From 6280977c5217232c6aa1ba8e823b74948a2ecb4d Mon Sep 17 00:00:00 2001
From: "dr. mia von steinkirch, phd"
<1130416+mvonsteinkirch@users.noreply.github.com>
Date: Fri, 17 Feb 2023 16:19:49 -0800
Subject: [PATCH 01/10] add bug hunting
---
README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/README.md b/README.md
index f261e56..ede2439 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,7 @@
* [solana](solana)
* [static analysis](static_analysis)
* [vulnerabilities](vulnerabilities)
+* [bug hunting](bug_hunting)
From 7027f61a109b9d018617b03ee1f8328130e6dcd9 Mon Sep 17 00:00:00 2001
From: "dr. mia von steinkirch, phd"
<1130416+mvonsteinkirch@users.noreply.github.com>
Date: Fri, 17 Feb 2023 16:25:12 -0800
Subject: [PATCH 02/10] add bug bounty list
---
bug_hunting/README.md | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
create mode 100644 bug_hunting/README.md
diff --git a/bug_hunting/README.md b/bug_hunting/README.md
new file mode 100644
index 0000000..39eb186
--- /dev/null
+++ b/bug_hunting/README.md
@@ -0,0 +1,38 @@
+## bug hunting smart contracts
+
+
+
+### initial questions
+
+
+
+* list `external` and `public` functions.
+* when and where external call happens and what changes.
+* check `payable` functions.
+* how functions are accessed (permissions by who).
+* follow the flow for transfers.
+
+
+
+### look for common vulnerabilities
+
+
+
+* reentrancy with flashloans, fallbacks, payables.
+* access control.
+* arithmetic errors.
+
+
+
+### create an enviroment for testing
+
+
+
+* static analysis
+* fuzzing and poc exploits (use foundry)
+
+
+
+---
+
+### resources
From d02afc7a84266990bf8e63d31093bd13c4fa2e4a Mon Sep 17 00:00:00 2001
From: osiris137 <126850716+osiris137@users.noreply.github.com>
Date: Tue, 7 Mar 2023 09:27:10 -0800
Subject: [PATCH 03/10] Update README.md
---
README.md | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/README.md b/README.md
index ede2439..28b6af5 100644
--- a/README.md
+++ b/README.md
@@ -17,11 +17,9 @@
-#### 👾 this repository contains resources for blockchain white hackers or gray hackers.
+##### 👾 this repository contains resources for blockchain white hackers or gray hackers. for mev-related resources, check out [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit).
-#### 👾 for mev-related resources, check out [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit). to learn blockchain development, check out [web3-toolkit-rs](https://github.com/go-outside-labs/web3-toolkit-rs), [web3-toolkit-py](https://github.com/go-outside-labs/web3-toolkit-py), [web3-toolkit-go](https://github.com/go-outside-labs/web3-toolkit-go), and [web3-toolkit-sol](https://github.com/go-outside-labs/web3-toolkit-sol).
-
-#### ⚠️ the resources in this repository are from my own ongoing boundless research. therefore, no guarantees, no promises; use it at your own risk.
+##### ⚠️ the resources in this repository are from my own (free time / out-of-curiosity) research. use it at your own risk.
@@ -29,7 +27,7 @@
---
-## ☠️✨ dirs in this repo
+### dirs in this repo
@@ -55,7 +53,7 @@
---
-## ☠️✨ hacking tools
+### hacking tools
@@ -130,7 +128,7 @@
----
-## ☠️✨ security resources
+### security resources
@@ -176,7 +174,7 @@
---
-## ☠️✨ practicing your hacking skils
+### practicing your hacking skils
From 9f63b828cbc4b1e5b35e818266e2e6f1a39702d0 Mon Sep 17 00:00:00 2001
From: osiris137 <126850716+osiris137@users.noreply.github.com>
Date: Tue, 7 Mar 2023 09:29:31 -0800
Subject: [PATCH 04/10] Update README.md
---
README.md | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 28b6af5..4a32592 100644
--- a/README.md
+++ b/README.md
@@ -12,14 +12,13 @@
----
## tl; dr
-##### 👾 this repository contains resources for blockchain white hackers or gray hackers. for mev-related resources, check out [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit).
+##### 👾 this repository contains resources for blockchain gray hackers. check out [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit) as well.
-##### ⚠️ the resources in this repository are from my own (free time / out-of-curiosity) research. use it at your own risk.
+##### ⚠️ these are from my own (free time / out-of-curiosity) research. use it at your own risk.
From c6d233972780d267a364657fe3a21afb003f221a Mon Sep 17 00:00:00 2001
From: "steinkirch.eth" <1130416+mvonsteinkirch@users.noreply.github.com>
Date: Wed, 8 Mar 2023 20:45:26 -0800
Subject: [PATCH 05/10] investigating defi frauds and money laundering
---
attack_reviews/README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/attack_reviews/README.md b/attack_reviews/README.md
index a823023..3e96088 100644
--- a/attack_reviews/README.md
+++ b/attack_reviews/README.md
@@ -21,3 +21,4 @@
* [analyzing an mev bot’s arbitrage on ethereum](https://medium.com/@etdu/analyzing-an-mev-bots-arbitrage-on-ethereum-c6980cfd347)
* [246 findings from our smart Ccntract audits](https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/)
* [probabilistic liquidity attacks, by t. chitra et al](https://drive.google.com/file/d/1kCsmC52Jbhj8bpQMMo3-Z92P6L5E5hxl/view)
+* [investigating defi frauds and money laundering](https://arxiv.org/pdf/2303.00810.pdf)
From 4e0f5deb4d36751a18e1164c7d657e74d4705ada Mon Sep 17 00:00:00 2001
From: osiris137 <126850716+osiris137@users.noreply.github.com>
Date: Thu, 9 Mar 2023 08:16:24 -0800
Subject: [PATCH 06/10] https://ethervm.io/decompile
---
README.md | 1 -
1 file changed, 1 deletion(-)
diff --git a/README.md b/README.md
index 4a32592..3b33c71 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,6 @@
* [Ethstats](https://ethstats.net/)
* [EthTx Transaction Decoder](https://ethtx.info/)
-* [Solidity decomposer](https://ethervm.io/decompile)
* [Eth converter](https://eth-converter.com/)
* [Contracts diff checker](https://etherscan.io/contractdiffchecker)
* [Mutation Testing for Ethereum Smart Contracts](https://github.com/JoranHonig/vertigo)
From 7c82af2ef893ca9326b2183d1cec34b506eb6482 Mon Sep 17 00:00:00 2001
From: "motherofbots.eth" <127235106+lilith377@users.noreply.github.com>
Date: Wed, 15 Mar 2023 10:49:17 -0700
Subject: [PATCH 07/10] Update README.md
---
README.md | 46 ++++++++++++++++++++++++++++------------------
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/README.md b/README.md
index 3b33c71..869848e 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,9 @@
-# 🧱⛓☠️ blockchain hacking
+# ⛓🍕 blockchain hacking for the honorable
-
+
@@ -12,13 +12,14 @@
-## tl; dr
+### tl; dr:
-
-##### 👾 this repository contains resources for blockchain gray hackers. check out [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit) as well.
+##### 👾 this repository is a catalog from my own (free time / out-of-curiosity) research and development. i open-source it to fight some lousy actors' agenda to conceal the space. there are a lot of just people working on making ensure stays fair. if you are passionate about decentralization and self-sovereignty, don't be intimidated by the toxicity in the space: do your homework and join us (we need you).
+
+
+##### 🏴☠️ if you are interested on mev-related resources, check out our [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit). as everything in life, the *most valuable commodity is information*.
-##### ⚠️ these are from my own (free time / out-of-curiosity) research. use it at your own risk.
@@ -26,24 +27,33 @@
---
-### dirs in this repo
+### I. learn the basics
+
+* [oracles](oracles)
+* [cryptography](cryptography)
+* [l2s && rollups](l2_and_rollups)
+* [the evm && opcodes](evm_and_opcodes)
+* [decentralized storage](decentralized_storage)
+* [vulnerabilities](vulnerabilities)
+* [solana](solana)
+* [cosmos](cosmos)
-* [cosmos](cosmos)
-* [attack reviews](attack_reviews)
-* [cryptography](cryptography)
-* [decentralized storage](decentralized_storage)
-* [dynamic analysis](dynamic_analysis)
-* [the evm && opcodes](evm_and_opcodes)
-* [gray hacker tools](gray_hat_tools)
+### II. learn the tools
+
* [hardhat](hardhat)
-* [l2s && rollups](l2_and_rollups)
-* [oracles](oracles)
-* [solana](solana)
+* [gray hacker tools](gray_hat_tools)
* [static analysis](static_analysis)
-* [vulnerabilities](vulnerabilities)
+* [dynamic analysis](dynamic_analysis)
+
+
+
+
+### III. learn from history
+
* [bug hunting](bug_hunting)
+* [attack reviews](attack_reviews)
From 89c1f362ec0200d16023dad214075ade2f8ab393 Mon Sep 17 00:00:00 2001
From: "motherofbots.eth" <127235106+lilith377@users.noreply.github.com>
Date: Wed, 15 Mar 2023 10:50:36 -0700
Subject: [PATCH 08/10] Update README.md
---
README.md | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index 869848e..a87bb23 100644
--- a/README.md
+++ b/README.md
@@ -35,17 +35,20 @@
* [the evm && opcodes](evm_and_opcodes)
* [decentralized storage](decentralized_storage)
* [vulnerabilities](vulnerabilities)
-* [solana](solana)
-* [cosmos](cosmos)
+
### II. learn the tools
-* [hardhat](hardhat)
-* [gray hacker tools](gray_hat_tools)
+
+* [identity hacking](gray_hat_tools)
* [static analysis](static_analysis)
* [dynamic analysis](dynamic_analysis)
+* [solana](solana)
+* [cosmos](cosmos)
+* [hardhat](hardhat)
+
From 448c7d2b6ef2b4f0c4e5eedf3dab9a1a1a30bfbe Mon Sep 17 00:00:00 2001
From: "motherofbots.eth" <127235106+lilith377@users.noreply.github.com>
Date: Wed, 15 Mar 2023 10:57:17 -0700
Subject: [PATCH 09/10] Update README.md
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index a87bb23..b005fa8 100644
--- a/README.md
+++ b/README.md
@@ -42,12 +42,12 @@
### II. learn the tools
+* [environments](environments)
* [identity hacking](gray_hat_tools)
* [static analysis](static_analysis)
* [dynamic analysis](dynamic_analysis)
-* [solana](solana)
-* [cosmos](cosmos)
-* [hardhat](hardhat)
+* [hacking by chains](hacking_by_chains)
+
From d8ca1b8615d74bdcbf8ffa195274badf57597f85 Mon Sep 17 00:00:00 2001
From: "motherofbots.eth" <127235106+lilith377@users.noreply.github.com>
Date: Wed, 15 Mar 2023 10:57:56 -0700
Subject: [PATCH 10/10] Create README.md
---
hacking_tools/README.md | 50 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
create mode 100644 hacking_tools/README.md
diff --git a/hacking_tools/README.md b/hacking_tools/README.md
new file mode 100644
index 0000000..987d6c5
--- /dev/null
+++ b/hacking_tools/README.md
@@ -0,0 +1,50 @@
+## hacking tools
+
+
+
+* [Ethstats](https://ethstats.net/)
+* [EthTx Transaction Decoder](https://ethtx.info/)
+* [Eth converter](https://eth-converter.com/)
+* [Contracts diff checker](https://etherscan.io/contractdiffchecker)
+* [Mutation Testing for Ethereum Smart Contracts](https://github.com/JoranHonig/vertigo)
+* [Ethereum nodes](https://ethereumnodes.com/)
+* [ERC20 verifier](https://erc20-verifier.openzeppelin.com/) and [the source code](https://github.com/tinchoabbate/slither-scripts/tree/master/erc20)
+* [ANKR RPC gateway](ankr.com/rpc/)
+* [burp's web3 decoder](https://github.com/nccgroup/web3-decoder)
+* [Oyente, analysis Tool for Smart Contracts](https://github.com/enzymefinance/oyente)
+* [Trail of Bits' Ethereum Security Toolbox](https://github.com/trailofbits/eth-security-toolbox)
+* [Securify, Security scanner for Ethereum smart contracts](https://github.com/eth-sri/securify2)
+* [Surya, A Solidity Inspector](https://github.com/ConsenSys/surya)
+* [Octopus, Security Analysis tool for WebAssembly](https://github.com/pventuzelo/octopus)
+* [ETK, EVM toolkit](https://github.com/quilt/etk)
+* [Pyevmasm, EVM disassembler and assembler](https://github.com/crytic/pyevmasm)
+* [Verx, smart contract verifier](http://verx.ch/)
+* [Semgrep rules for smart contracts](https://github.com/Raz0r/semgrep-smart-contracts)
+* [ETH detective](https://www.ethtective.com/address/)
+* [EVM-trace, Ethereum Virtual Machine transaction tracing tool](https://github.com/ApeWorX/evm-trace)
+* [Sleuthing Hashed Function Signature and Event Signature on Ethereum](https://dune.com/agaperste/event-and-function-signature-sleuthing?)
+* [Pratical overview of classic system security](http://www.astro.sunysb.edu/steinkirch/books/security_hw.txt)
+* [socketscan, track bridge transactions](https://socketscan.io/)s
+* [Solhint, a linter for Solidity](https://github.com/protofire/solhint)
+* [Solidity coverage tool](https://github.com/sc-forks/solidity-coverage)
+* [JSON formatter](https://jsonformatter.curiousconcept.com/)
+* [Craft requests from curl commands](https://reqbin.com/)
+* [Tools by Notonly.owner](https://www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum)
+* [Ethereum Developer Tools List](https://github.com/ConsenSys/ethereum-developer-tools-list)
+* [Immunefi scrapper](https://github.com/pratraut/scrapyFi)
+* [Crystal Blockchain](https://explorer.crystalblockchain.com/)
+* [0XT](https://oxt.me/)
+* [Impersonator](https://www.impersonator.xyz/)
+* [CIA Officer's DeFi Roadmap](https://github.com/OffcierCia/DeFi-Developer-Road-Map#transaction-visualization-scoring--tracking)
+* [Mnemonic Code Converter](https://iancoleman.io/bip39/)
+* [Tornado Cash Pool Anonymity Auditor](https://tutela.xyz/)
+* [Cryptocurrency historical data snapshot](https://coinmarketcap.com/historical/)
+* [Explain shell](https://explainshell.com/)
+* [revoke.cash](https://revoke.cash/)
+* [breadcrumbs](https://www.breadcrumbs.app/home)
+* [cookbook.dev](https://www.cookbook.dev/)
+* [detect metamorphic contracts](https://metamorphic.a16zcrypto.com/)
+* [rpcs list by privacy](https://chainlist.org/)
+* [tenderly](https://dashboard.tenderly.co/)
+* [token security detector](https://gopluslabs.io/token-security/)
+* [smart contract explorers](https://sovs.notion.site/Block-Smart-Contract-Explorers-8dcaed059c844e3b8f9b67b8eb90174a)