# 🧱⛓☠️ 1337 blockchain hacker toolkit

<br>

## 🍩 sections in this repo

<br>

#### ethereum

<br>

* [solidity](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/master_solidity)
* [the evm and opcodes](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/evm_and_opcodes)


<br>

#### other chains

* [solana](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/solana)

<br>

#### tools

<br>

* [static analysis](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/static_analysis_tools)
* [dynamic analysis](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/dynamic_analysis_tools)
* [foundry](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/foundry)
* [tenderly](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/tenderly)
* [oracles](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/oracles)

<br>

#### general

<br>

* [vulnerabilities](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/vulnerabilities)
* [top immunefi vulns](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/top_immunefi_vulnerabilities)
* [gray hacker stuff](https://github.com/bt3gl-labs/1337_blockchain_hacker_toolkit/tree/main/gray_hat_stuff)

<br>

---

## 🍧 resources

<br>

### the evm 

<br>

* [EVM opcodes](https://github.com/crytic/evm-opcodes)
* [Ethereum book](https://github.com/ethereumbook/ethereumbook)
* [Ethereum's Whitepaper](https://ethereum.org/en/whitepaper/)
* [Understanding rollups](https://barnabe.substack.com/p/understanding-rollup-economics-from?s=r)
* [Speeding up the EVM by Flashbots](https://writings.flashbots.net/research/speeding-up-evm-part-1/)

<br>

---

### solidity 

<br>

* [Solidity docs](https://docs.soliditylang.org/en/v0.8.12/)
* [OpenZeppelin docs](https://docs.openzeppelin.com/)
* [Solidity by example](https://solidity-by-example.org/)
* [Solidity style guide](https://docs.soliditylang.org/en/latest/style-guide.html)
* [Solidity 201 primitives](https://github.com/x676f64/secureum-mind_map/blob/master/3.%20Solidity%20201.md)
* [Solidity Python course](https://www.youtube.com/watch?v=M576WGiDBdQ)
* [Solidity by Securitum bookcamp](https://www.youtube.com/watch?v=5eLqFac5Tkg)
* [Smart contract programmer videos](https://www.youtube.com/channel/UCJWh7F3AFyQ_x01VKzr9eyA/videos)
* [Ethereum smart contract best practices](https://consensys.github.io/smart-contract-best-practices/)
* [Solidity cheatsheet and best practices](https://github.com/manojpramesh/solidity-cheatsheet)
* [Vscode plugin: Solidity visual](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor)
* [Vscode plugin: Solidity support](https://marketplace.visualstudio.com/items?itemName=JuanBlanco.solidity)


<br>

----

### 🥧 all things security 

<br>

* [SWC Registry](https://swcregistry.io/)
* [Blockchain Security Database](https://consensys.github.io/blockchainSecurityDB/)
* [Intro to Security first dev](https://www.youtube.com/watch?v=72K57I9yvyI)
* [Spoof tokens on Ethereum](https://medium.com/etherscan-blog/spoof-tokens-on-ethereum-c2ad882d9cf6)
* [Solidity security mind map](https://github.com/x676f64/secureum-mind_map)
* [Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/4.%20Pitfalls%20and%20Best%20Practices%20101.md)
* [Hacking the Blockchain by Immunefi](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b)
* [Uniswap Oracle Attack Simulator by Euler](https://blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af)
* [Thinking About Smart Contract Security by Vitalik](https://blog.ethereum.org/2016/06/19/thinking-smart-contract-securi`ty/)
* [Advanced Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/5.%20Pitfalls%20and%20Best%20Practices%20201.md)
* [The Evolution of Smart Contract Security](https://www.youtube.com/watch?v=fOkQuNzVn_Q)
* [Audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/7.%20Audit%20Findings%20101.md)
* [Advanced audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/8.%20Audit%20Findings%20201.md)
* [Video on audit findings](https://www.youtube.com/watch?v=SromSImIpHE)
* [Sigp public audits](https://github.com/sigp/public-audits)
* [The Dangers of Price Oracles in Smart Contracts](https://www.youtube.com/watch?v=YGO7nzpXCeA&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=5)
* [Strategies for Secure Governance with Smart Contracts](https://www.youtube.com/watch?v=GbDAmMdmh8Q&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=6)
* [Security in Upgrades of Smart Contracts](https://www.youtube.com/watch?v=5WE6PEc305w&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=7)
* [Onward with Smart Contract Security](https://www.youtube.com/watch?v=RipXdV7vygs&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=8)
* [Publications from Trail of Bits](https://github.com/trailofbits/publications#blockchain)
* [Smart contract security fundamentals by OpenZeppelin](https://www.youtube.com/playlist?list=PLBy3Qkuapv_7R1ZI_Cs2NOFn7ZTaNWY6G)
* [White Hat panel: DeFi exploits](https://www.youtube.com/watch?v=Df2zzfoTfMc)
* [Smart contract audit checklist](https://consensys.net/diligence/blog/2019/09/how-to-prepare-for-a-smart-contract-audit/)
* [Another audit checklist](https://github.com/nascentxyz/simple-security-toolkit)
* [Ethereum signature database](https://www.4byte.directory/)
* [OpSec SelfGuard RoadMap](https://github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap)
* [The Solcurity Standard](https://github.com/Rari-Capital/solcurity)
* [Smart Contract Security Verification Standard](https://github.com/securing/SCSVS)
* [SecurETH Guidelines](https://guidelines.secureth.org/)
* [REKT leaderboard](https://rekt.news/leaderboard/)
* [Smart Contract Attack Vectors](https://github.com/KadenZipfel/smart-contract-attack-vectors)
* [List of known attack vectors](https://blog.sigmaprime.io/solidity-security.html)
* [Awesome Ethereum security](https://github.com/crytic/awesome-ethereum-security)
* [Bug Bounty 101](https://www.youtube.com/watch?v=S-Z2iwbT1Fg)


<br>

#### documented defi and blockchains exploits

<br>

* [defi hacks](https://cryptosec.info/defi-hacks/)
* [Rug Doc Wiki](https://wiki.rugdoc.io/)
* [246 Findings From our Smart Contract Audits](https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/)
* [rug pull checker tools](https://graph.org/A-Short-List-of-the-Rug-Checker-Tools-04-09)


<br>



---

### 🥞 contracts of interest

<br>

* [Uniswap v3](https://github.com/Uniswap/v3-core/tree/main/contracts)
* [Chainlink](https://github.com/smartcontractkit/chainlink/tree/develop/contracts/src/v0.4)
* [Fei protocol](https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts)
* [OpenZeppelin's ERC-20](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol)
* [OpenZeppelin's ERC-721](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol)
* [Immunefi notes on the ERC token standard](https://medium.com/immunefi/how-erc-standards-work-part-1-c9795803f459)
* [Security contracts from OpenZeppelin](https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/security)


<br>

---

### 🧁 practice your hacking skils

<br>

* [Capture the Ether](https://capturetheether.com/)
* [the ethernaut](https://ethernaut.openzeppelin.com/)
* [Paradigm CTF 2022](https://github.com/paradigmxyz/paradigm-ctf-2022) and [Paradigm CTF 2021](https://github.com/paradigm-operations/paradigm-ctf-2021).
* [Damn vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)
* [A collection of EVM puzzles](https://github.com/fvictorio/evm-puzzles)
* [Gamefication vault](https://hats.finance/gamification)
* [Cipher Shastra](https://ciphershastra.com/)
* [Etherhack](https://etherhack.positive.com/#/)
* [DeFiHack.xyz](https://www.defihack.xyz/)
* [w3b s3c](https://www.w3bs3c.com/tools)
* [Crypto blacklist](https://www.cryptoblacklist.io/en/ethereum-blacklist/)
* [Cipher Shastra](https://ciphershastra.com/)
* [Vyper Punk](https://github.com/SupremacyTeam/VyperPunk)
* [more blockchain ctfs](https://github.com/minaminao/ctf-blockchain/)
* [List of blockchain CTF competitions](https://github.com/blockthreat/blocksec-ctfs)



<br>

---

### 🍰 hacking tools

<br>



#### ethereum general



* [Ethstats](https://ethstats.net/)
* [EthTx Transaction Decoder](https://ethtx.info/)
* [Eth converter](https://eth-converter.com/)
* [Contracts diff checker](https://etherscan.io/contractdiffchecker)
* [Mutation Testing for Ethereum Smart Contracts](https://github.com/JoranHonig/vertigo)
* [Wallet impersonator](https://www.impersonator.xyz/)
* [Ethereum nodes](https://ethereumnodes.com/)
* [ERC20 verifier](https://erc20-verifier.openzeppelin.com/) and [the source code](https://github.com/tinchoabbate/slither-scripts/tree/master/erc20)



<br>

#### somehow relevant

* [Oyente, analysis Tool for Smart Contracts](https://github.com/enzymefinance/oyente)
* [Trail of Bits' Ethereum Security Toolbox](https://github.com/trailofbits/eth-security-toolbox)
* [Securify, Security scanner for Ethereum smart contracts](https://github.com/eth-sri/securify2)
* [Surya, A Solidity Inspector](https://github.com/ConsenSys/surya)
* [Octopus, Security Analysis tool for WebAssembly](https://github.com/pventuzelo/octopus)
* [ETK, EVM toolkit](https://github.com/quilt/etk)
* [Pyevmasm, EVM disassembler and assembler](https://github.com/crytic/pyevmasm)
* [Verx, smart contract verifier](http://verx.ch/)
* [Semgrep rules for smart contracts](https://github.com/Raz0r/semgrep-smart-contracts)
* [ETH detective](https://www.ethtective.com/address/)
* [EVM-trace, Ethereum Virtual Machine transaction tracing tool](https://github.com/ApeWorX/evm-trace)



<br>

#### other useful tools

* [Solhint, a linter for Solidity](https://github.com/protofire/solhint)
* [Solidity coverage tool](https://github.com/sc-forks/solidity-coverage)
* [JSON formatter](https://jsonformatter.curiousconcept.com/)
* [Craft requests from curl commands](https://reqbin.com/)
* [Tools by Notonly.owner](https://www.notonlyowner.com/learn/intro-security-hacking-smart-contracts-ethereum)
* [Ethereum Developer Tools List](https://github.com/ConsenSys/ethereum-developer-tools-list)
* [Immunefi scrapper](https://github.com/pratraut/scrapyFi)
* [Crystal Blockchain](https://explorer.crystalblockchain.com/)
* [0XT](https://oxt.me/)
* [Impersonator](https://www.impersonator.xyz/)
* [CIA Officer's DeFi Roadmap](https://github.com/OffcierCia/DeFi-Developer-Road-Map#transaction-visualization-scoring--tracking)
* [Mnemonic Code Converter](https://iancoleman.io/bip39/)
* [Tornado Cash Pool Anonymity Auditor](https://tutela.xyz/)
* [Cryptocurrency historical data snapshot](https://coinmarketcap.com/historical/)