mirror of
https://github.com/autistic-symposium/blockchains-security-toolkit.git
synced 2025-06-07 14:32:58 -04:00
add bug bounty list
This commit is contained in:
dr. mia von steinkirch, phd
GitHub
parent
6280977c52
commit
7027f61a10
1 changed files with 38 additions and 0 deletions
38
bug_hunting/README.md
Normal file
38
bug_hunting/README.md
Normal file
|
|
@ -0,0 +1,38 @@
|
||||||
|
## bug hunting smart contracts
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
### initial questions
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
* list `external` and `public` functions.
|
||||||
|
* when and where external call happens and what changes.
|
||||||
|
* check `payable` functions.
|
||||||
|
* how functions are accessed (permissions by who).
|
||||||
|
* follow the flow for transfers.
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
### look for common vulnerabilities
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
* reentrancy with flashloans, fallbacks, payables.
|
||||||
|
* access control.
|
||||||
|
* arithmetic errors.
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
### create an enviroment for testing
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
* static analysis
|
||||||
|
* fuzzing and poc exploits (use foundry)
|
||||||
|
|
||||||
|
<br>
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
### resources
|
||||||
Loading…
Add table
Add a link
Reference in a new issue