awesome-ethereum-security
Smart contract toolkit
A curated collection of Ethereum security resources and tools to help developers write more secure smart contracts.
A curated list of awesome Ethereum security references
1k stars
39 watching
199 forks
last commit: about 1 year ago
Linked from 3 awesome lists
ethereumevmsecuritysolidity
Awesome Ethereum Security / Learning / Security references | |||
| Comprehensive list of known attack vectors for Solidity | |||
| Consensys Best Practices | 7,536 | over 1 year ago | |
| Decentralized Application Security Project | |||
| Solidity Security Considerations | |||
| Solidity v0.5.0 Breaking Changes | |||
Awesome Ethereum Security / Learning / Insecurity references | |||
| Awesome Buggy ERC20 Tokens | 616 | over 1 year ago | |
| EVM Analyzer Benchmark | 40 | about 7 years ago | |
| Not So Smart Contracts | 2,171 | over 2 years ago | |
Awesome Ethereum Security / Learning / Capture the Flag and Wargames | |||
| Capture the Ether | |||
| Ethernaut | |||
| EtherHack | |||
| SI Blockchain CTF | |||
| Hands on the Ethernaut CTF | Writeups for various Ethernaut CTF challenge contracts | ||
| Ethernaut - Naught Coin (ERC20) Exploitation | Writeup for a vulnerable ERC20 from the Ethernaut CTF | ||
| EtherHack CTF Writeup | Writeup for EtherHack CTF challenges | ||
| PolySwarm Smart Contract Hacking Challenge Writeup | Demonstrates advanced use of Manticore | ||
Awesome Ethereum Security / Learning / Coordinated disclosure | |||
| Blockchain Security Contacts | 401 | over 1 year ago | Security contact info for blockchain projects |
Awesome Ethereum Security / Learning / Blogs | |||
| Hacking Distributed | Emin Gün Sirer, professor in Cornell Tech’s IC3 lab focused on blockchain security | ||
| Phil Does Security | Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects | ||
| Trail of Bits | Cybersecurity R&D firm with a blockchain security practice | ||
| Martin Holst Swende | Martin Swende, programmer and appsec consultant | ||
| SmartDec blog | Company blog about security issues and practices within blockchain ecosystem | ||
Awesome Ethereum Security / Learning / Notable blog posts | |||
| Contract upgrade anti-patterns | |||
| How the winner got Fomo3D prize — A Detailed Explanation | |||
| How to debug Solidity Smart Contracts with Tenderly and Truffle | |||
| Lashing out at a Spank Channel | |||
| Malicious GasToken Minting | |||
| Missing return value bug in ERC20 tokens | |||
| Not A Fair Game – Fairness Analysis of Dice2win | |||
| Initial Formal Verification of Ethereum Casper Protocol | |||
| Security considerations for Shamir's secret sharing | |||
| SmartDec smart contract audit beginner's guide | |||
| The Anatomy of a Block Stuffing Attack | |||
| The phenomenon of smart contract honeypots | |||
| Use our suite of Ethereum security tools | |||
| Vertcoin (VTC) was successfully 51% attacked | |||
Awesome Ethereum Security / Learning / Conference talks | |||
| Predicting Random Numbers in Ethereum Smart Contracts | |||
| Blockchain Autopsies - Analyzing Smart Contract Deaths | 1,495 | 11 months ago | |
| Rattle - an EVM binary analysis framework | |||
| Blackhat Ethereum | 1,495 | 11 months ago | |
| Smashing Ethereum Smart Contracts for Fun and Profit | 169 | about 6 years ago | |
| Automatic Bug Finding for the Blockchain | 1,495 | 11 months ago | |
Awesome Ethereum Security / Learning / Podcasts and Episodes | |||
| CoinSec Podcast | |||
| The Smartest Contract | |||
| Zero Knowledge | |||
| The Smartest Contract #15 | Trail of Bits’ Outlook on Security w/ JP Smith | ||
| The Smartest Contract #8 | Smart Contract Security and Honeypots w/ Gerhard Wagner | ||
| Zero Knowledge #29 | The DAO, the White Hat Hacker Group & Giveth w/ Griff Green | ||
| Zero Knowledge #16 | Talking security with JP Smith from Trail of Bits | ||
| Risky Business #488 | JP Smith about all things blockchain | ||
Awesome Ethereum Security / Tools / Visualization | |||
| ethereum-graph-debugger | 352 | over 2 years ago | A graphical EVM debugger. Displays the entire program control flow graph |
| Slither | 5,394 | 11 months ago | Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract |
| Solgraph | 1,019 | almost 3 years ago | Generates DOT graphs with function control flow of a solidity contract |
| Surya | 1,104 | about 1 year ago | Generates various visual outputs of function call graphs |
| sol-function-profiler | 81 | about 7 years ago | Solidity contract function profiler |
Awesome Ethereum Security / Tools / Linters | |||
| Remix | Browser-based Solidity IDE with linting features | ||
| SmarrtCheck | A linter for Solidity and Vyper that checks code for security issues and bad practices | ||
| Solhint | 1,048 | 12 months ago | Linter for both security and style-guide validations. It strictly adheres to the |
| Solium | 927 | over 2 years ago | Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide |
Awesome Ethereum Security / Tools / Bug finding tools | |||
| Echidna | 2,779 | 11 months ago | Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts |
| Manticore | 3,702 | about 2 years ago | Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws |
| Mythril OSS | 3,901 | about 1 year ago | Open-source security analysis tool for Ethereum smart contracts built around detector modules |
| Securify | 219 | almost 6 years ago | Static analysis tool from ChainSecurity |
| Slither | 5,394 | 11 months ago | Static analysis framework, written in Python, with detectors for many common Solidity issues |
Awesome Ethereum Security / Tools / Verification tools | |||
| KEVM | 509 | 11 months ago | K Semantics of the Ethereum Virtual Machine (EVM) |
| Manticore | 3,702 | about 2 years ago | Symbolic execution tool for EVM |
Awesome Ethereum Security / Tools / Reversing tools | |||
| abi-decompiler | 219 | over 3 years ago | EVM reverse engineering helper utility |
| ethereum-dasm | 219 | over 6 years ago | EVM disassembler with static and dynamic analysis abilities, including function signature lookup |
| Ethersplay | 844 | about 2 years ago | Visual disassembler for EVM bytecode built on Binary Ninja |
| evmlab | 367 | over 6 years ago | Utilities for interacting with the Ethereum virtual machine |
| IDA-EVM | 311 | almost 2 years ago | IDA plugin to view EVM instructions |
| Panoramix | |||
| pyevmasm | 362 | over 1 year ago | EVM assembler and disassembler with a CLI and a Python API |
| Rattle | 353 | about 2 years ago | EVM binary static analysis framework. Produces SSA representations of EVM code |
Awesome Ethereum Security / Tools / Custody | |||
| Subzero | Subzero is an HSM-backed method for cold storage of Bitcoin developed by Square | ||
Awesome Ethereum Security / Communities | |||
| Enterprise Ethereum Alliance Security Task Force | |||
| Empire Hacking Slack | #ethereum | ||
Awesome Ethereum Security / Other Awesome Lists | |||
| Awesome AppSec | 6,372 | over 1 year ago | |
| Awesome Ethereum Virtual Machine | 844 | almost 2 years ago | |
| Awesome Solidity | 6,618 | about 1 year ago | |
| Crypto projects that might not suck | 424 | almost 3 years ago | |
bkrem/awesome-solidity
ahmet/awesome-web3
arpitingle/library-of-ethereum
trailofbits/eth-security-toolbox
mektigboy/evm-chad
takenobu-hs/haskell-ethereum-assembly
emeraldpay/etherjar
consensys/solc-typed-ast
0xmic/solidity
aniket-engg/sol-profiler-vscode
chao-peng/sif
cryptofinlabs/audit-checklist