Awesome-Smart-Contract-Security

Smart Contract Security Resources

A curated collection of resources and materials for improving the security of smart contracts

A curated list of Smart Contract Security materials and resources For Researchers

GitHub

725 stars
19 watching
129 forks
last commit: 10 months ago
Linked from 1 awesome list

awesome-listblockchain-securitybugbountyethereumresearchsmart-contractssolidity

Blogs

Ethernaut CTF walkthrough with Brownie framework
Sizing Solidity Audits
Reversing Ethereum Smart Contracts
Emin Gün Sirer, professor in Cornell Tech’s IC3 lab focused on blockchain security.
Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects
Cybersecurity R&D firm with a blockchain security practice
Martin Swende, programmer and appsec consultant
Company blog about security issues and practices within blockchain ecosystem
Solidity Security: Comprehensive list of known attack vectors
Use cryptography in mobile apps the right way
Subzero is an HSM-backed method for cold storage of Bitcoin developed by Square
Contract upgrade anti-patterns
How the winner got Fomo3D prize — A Detailed Explanation
How to debug Solidity Smart Contracts with Tenderly and Truffle
Lashing out at a Spank Channel
Malicious GasToken Minting
Missing return value bug in ERC20 tokens
Not A Fair Game – Fairness Analysis of Dice2win
Initial Formal Verification of Ethereum Casper Protocol
Security considerations for Shamir's secret sharing
SmartDec smart contract audit beginner's guide
The Anatomy of a Block Stuffing Attack
The phenomenon of smart contract honeypots
Use our suite of Ethereum security tools
Vertcoin (VTC) was successfully 51% attacked
Smart contract security audit: tips & tricks

Papers

Security Strengths and Weaknesses of Blockchain Smart Contract System: A Survey
Ethereum smart contract security research: survey and future research opportunities
Smart contract security: A software lifecycle perspective
Ethainter: a smart contract security analyzer for composite vulnerabilities
NeuCheck: A more practical Ethereum smart contract security analysis tool
Smart contract: Attacks and protections
Smart contract vulnerability analysis and security audite
Security analysis methods on ethereum smart contract vulnerabilities: a survey
Smart contract privacy protection using AI in cyber-physical systems: tools, techniques and challenges
LedgerHedger: Gas Reservation for Smart-Contract Security
Combining graph neural networks with expert knowledge for smart contract vulnerability detection
Security checklists for Ethereum smart contract development: patterns and best practices
Exploring Security Practices of Smart Contract Developers

Books

Fundamentals of Smart Contract Security
Hands-On Smart Contract Development with Solidity and Ethereum
Mastering Ethereum

Books / Security Journal list

[web] IEEE Transactions on Information Forensics and Security
[web] Computer & Security
[web] IET Information Security
[web] ACM Transactions on Information and System Security
[web] International Journal of Information Security
[web] Security and Communication Networks
[web] IEEE Security & Privacy
[web] IEEE Transactions on Dependable and Secure Computing
[web] Security and Communication Networks
[web] Computer Fraud & Security

Trainings

SEC554: Blockchain and Smart Contract Security
SecDim
Ethereum Smart Contract Security
Solidity, Blockchain, and Smart Contract Course
Smart Contract Security 101
Certified Blockchain Security Professional (CBSP)
Learn blockchain security

Tools / Visualization

ethereum-graph-debugger 352 over 1 year ago A graphical EVM debugger. Displays the entire program control flow graph
Slither 5,340 12 days ago Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
Solgraph 1,019 almost 2 years ago Generates DOT graphs with function control flow of a solidity contract
Surya 1,088 2 months ago Generates various visual outputs of function call graphs
sol-function-profiler 80 about 6 years ago Solidity contract function profiler

Tools / Verification

KEVM 509 9 days ago K Semantics of the Ethereum Virtual Machine (EVM)
Manticore 3,697 about 1 year ago Symbolic execution tool for EVM

Tools / Linters

Remix Browser-based Solidity IDE with linting features
SmarrtCheck A linter for Solidity and Vyper that checks code for security issues and bad practices
Solhint 1,042 3 days ago Linter for both security and style-guide validations. It strictly adheres to the
Solium 927 over 1 year ago Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide

Tools / BugHunting

Web3 Decoder 110 about 2 years ago Web3 Decoder is a Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3
Echidna 2,749 11 days ago Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts
Manticore 3,697 about 1 year ago Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws
Mythril OSS 3,890 about 1 month ago Open-source security analysis tool for Ethereum smart contracts built around detector modules
Securify v2.0 588 12 months ago Static analysis tool from ChainSecurity
Slither 5,340 12 days ago Static analysis framework, written in Python, with detectors for many common Solidity issues
Octopus 479 12 months ago : Blockchain Smart Contracts (BTC/ETH/NEO/EOS)
L3X 63 about 2 months ago AI-driven Smart Contract Static Analyzer

Tools / Reverse Engineering

abi-decompiler 217 over 2 years ago EVM reverse engineering helper utility
ethereum-dasm 219 over 5 years ago EVM disassembler with static and dynamic analysis abilities, including function signature lookup
Ethersplay 842 about 1 year ago Visual disassembler for EVM bytecode built on Binary Ninja
evmlab 366 over 5 years ago Utilities for interacting with the Ethereum virtual machine
IDA-EVM 308 10 months ago IDA plugin to view EVM instructions
Panoramix 814 4 months ago Ethereum decompiler
pyevmasm 362 6 months ago EVM assembler and disassembler with a CLI and a Python API
Rattle 350 about 1 year ago EVM binary static analysis framework. Produces SSA representations of EVM code
Solidity Bytes32 Converter Online Convert Solidity bytes32 to utf8 string or integers and vice versa
Online Solidity ABI Encoder Online Solidity ABI Encoder to encode smart contract arguments, and also perform read and write operations on the blockchain
Ethereum Unit Converter Online tool to convert the different ethereum denominations (wei, gwei, ether)

Labs

Smart Contract Labs
ChainLink Lab
A lab that focuses on smart contract security 3 almost 6 years ago

Capture the Flag and Wargames

Capture the Ether
The Ethernaut
Etherhack
Security Innovation Blockchain CTF
Ciphershastra CTF
Defi Hack
Gacha Lab (BSC Testnet)
Damn Vulnerable DeFi

Talks

6th Workshop on Trusted Smart Contracts
Smart Contract Security: a Practitioners’ Perspective
Predicting Random Numbers in Ethereum Smart Contracts
Blockchain Autopsies - Analyzing Smart Contract Deaths 1,486 4 days ago
Rattle - an EVM binary analysis framework
Blackhat Ethereum 1,486 4 days ago
Smashing Ethereum Smart Contracts for Fun and Profit 168 over 5 years ago
Automatic Bug Finding for the Blockchain 1,486 4 days ago

Misc

Security Pitfalls & Best Practices 201
Hacking Smart Contracts: Beginners Guide
Security Pitfalls & Best Practices 101
A guide to smart contract security best practices 7,515 4 months ago
Decentralized Application Security Project (or DASP) Top 10
Solidity Security Considerations
A Collection of Vulnerabilities in ERC20 Smart Contracts 614 9 months ago
Examples of Solidity security issues 2,158 over 1 year ago
A guide to smart contract security best practices 7,515 4 months ago
A guide to EOS smart contract security best practices 395 almost 3 years ago

Podcasts

CoinSec Podcast
The Smartest Contract
Zero Knowledge

Cheat Sheets

Solidity Cheat Sheet
Solidity Cheatsheet and Best practices 1,461 almost 2 years ago
Ethereum Cheat Sheet
The Ultimate Blockchain Cheat Sheet

Checklists

Solidity Auditing Checklistt 353 over 1 year ago
SMART CONTRACT SECURITY CHECKLIST
Smart Contract Security Audit: Intro & Top 5 Best Practices
Smart Contract Security Verification Standard
Security checklists for Ethereum smart contract development

Bug Bounty Platforms & Project

Immunefi
hackenproof
ETHEREUM Bounty Program
Etherscan Bugbounty Program
Parity Bug Bounty Program
Gitcoint project
Code Arena Bugbounty project
Smartlink Dapps
Bug Rap
Bug Bounty Programs 2023

Backlinks from these awesome lists:

More related projects: