Blogs |
Ethernaut CTF walkthrough with Brownie framework | | | |
Sizing Solidity Audits | | | |
Reversing Ethereum Smart Contracts | | | |
Emin Gün Sirer, professor in Cornell Tech’s IC3 lab focused on blockchain security. | | | |
Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects | | | |
Cybersecurity R&D firm with a blockchain security practice | | | |
Martin Swende, programmer and appsec consultant | | | |
Company blog about security issues and practices within blockchain ecosystem | | | |
Solidity Security: Comprehensive list of known attack vectors | | | |
Use cryptography in mobile apps the right way | | | |
Subzero is an HSM-backed method for cold storage of Bitcoin developed by Square | | | |
Contract upgrade anti-patterns | | | |
How the winner got Fomo3D prize — A Detailed Explanation | | | |
How to debug Solidity Smart Contracts with Tenderly and Truffle | | | |
Lashing out at a Spank Channel | | | |
Malicious GasToken Minting | | | |
Missing return value bug in ERC20 tokens | | | |
Not A Fair Game – Fairness Analysis of Dice2win | | | |
Initial Formal Verification of Ethereum Casper Protocol | | | |
Security considerations for Shamir's secret sharing | | | |
SmartDec smart contract audit beginner's guide | | | |
The Anatomy of a Block Stuffing Attack | | | |
The phenomenon of smart contract honeypots | | | |
Use our suite of Ethereum security tools | | | |
Vertcoin (VTC) was successfully 51% attacked | | | |
Smart contract security audit: tips & tricks | | | |
Papers |
Security Strengths and Weaknesses of Blockchain Smart Contract System: A Survey | | | |
Ethereum smart contract security research: survey and future research opportunities | | | |
Smart contract security: A software lifecycle perspective | | | |
Ethainter: a smart contract security analyzer for composite vulnerabilities | | | |
NeuCheck: A more practical Ethereum smart contract security analysis tool | | | |
Smart contract: Attacks and protections | | | |
Smart contract vulnerability analysis and security audite | | | |
Security analysis methods on ethereum smart contract vulnerabilities: a survey | | | |
Smart contract privacy protection using AI in cyber-physical systems: tools, techniques and challenges | | | |
LedgerHedger: Gas Reservation for Smart-Contract Security | | | |
Combining graph neural networks with expert knowledge for smart contract vulnerability detection | | | |
Security checklists for Ethereum smart contract development: patterns and best practices | | | |
Exploring Security Practices of Smart Contract Developers | | | |
Books |
Fundamentals of Smart Contract Security | | | |
Hands-On Smart Contract Development with Solidity and Ethereum | | | |
Mastering Ethereum | | | |
Books / Security Journal list |
[web] | | | IEEE Transactions on Information Forensics and Security |
[web] | | | Computer & Security |
[web] | | | IET Information Security |
[web] | | | ACM Transactions on Information and System Security |
[web] | | | International Journal of Information Security |
[web] | | | Security and Communication Networks |
[web] | | | IEEE Security & Privacy |
[web] | | | IEEE Transactions on Dependable and Secure Computing |
[web] | | | Security and Communication Networks |
[web] | | | Computer Fraud & Security |
Trainings |
SEC554: Blockchain and Smart Contract Security | | | |
SecDim | | | |
Ethereum Smart Contract Security | | | |
Solidity, Blockchain, and Smart Contract Course | | | |
Smart Contract Security 101 | | | |
Certified Blockchain Security Professional (CBSP) | | | |
Learn blockchain security | | | |
|
ethereum-graph-debugger | 352 | over 1 year ago | A graphical EVM debugger. Displays the entire program control flow graph |
Slither | 5,340 | 12 days ago | Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract |
Solgraph | 1,019 | almost 2 years ago | Generates DOT graphs with function control flow of a solidity contract |
Surya | 1,088 | 2 months ago | Generates various visual outputs of function call graphs |
sol-function-profiler | 80 | about 6 years ago | Solidity contract function profiler |
|
KEVM | 509 | 9 days ago | K Semantics of the Ethereum Virtual Machine (EVM) |
Manticore | 3,697 | about 1 year ago | Symbolic execution tool for EVM |
|
Remix | | | Browser-based Solidity IDE with linting features |
SmarrtCheck | | | A linter for Solidity and Vyper that checks code for security issues and bad practices |
Solhint | 1,042 | 3 days ago | Linter for both security and style-guide validations. It strictly adheres to the |
Solium | 927 | over 1 year ago | Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide |
|
Web3 Decoder | 110 | about 2 years ago | Web3 Decoder is a Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3 |
Echidna | 2,749 | 11 days ago | Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts |
Manticore | 3,697 | about 1 year ago | Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws |
Mythril OSS | 3,890 | about 1 month ago | Open-source security analysis tool for Ethereum smart contracts built around detector modules |
Securify v2.0 | 588 | 12 months ago | Static analysis tool from ChainSecurity |
Slither | 5,340 | 12 days ago | Static analysis framework, written in Python, with detectors for many common Solidity issues |
Octopus | 479 | 12 months ago | : Blockchain Smart Contracts (BTC/ETH/NEO/EOS) |
L3X | 63 | about 2 months ago | AI-driven Smart Contract Static Analyzer |
|
abi-decompiler | 217 | over 2 years ago | EVM reverse engineering helper utility |
ethereum-dasm | 219 | over 5 years ago | EVM disassembler with static and dynamic analysis abilities, including function signature lookup |
Ethersplay | 842 | about 1 year ago | Visual disassembler for EVM bytecode built on Binary Ninja |
evmlab | 366 | over 5 years ago | Utilities for interacting with the Ethereum virtual machine |
IDA-EVM | 308 | 10 months ago | IDA plugin to view EVM instructions |
Panoramix | 814 | 4 months ago | Ethereum decompiler |
pyevmasm | 362 | 6 months ago | EVM assembler and disassembler with a CLI and a Python API |
Rattle | 350 | about 1 year ago | EVM binary static analysis framework. Produces SSA representations of EVM code |
Solidity Bytes32 Converter Online | | | Convert Solidity bytes32 to utf8 string or integers and vice versa |
Online Solidity ABI Encoder | | | Online Solidity ABI Encoder to encode smart contract arguments, and also perform read and write operations on the blockchain |
Ethereum Unit Converter | | | Online tool to convert the different ethereum denominations (wei, gwei, ether) |
Labs |
Smart Contract Labs | | | |
ChainLink Lab | | | |
A lab that focuses on smart contract security | 3 | almost 6 years ago | |
Capture the Flag and Wargames |
Capture the Ether | | | |
The Ethernaut | | | |
Etherhack | | | |
Security Innovation Blockchain CTF | | | |
Ciphershastra CTF | | | |
Defi Hack | | | |
Gacha Lab (BSC Testnet) | | | |
Damn Vulnerable DeFi | | | |
Talks |
6th Workshop on Trusted Smart Contracts | | | |
Smart Contract Security: a Practitioners’ Perspective | | | |
Predicting Random Numbers in Ethereum Smart Contracts | | | |
Blockchain Autopsies - Analyzing Smart Contract Deaths | 1,486 | 4 days ago | |
Rattle - an EVM binary analysis framework | | | |
Blackhat Ethereum | 1,486 | 4 days ago | |
Smashing Ethereum Smart Contracts for Fun and Profit | 168 | over 5 years ago | |
Automatic Bug Finding for the Blockchain | 1,486 | 4 days ago | |
Misc |
Security Pitfalls & Best Practices 201 | | | |
Hacking Smart Contracts: Beginners Guide | | | |
Security Pitfalls & Best Practices 101 | | | |
A guide to smart contract security best practices | 7,515 | 4 months ago | |
Decentralized Application Security Project (or DASP) Top 10 | | | |
Solidity Security Considerations | | | |
A Collection of Vulnerabilities in ERC20 Smart Contracts | 614 | 9 months ago | |
Examples of Solidity security issues | 2,158 | over 1 year ago | |
A guide to smart contract security best practices | 7,515 | 4 months ago | |
A guide to EOS smart contract security best practices | 395 | almost 3 years ago | |
Podcasts |
CoinSec Podcast | | | |
The Smartest Contract | | | |
Zero Knowledge | | | |
Cheat Sheets |
Solidity Cheat Sheet | | | |
Solidity Cheatsheet and Best practices | 1,461 | almost 2 years ago | |
Ethereum Cheat Sheet | | | |
The Ultimate Blockchain Cheat Sheet | | | |
Checklists |
Solidity Auditing Checklistt | 353 | over 1 year ago | |
SMART CONTRACT SECURITY CHECKLIST | | | |
Smart Contract Security Audit: Intro & Top 5 Best Practices | | | |
Smart Contract Security Verification Standard | | | |
Security checklists for Ethereum smart contract development | | | |
|
Immunefi | | | |
hackenproof | | | |
ETHEREUM Bounty Program | | | |
Etherscan Bugbounty Program | | | |
Parity Bug Bounty Program | | | |
Gitcoint project | | | |
Code Arena Bugbounty project | | | |
Smartlink Dapps | | | |
Bug Rap | | | |
Bug Bounty Programs 2023 | | | |