how I set up a new project for a security
contest, using the recent Covenant audit from Code4rena as an example.
The contest repo is here.
To create a new project, you just run forge init with the name of the
directory you want to create.
forge init 2025-10-covenantThis creates a new directory called 2025-10-covenant and sets up a basic
Foundry project inside it.
The forge init command has a bunch of useful flags. Here are the ones I use
most often.
--template <TEMPLATE>: This is useful if you want to start from a specific template. For example, if you have a standard setup you use for all your projects, you can create a template and use this flag to start from it.--vscode: This is a must-have if you use VS Code. It creates a.vscode/settings.jsonfile with the right Solidity settings and also generates aremappings.txtfile. This makes it much easier to work with imports in your contracts.--empty: This flag creates a project with no example contracts. I use this all the time because I’m usually about to clone a project’s existing contracts into the repo, so I don’t need theCounter.solexample.--no-git: Use this if you don’t wantforge initto create a new git repository. This is useful if you are initializing a project inside an existing git repo, which is common for security contests where the project is a submodule or you’re working in a monorepo.
For the Covenant contest, I wanted to create an empty project inside the contest’s repository structure. Here’s the command I would use:
forge init 2025-10-covenant --empty --vscode --no-gitThis gives me a clean, empty Foundry project ready for the Covenant contracts, with VS Code settings configured and without creating a new, nested git repository. It’s the perfect starting point for a security review.