💾

2025-05-17 14:10:32 -04:00 · 2023-03-15 10:58:19 -07:00 · 2023-03-15 10:58:19 -07:00 · a9a8719fd3
commit a9a8719fd3
parent ef66198fcf d8ca1b8615
4 changed files with 128 additions and 25 deletions
--- a/README.md
+++ b/README.md
@ -1,9 +1,13 @@
+<<<<<<< HEAD
 # ⛓🍕 blockchain hacking
+=======
+# ⛓🍕 blockchain hacking for the honorable
+>>>>>>> d8ca1b8615d74bdcbf8ffa195274badf57597f85

 <br>

 <p align="center">
-<img src="https://user-images.githubusercontent.com/1130416/210285206-1097fed8-568b-4514-97a2-832924686bc4.png" width="50%" align="center" style="padding:1px;border:1px solid black;"/>
+<img src="https://user-images.githubusercontent.com/1130416/210285206-1097fed8-568b-4514-97a2-832924686bc4.png" width="40%" align="center" style="padding:1px;border:1px solid black;"/>
 </p>


@ -12,16 +16,14 @@
 <br>


---
-## tl; dr
+### tl; dr:

-<br>

-#### 👾 this repository contains resources for blockchain white hackers or gray hackers.
+##### 👾 this repository is a catalog from my own (free time / out-of-curiosity) research and development. i open-source it to fight some lousy actors' agenda to conceal the space. there are a lot of just people working on making ensure stays fair. if you are passionate about decentralization and self-sovereignty, don't be intimidated by the toxicity in the space: do your homework and join us (we need you).

-#### 👾 for mev-related resources, check out [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit). to learn blockchain development, check out [web3-toolkit-rs](https://github.com/go-outside-labs/web3-toolkit-rs), [web3-toolkit-py](https://github.com/go-outside-labs/web3-toolkit-py), [web3-toolkit-go](https://github.com/go-outside-labs/web3-toolkit-go), and [web3-toolkit-sol](https://github.com/go-outside-labs/web3-toolkit-sol).

-#### ⚠️ the resources in this repository are from my own ongoing boundless research. therefore, no guarantees, no promises; use it at your own risk.
+##### 🏴‍☠️ if you are interested on mev-related resources, check out our [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit). as everything in life, the *most valuable commodity is information*. 
+



@ -29,38 +31,50 @@

 ---

-## ☠️✨ dirs in this repo
+### I. learn the basics

-<br>
-
-* [cosmos](cosmos)
-* [attack reviews](attack_reviews)
-* [cryptography](cryptography)
-* [decentralized storage](decentralized_storage)
-* [dynamic analysis](dynamic_analysis)
-* [the evm && opcodes](evm_and_opcodes)
-* [gray hacker tools](gray_hat_tools)
-* [hardhat](hardhat)
-* [l2s && rollups](l2_and_rollups)
 * [oracles](oracles)
-* [solana](solana)
-* [static analysis](static_analysis)
+* [cryptography](cryptography)
+* [l2s && rollups](l2_and_rollups)
+* [the evm && opcodes](evm_and_opcodes)
+* [decentralized storage](decentralized_storage)
 * [vulnerabilities](vulnerabilities)


+<br>
+
+### II. learn the tools
+
+
+* [environments](environments)
+* [identity hacking](gray_hat_tools)
+* [static analysis](static_analysis)
+* [dynamic analysis](dynamic_analysis)
+* [hacking by chains](hacking_by_chains)
+
+
+
+
+<br>
+
+### III. learn from history
+
+* [bug hunting](bug_hunting)
+* [attack reviews](attack_reviews)
+
+

 <br>


 ---

-## ☠️✨ hacking tools
+### hacking tools

 <br>

 * [Ethstats](https://ethstats.net/)
 * [EthTx Transaction Decoder](https://ethtx.info/)
-* [Solidity decomposer](https://ethervm.io/decompile)
 * [Eth converter](https://eth-converter.com/)
 * [Contracts diff checker](https://etherscan.io/contractdiffchecker)
 * [Mutation Testing for Ethereum Smart Contracts](https://github.com/JoranHonig/vertigo)
@ -129,7 +143,7 @@

 ----

-## ☠️✨ security resources
+### security resources

 <br>

@ -175,7 +189,7 @@

 ---

-## ☠️✨ practicing your hacking skils
+### practicing your hacking skils

 <br>

--- a/attack_reviews/README.md
+++ b/attack_reviews/README.md
@ -21,3 +21,4 @@
 * [analyzing an mev bot’s arbitrage on ethereum](https://medium.com/@etdu/analyzing-an-mev-bots-arbitrage-on-ethereum-c6980cfd347)
 * [246 findings from our smart Ccntract audits](https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/)
 * [probabilistic liquidity attacks, by t. chitra et al](https://drive.google.com/file/d/1kCsmC52Jbhj8bpQMMo3-Z92P6L5E5hxl/view)
+* [investigating defi frauds and money laundering](https://arxiv.org/pdf/2303.00810.pdf)
--- a/bug_hunting/README.md
+++ b/bug_hunting/README.md
@ -0,0 +1,38 @@
+## bug hunting smart contracts
+
+<br>
+
+### initial questions  
+
+<br>
+
+* list `external` and `public` functions. 
+* when and where external call happens and what changes.
+* check `payable` functions.
+* how functions are accessed (permissions by who).
+* follow the flow for transfers.
+
+<br>
+
+### look for common vulnerabilities
+
+<br>
+
+* reentrancy with flashloans, fallbacks, payables.
+* access control.
+* arithmetic errors.
+
+<br>
+
+### create an enviroment for testing
+
+<br>
+
+* static analysis
+* fuzzing and poc exploits (use foundry)
+
+<br>
+
+---
+
+### resources
--- a/hacking_tools/README.md
+++ b/hacking_tools/README.md
@ -0,0 +1,50 @@
+## hacking tools
+
+<br>
+
+* [Ethstats](https://ethstats.net/)
+* [EthTx Transaction Decoder](https://ethtx.info/)
+* [Eth converter](https://eth-converter.com/)
+* [Contracts diff checker](https://etherscan.io/contractdiffchecker)
+* [Mutation Testing for Ethereum Smart Contracts](https://github.com/JoranHonig/vertigo)
+* [Ethereum nodes](https://ethereumnodes.com/)
+* [ERC20 verifier](https://erc20-verifier.openzeppelin.com/) and [the source code](https://github.com/tinchoabbate/slither-scripts/tree/master/erc20)
+* [ANKR RPC gateway](ankr.com/rpc/)
+* [burp's web3 decoder](https://github.com/nccgroup/web3-decoder)
+* [Oyente, analysis Tool for Smart Contracts](https://github.com/enzymefinance/oyente)
+* [Trail of Bits' Ethereum Security Toolbox](https://github.com/trailofbits/eth-security-toolbox)
+* [Securify, Security scanner for Ethereum smart contracts](https://github.com/eth-sri/securify2)
+* [Surya, A Solidity Inspector](https://github.com/ConsenSys/surya)
+* [Octopus, Security Analysis tool for WebAssembly](https://github.com/pventuzelo/octopus)
+* [ETK, EVM toolkit](https://github.com/quilt/etk)
+* [Pyevmasm, EVM disassembler and assembler](https://github.com/crytic/pyevmasm)
+* [Verx, smart contract verifier](http://verx.ch/)
+* [Semgrep rules for smart contracts](https://github.com/Raz0r/semgrep-smart-contracts)
+* [ETH detective](https://www.ethtective.com/address/)
+* [EVM-trace, Ethereum Virtual Machine transaction tracing tool](https://github.com/ApeWorX/evm-trace)
+* [Sleuthing Hashed Function Signature and Event Signature on Ethereum](https://dune.com/agaperste/event-and-function-signature-sleuthing?)
+* [Pratical overview of classic system security](http://www.astro.sunysb.edu/steinkirch/books/security_hw.txt)
+* [socketscan, track bridge transactions](https://socketscan.io/)s
+* [Solhint, a linter for Solidity](https://github.com/protofire/solhint)
+* [Solidity coverage tool](https://github.com/sc-forks/solidity-coverage)
+* [JSON formatter](https://jsonformatter.curiousconcept.com/)
+* [Craft requests from curl commands](https://reqbin.com/)
+* [Tools by Notonly.owner](https://www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum)
+* [Ethereum Developer Tools List](https://github.com/ConsenSys/ethereum-developer-tools-list)
+* [Immunefi scrapper](https://github.com/pratraut/scrapyFi)
+* [Crystal Blockchain](https://explorer.crystalblockchain.com/)
+* [0XT](https://oxt.me/)
+* [Impersonator](https://www.impersonator.xyz/)
+* [CIA Officer's DeFi Roadmap](https://github.com/OffcierCia/DeFi-Developer-Road-Map#transaction-visualization-scoring--tracking)
+* [Mnemonic Code Converter](https://iancoleman.io/bip39/)
+* [Tornado Cash Pool Anonymity Auditor](https://tutela.xyz/)
+* [Cryptocurrency historical data snapshot](https://coinmarketcap.com/historical/)
+* [Explain shell](https://explainshell.com/)
+* [revoke.cash](https://revoke.cash/)
+* [breadcrumbs](https://www.breadcrumbs.app/home)
+* [cookbook.dev](https://www.cookbook.dev/)
+* [detect metamorphic contracts](https://metamorphic.a16zcrypto.com/)
+* [rpcs list by privacy](https://chainlist.org/)
+* [tenderly](https://dashboard.tenderly.co/)
+* [token security detector](https://gopluslabs.io/token-security/)
+* [smart contract explorers](https://sovs.notion.site/Block-Smart-Contract-Explorers-8dcaed059c844e3b8f9b67b8eb90174a)