mirror of
https://github.com/autistic-symposium/blockchains-security-toolkit.git
synced 2025-05-30 20:14:31 -04:00
add bug bounty list
This commit is contained in:
dr. mia von steinkirch, phd
GitHub
parent
6280977c52
commit
7027f61a10
1 changed files with 38 additions and 0 deletions
38
bug_hunting/README.md
Normal file
38
bug_hunting/README.md
Normal file
|
|
@ -0,0 +1,38 @@
|
|||
## bug hunting smart contracts
|
||||
|
||||
<br>
|
||||
|
||||
### initial questions
|
||||
|
||||
<br>
|
||||
|
||||
* list `external` and `public` functions.
|
||||
* when and where external call happens and what changes.
|
||||
* check `payable` functions.
|
||||
* how functions are accessed (permissions by who).
|
||||
* follow the flow for transfers.
|
||||
|
||||
<br>
|
||||
|
||||
### look for common vulnerabilities
|
||||
|
||||
<br>
|
||||
|
||||
* reentrancy with flashloans, fallbacks, payables.
|
||||
* access control.
|
||||
* arithmetic errors.
|
||||
|
||||
<br>
|
||||
|
||||
### create an enviroment for testing
|
||||
|
||||
<br>
|
||||
|
||||
* static analysis
|
||||
* fuzzing and poc exploits (use foundry)
|
||||
|
||||
<br>
|
||||
|
||||
---
|
||||
|
||||
### resources
|
||||
Loading…
Add table
Add a link
Reference in a new issue