Blogs |
| Ethernaut CTF walkthrough with Brownie framework | | | |
| Sizing Solidity Audits | | | |
| Reversing Ethereum Smart Contracts | | | |
| Emin Gün Sirer, professor in Cornell Tech’s IC3 lab focused on blockchain security. | | | |
| Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects | | | |
| Cybersecurity R&D firm with a blockchain security practice | | | |
| Martin Swende, programmer and appsec consultant | | | |
| Company blog about security issues and practices within blockchain ecosystem | | | |
| Solidity Security: Comprehensive list of known attack vectors | | | |
| Use cryptography in mobile apps the right way | | | |
| Subzero is an HSM-backed method for cold storage of Bitcoin developed by Square | | | |
| Contract upgrade anti-patterns | | | |
| How the winner got Fomo3D prize — A Detailed Explanation | | | |
| How to debug Solidity Smart Contracts with Tenderly and Truffle | | | |
| Lashing out at a Spank Channel | | | |
| Malicious GasToken Minting | | | |
| Missing return value bug in ERC20 tokens | | | |
| Not A Fair Game – Fairness Analysis of Dice2win | | | |
| Initial Formal Verification of Ethereum Casper Protocol | | | |
| Security considerations for Shamir's secret sharing | | | |
| SmartDec smart contract audit beginner's guide | | | |
| The Anatomy of a Block Stuffing Attack | | | |
| The phenomenon of smart contract honeypots | | | |
| Use our suite of Ethereum security tools | | | |
| Vertcoin (VTC) was successfully 51% attacked | | | |
| Smart contract security audit: tips & tricks | | | |
Papers |
| Security Strengths and Weaknesses of Blockchain Smart Contract System: A Survey | | | |
| Ethereum smart contract security research: survey and future research opportunities | | | |
| Smart contract security: A software lifecycle perspective | | | |
| Ethainter: a smart contract security analyzer for composite vulnerabilities | | | |
| NeuCheck: A more practical Ethereum smart contract security analysis tool | | | |
| Smart contract: Attacks and protections | | | |
| Smart contract vulnerability analysis and security audite | | | |
| Security analysis methods on ethereum smart contract vulnerabilities: a survey | | | |
| Smart contract privacy protection using AI in cyber-physical systems: tools, techniques and challenges | | | |
| LedgerHedger: Gas Reservation for Smart-Contract Security | | | |
| Combining graph neural networks with expert knowledge for smart contract vulnerability detection | | | |
| Security checklists for Ethereum smart contract development: patterns and best practices | | | |
| Exploring Security Practices of Smart Contract Developers | | | |
Books |
| Fundamentals of Smart Contract Security | | | |
| Hands-On Smart Contract Development with Solidity and Ethereum | | | |
| Mastering Ethereum | | | |
Books / Security Journal list |
| [web] | | | IEEE Transactions on Information Forensics and Security |
| [web] | | | Computer & Security |
| [web] | | | IET Information Security |
| [web] | | | ACM Transactions on Information and System Security |
| [web] | | | International Journal of Information Security |
| [web] | | | Security and Communication Networks |
| [web] | | | IEEE Security & Privacy |
| [web] | | | IEEE Transactions on Dependable and Secure Computing |
| [web] | | | Security and Communication Networks |
| [web] | | | Computer Fraud & Security |
Trainings |
| SEC554: Blockchain and Smart Contract Security | | | |
| SecDim | | | |
| Ethereum Smart Contract Security | | | |
| Solidity, Blockchain, and Smart Contract Course | | | |
| Smart Contract Security 101 | | | |
| Certified Blockchain Security Professional (CBSP) | | | |
| Learn blockchain security | | | |
| |
| ethereum-graph-debugger | 352 | over 2 years ago | A graphical EVM debugger. Displays the entire program control flow graph |
| Slither | 5,394 | 11 months ago | Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract |
| Solgraph | 1,019 | almost 3 years ago | Generates DOT graphs with function control flow of a solidity contract |
| Surya | 1,104 | about 1 year ago | Generates various visual outputs of function call graphs |
| sol-function-profiler | 81 | about 7 years ago | Solidity contract function profiler |
| |
| KEVM | 509 | 11 months ago | K Semantics of the Ethereum Virtual Machine (EVM) |
| Manticore | 3,702 | about 2 years ago | Symbolic execution tool for EVM |
| |
| Remix | | | Browser-based Solidity IDE with linting features |
| SmarrtCheck | | | A linter for Solidity and Vyper that checks code for security issues and bad practices |
| Solhint | 1,048 | 11 months ago | Linter for both security and style-guide validations. It strictly adheres to the |
| Solium | 927 | over 2 years ago | Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide |
| |
| Web3 Decoder | 111 | almost 3 years ago | Web3 Decoder is a Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3 |
| Echidna | 2,779 | 11 months ago | Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts |
| Manticore | 3,702 | about 2 years ago | Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws |
| Mythril OSS | 3,901 | about 1 year ago | Open-source security analysis tool for Ethereum smart contracts built around detector modules |
| Securify v2.0 | 589 | almost 2 years ago | Static analysis tool from ChainSecurity |
| Slither | 5,394 | 11 months ago | Static analysis framework, written in Python, with detectors for many common Solidity issues |
| Octopus | 480 | almost 2 years ago | : Blockchain Smart Contracts (BTC/ETH/NEO/EOS) |
| L3X | 63 | about 1 year ago | AI-driven Smart Contract Static Analyzer |
| |
| abi-decompiler | 219 | over 3 years ago | EVM reverse engineering helper utility |
| ethereum-dasm | 219 | over 6 years ago | EVM disassembler with static and dynamic analysis abilities, including function signature lookup |
| Ethersplay | 844 | about 2 years ago | Visual disassembler for EVM bytecode built on Binary Ninja |
| evmlab | 367 | over 6 years ago | Utilities for interacting with the Ethereum virtual machine |
| IDA-EVM | 311 | almost 2 years ago | IDA plugin to view EVM instructions |
| Panoramix | 822 | about 1 year ago | Ethereum decompiler |
| pyevmasm | 362 | over 1 year ago | EVM assembler and disassembler with a CLI and a Python API |
| Rattle | 353 | about 2 years ago | EVM binary static analysis framework. Produces SSA representations of EVM code |
| Solidity Bytes32 Converter Online | | | Convert Solidity bytes32 to utf8 string or integers and vice versa |
| Online Solidity ABI Encoder | | | Online Solidity ABI Encoder to encode smart contract arguments, and also perform read and write operations on the blockchain |
| Ethereum Unit Converter | | | Online tool to convert the different ethereum denominations (wei, gwei, ether) |
Labs |
| Smart Contract Labs | | | |
| ChainLink Lab | | | |
| A lab that focuses on smart contract security | 3 | over 6 years ago | |
Capture the Flag and Wargames |
| Capture the Ether | | | |
| The Ethernaut | | | |
| Etherhack | | | |
| Security Innovation Blockchain CTF | | | |
| Ciphershastra CTF | | | |
| Defi Hack | | | |
| Gacha Lab (BSC Testnet) | | | |
| Damn Vulnerable DeFi | | | |
Talks |
| 6th Workshop on Trusted Smart Contracts | | | |
| Smart Contract Security: a Practitioners’ Perspective | | | |
| Predicting Random Numbers in Ethereum Smart Contracts | | | |
| Blockchain Autopsies - Analyzing Smart Contract Deaths | 1,495 | 11 months ago | |
| Rattle - an EVM binary analysis framework | | | |
| Blackhat Ethereum | 1,495 | 11 months ago | |
| Smashing Ethereum Smart Contracts for Fun and Profit | 169 | about 6 years ago | |
| Automatic Bug Finding for the Blockchain | 1,495 | 11 months ago | |
Misc |
| Security Pitfalls & Best Practices 201 | | | |
| Hacking Smart Contracts: Beginners Guide | | | |
| Security Pitfalls & Best Practices 101 | | | |
| A guide to smart contract security best practices | 7,536 | over 1 year ago | |
| Decentralized Application Security Project (or DASP) Top 10 | | | |
| Solidity Security Considerations | | | |
| A Collection of Vulnerabilities in ERC20 Smart Contracts | 616 | over 1 year ago | |
| Examples of Solidity security issues | 2,171 | over 2 years ago | |
| A guide to smart contract security best practices | 7,536 | over 1 year ago | |
| A guide to EOS smart contract security best practices | 398 | almost 4 years ago | |
Podcasts |
| CoinSec Podcast | | | |
| The Smartest Contract | | | |
| Zero Knowledge | | | |
Cheat Sheets |
| Solidity Cheat Sheet | | | |
| Solidity Cheatsheet and Best practices | 1,465 | almost 3 years ago | |
| Ethereum Cheat Sheet | | | |
| The Ultimate Blockchain Cheat Sheet | | | |
Checklists |
| Solidity Auditing Checklistt | 354 | over 2 years ago | |
| SMART CONTRACT SECURITY CHECKLIST | | | |
| Smart Contract Security Audit: Intro & Top 5 Best Practices | | | |
| Smart Contract Security Verification Standard | | | |
| Security checklists for Ethereum smart contract development | | | |
| |
| Immunefi | | | |
| hackenproof | | | |
| ETHEREUM Bounty Program | | | |
| Etherscan Bugbounty Program | | | |
| Parity Bug Bounty Program | | | |
| Gitcoint project | | | |
| Code Arena Bugbounty project | | | |
| Smartlink Dapps | | | |
| Bug Rap | | | |
| Bug Bounty Programs 2023 | | | |
Awesome-Smart-Contract-Security 
0ex/more-awesome
mektigboy/evm-chad
macmod/ethernaut-writeups
gotnoshoeson/se-transparent-proxy
emeraldpay/etherjar
alchemyplatform/light-account
maple-labs/erc20
pcaversaccio/snekmate
transmissions11/solmate
scanate/ethlist