Git-Mirrors/blockchains-security-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/blockchains-security-toolkit.git synced 2025-05-17 22:20:29 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source
This commit is contained in:
dr. mia von steinkirch, phd 2023-02-07 09:41:35 -08:00 committed by GitHub
parent e612db9c8b
commit e0c8bc7441
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 99 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

187
README.md
View file

@ -11,19 +11,29 @@
<br>
### tl; dr
---
## tl; dr
#### the resources in this repository are from my own research, which is intermittent and boundless. therefore, no guarantees, no promises; use it at your own risk.
<br>
#### 👾 this repository contains resources for blockchain white hackers or gray hackers.
#### 👾 more mev-related resources, check out [mev-toolkit](https://github.com/go-outside-labs/mev-toolkit)
#### 👾 to learn blockchain development, check out [web3-toolkit-rs](https://github.com/go-outside-labs/web3-toolkit-rs), [web3-toolkit-py](https://github.com/go-outside-labs/web3-toolkit-py), [web3-toolkit-go](https://github.com/go-outside-labs/web3-toolkit-go), and [web3-toolkit-sol](https://github.com/go-outside-labs/web3-toolkit-sol).
#### ⚠️ the resources in this repository are from my own ongoing boundless research. therefore, no guarantees, no promises; use it at your own risk.
#### if you would like to learn blockchain development, check out [web3-toolkit-rs](https://github.com/go-outside-labs/web3-toolkit-rs), [web3-toolkit-py](https://github.com/go-outside-labs/web3-toolkit-py), [web3-toolkit-go](https://github.com/go-outside-labs/web3-toolkit-go), and [web3-toolkit-sol](https://github.com/go-outside-labs/web3-toolkit-sol).
<br>
---
### 🍩 dirs in this repo
## 🍩 dirs in this repo
<br>
* [cosmos](cosmos)
* [attack reviews](attack_reviews)
@ -43,96 +53,13 @@
<br>
----
### 🍔 all things security
* [SWC Registry](https://swcregistry.io/)
* [Blockchain Security Database](https://consensys.github.io/blockchainSecurityDB/)
* [Intro to Security first dev](https://www.youtube.com/watch?v=72K57I9yvyI)
* [Spoof tokens on Ethereum](https://medium.com/etherscan-blog/spoof-tokens-on-ethereum-c2ad882d9cf6)
* [Solidity security mind map](https://github.com/x676f64/secureum-mind_map)
* [Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/4.%20Pitfalls%20and%20Best%20Practices%20101.md)
* [Hacking the Blockchain by Immunefi](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b)
* [Uniswap Oracle Attack Simulator by Euler](https://blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af)
* [Thinking About Smart Contract Security by Vitalik](https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/)
* [Advanced Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/5.%20Pitfalls%20and%20Best%20Practices%20201.md)
* [The Evolution of Smart Contract Security](https://www.youtube.com/watch?v=fOkQuNzVn_Q)
* [Audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/7.%20Audit%20Findings%20101.md)
* [Advanced audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/8.%20Audit%20Findings%20201.md)
* [Video on audit findings](https://www.youtube.com/watch?v=SromSImIpHE)
* [Sigp public audits](https://github.com/sigp/public-audits)
* [The Dangers of Price Oracles in Smart Contracts](https://www.youtube.com/watch?v=YGO7nzpXCeA&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=5)
* [Strategies for Secure Governance with Smart Contracts](https://www.youtube.com/watch?v=GbDAmMdmh8Q&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=6)
* [Security in Upgrades of Smart Contracts](https://www.youtube.com/watch?v=5WE6PEc305w&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=7)
* [Onward with Smart Contract Security](https://www.youtube.com/watch?v=RipXdV7vygs&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=8)
* [Publications from Trail of Bits](https://github.com/trailofbits/publications#blockchain)
* [Smart contract security fundamentals by OpenZeppelin](https://www.youtube.com/playlist?list=PLBy3Qkuapv_7R1ZI_Cs2NOFn7ZTaNWY6G)
* [White Hat panel: DeFi exploits](https://www.youtube.com/watch?v=Df2zzfoTfMc)
* [Smart contract audit checklist](https://consensys.net/diligence/blog/2019/09/how-to-prepare-for-a-smart-contract-audit/)
* [Another audit checklist](https://github.com/nascentxyz/simple-security-toolkit)
* [Ethereum signature database](https://www.4byte.directory/)
* [OpSec SelfGuard RoadMap](https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap)
* [The Solcurity Standard](https://github.com/Rari-Capital/solcurity)
* [Smart Contract Security Verification Standard](https://github.com/securing/SCSVS)
* [SecurETH Guidelines](https://guidelines.secureth.org/)
* [REKT leaderboard](https://rekt.news/leaderboard/)
* [Smart Contract Attack Vectors](https://github.com/KadenZipfel/smart-contract-attack-vectors)
* [List of known attack vectors](https://blog.sigmaprime.io/solidity-security.html)
* [Awesome Ethereum security](https://github.com/crytic/awesome-ethereum-security)
* [Bug Bounty 101](https://www.youtube.com/watch?v=S-Z2iwbT1Fg)
* [DeFi hacks analysis and root causes](https://wooded-meter-1d8.notion.site/0e85e02c5ed34df3855ea9f3ca40f53b?v=22e5e2c506ef4caeb40b4f78e23517ee)
<br>
---
### 🍟 practice your hacking skils
* [Capture the Ether](https://capturetheether.com/)
* [the ethernaut](https://ethernaut.openzeppelin.com/)
* [Paradigm CTF 2022](https://github.com/paradigmxyz/paradigm-ctf-2022) and [Paradigm CTF 2021](https://github.com/paradigm-operations/paradigm-ctf-2021).
* [Damn vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)
* [A collection of EVM puzzles](https://github.com/fvictorio/evm-puzzles)
* [Gamefication vault](https://hats.finance/gamification)
* [Cipher Shastra](https://ciphershastra.com/)
* [Etherhack](https://etherhack.positive.com/#/)
* [DeFiHack.xyz](https://www.defihack.xyz/)
* [w3b s3c](https://www.w3bs3c.com/tools)
* [Crypto blacklist](https://www.cryptoblacklist.io/en/ethereum-blacklist/)
* [Vyper Punk](https://github.com/SupremacyTeam/VyperPunk)
* [more blockchain ctfs](https://github.com/minaminao/ctf-blockchain/)
* [list of blockchain CTF competitions](https://github.com/blockthreat/blocksec-ctfs)
## 🥓 hacking tools
<br>
---
### 🥞 contracts of interest
* [Uniswap v3](https://github.com/Uniswap/v3-core/tree/main/contracts)
* [Chainlink](https://github.com/smartcontractkit/chainlink/tree/develop/contracts/src/v0.4)
* [Fei protocol](https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts)
* [OpenZeppelin's ERC-20](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol)
* [OpenZeppelin's ERC-721](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol)
* [Immunefi notes on the ERC token standard](https://medium.com/immunefi/how-erc-standards-work-part-1-c9795803f459)
* [Security contracts from OpenZeppelin](https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/security)
* [Smart contracts attack vectors](https://github.com/kadenzipfel/smart-contract-attack-vectors)
<br>
---
### 🥓 relevant hacking tools
* [Ethstats](https://ethstats.net/)
* [EthTx Transaction Decoder](https://ethtx.info/)
* [Solidity decomposer](https://ethervm.io/decompile)
@ -199,5 +126,89 @@
* [cosmographs](https://cosmograph.app/)
* [ice vision](https://www.icevision.xyz/landing)
<br>
----
## 🍔 security resources
<br>
* [SWC Registry](https://swcregistry.io/)
* [Blockchain Security Database](https://consensys.github.io/blockchainSecurityDB/)
* [Intro to Security first dev](https://www.youtube.com/watch?v=72K57I9yvyI)
* [Spoof tokens on Ethereum](https://medium.com/etherscan-blog/spoof-tokens-on-ethereum-c2ad882d9cf6)
* [Solidity security mind map](https://github.com/x676f64/secureum-mind_map)
* [Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/4.%20Pitfalls%20and%20Best%20Practices%20101.md)
* [Hacking the Blockchain by Immunefi](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b)
* [Uniswap Oracle Attack Simulator by Euler](https://blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af)
* [Thinking About Smart Contract Security by Vitalik](https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/)
* [Advanced Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/5.%20Pitfalls%20and%20Best%20Practices%20201.md)
* [The Evolution of Smart Contract Security](https://www.youtube.com/watch?v=fOkQuNzVn_Q)
* [Audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/7.%20Audit%20Findings%20101.md)
* [Advanced audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/8.%20Audit%20Findings%20201.md)
* [Video on audit findings](https://www.youtube.com/watch?v=SromSImIpHE)
* [Sigp public audits](https://github.com/sigp/public-audits)
* [The Dangers of Price Oracles in Smart Contracts](https://www.youtube.com/watch?v=YGO7nzpXCeA&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=5)
* [Strategies for Secure Governance with Smart Contracts](https://www.youtube.com/watch?v=GbDAmMdmh8Q&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=6)
* [Security in Upgrades of Smart Contracts](https://www.youtube.com/watch?v=5WE6PEc305w&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=7)
* [Onward with Smart Contract Security](https://www.youtube.com/watch?v=RipXdV7vygs&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=8)
* [Publications from Trail of Bits](https://github.com/trailofbits/publications#blockchain)
* [Smart contract security fundamentals by OpenZeppelin](https://www.youtube.com/playlist?list=PLBy3Qkuapv_7R1ZI_Cs2NOFn7ZTaNWY6G)
* [White Hat panel: DeFi exploits](https://www.youtube.com/watch?v=Df2zzfoTfMc)
* [Smart contract audit checklist](https://consensys.net/diligence/blog/2019/09/how-to-prepare-for-a-smart-contract-audit/)
* [Another audit checklist](https://github.com/nascentxyz/simple-security-toolkit)
* [Ethereum signature database](https://www.4byte.directory/)
* [OpSec SelfGuard RoadMap](https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap)
* [The Solcurity Standard](https://github.com/Rari-Capital/solcurity)
* [Smart Contract Security Verification Standard](https://github.com/securing/SCSVS)
* [SecurETH Guidelines](https://guidelines.secureth.org/)
* [REKT leaderboard](https://rekt.news/leaderboard/)
* [Smart Contract Attack Vectors](https://github.com/KadenZipfel/smart-contract-attack-vectors)
* [List of known attack vectors](https://blog.sigmaprime.io/solidity-security.html)
* [Awesome Ethereum security](https://github.com/crytic/awesome-ethereum-security)
* [Bug Bounty 101](https://www.youtube.com/watch?v=S-Z2iwbT1Fg)
* [DeFi hacks analysis and root causes](https://wooded-meter-1d8.notion.site/0e85e02c5ed34df3855ea9f3ca40f53b?v=22e5e2c506ef4caeb40b4f78e23517ee)
<br>
---
## 🍟 practicing your hacking skils
<br>
* [Capture the Ether](https://capturetheether.com/)
* [the ethernaut](https://ethernaut.openzeppelin.com/)
* [Paradigm CTF 2022](https://github.com/paradigmxyz/paradigm-ctf-2022) and [Paradigm CTF 2021](https://github.com/paradigm-operations/paradigm-ctf-2021).
* [Damn vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)
* [A collection of EVM puzzles](https://github.com/fvictorio/evm-puzzles)
* [Gamefication vault](https://hats.finance/gamification)
* [Cipher Shastra](https://ciphershastra.com/)
* [Etherhack](https://etherhack.positive.com/#/)
* [DeFiHack.xyz](https://www.defihack.xyz/)
* [w3b s3c](https://www.w3bs3c.com/tools)
* [Crypto blacklist](https://www.cryptoblacklist.io/en/ethereum-blacklist/)
* [Vyper Punk](https://github.com/SupremacyTeam/VyperPunk)
* [more blockchain ctfs](https://github.com/minaminao/ctf-blockchain/)
* [list of blockchain CTF competitions](https://github.com/blockthreat/blocksec-ctfs)
##### contracts of interest
* [Uniswap v3](https://github.com/Uniswap/v3-core/tree/main/contracts)
* [Chainlink](https://github.com/smartcontractkit/chainlink/tree/develop/contracts/src/v0.4)
* [Fei protocol](https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts)
* [OpenZeppelin's ERC-20](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol)
* [OpenZeppelin's ERC-721](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol)
* [Immunefi notes on the ERC token standard](https://medium.com/immunefi/how-erc-standards-work-part-1-c9795803f459)
* [Security contracts from OpenZeppelin](https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/security)
* [Smart contracts attack vectors](https://github.com/kadenzipfel/smart-contract-attack-vectors)
<br>