blockchains-security-toolkit/README.md

# 🧱⛓☠️ Blockchain Development and Security

<br>

## Solidity learning resources

<br>

* [Solidity docs](https://docs.soliditylang.org/en/v0.8.12/)
* [OpenZeppelin docs](https://docs.openzeppelin.com/)
* [Solidity by example](https://solidity-by-example.org/)
* [Solidity style guide](https://docs.soliditylang.org/en/latest/style-guide.html)
* [Ethereum smart contract best practices](https://consensys.github.io/smart-contract-best-practices/)
* [Ethereum book ](https://github.com/ethereumbook/ethereumbook)
* [Everything Solidity](https://github.com/x676f64/secureum-mind_map/blob/master/2.%20Solidity%20101.md)
* [Solidity by Securitum bookcamp](https://www.youtube.com/watch?v=5eLqFac5Tkg)
* [Solidity 201 primitives](https://github.com/x676f64/secureum-mind_map/blob/master/3.%20Solidity%20201.md)
* [Smart contract programmer videos](https://www.youtube.com/channel/UCJWh7F3AFyQ_x01VKzr9eyA/videos)
* [Solidity, Blockchain, and Smart Contract Course – Beginner to Expert Python Tutorial](https://www.youtube.com/watch?v=M576WGiDBdQ)


<br>

----

## Blockchain hacking and security resources

<br>


* [Uniswap Oracle Attack Simulator by Euler](https://blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af)
* [Hacking the Blockchain by Immunifi](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b)
* [Thinking About Smart Contract Security by Vitalik](https://blog.ethereum.org/2016/06/19/thinking-smart-contract-security/)
* [Spoof tokens on Ethereum](https://medium.com/etherscan-blog/spoof-tokens-on-ethereum-c2ad882d9cf6)
* [Hacking the Blockchain: Ethereum](https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b)
* [Solidity security mind map](https://github.com/x676f64/secureum-mind_map)
* [Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/4.%20Pitfalls%20and%20Best%20Practices%20101.md)
* [Advanced Pitfalls and best practices](https://github.com/x676f64/secureum-mind_map/blob/master/5.%20Pitfalls%20and%20Best%20Practices%20201.md)
* [SWC Registry](https://swcregistry.io/)
* [Intro to Security first dev](https://www.youtube.com/watch?v=72K57I9yvyI)
* [Capture the Ether](https://capturetheether.com/)
* [246 Findings From our Smart Contract Audits: An Executive Summary](https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/)
* [Dan Guido: Trail of Bits – The Evolution of Smart Contract Security](https://www.youtube.com/watch?v=fOkQuNzVn_Q)
* [Paradigm CTF](https://github.com/paradigm-operations/paradigm-ctf-2021)
* [Audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/7.%20Audit%20Findings%20101.md)
* [Advanced audit findings](https://github.com/x676f64/secureum-mind_map/blob/master/8.%20Audit%20Findings%20201.md)
* [Video on audit findings](https://www.youtube.com/watch?v=SromSImIpHE)
* [Sigp public audits](https://github.com/sigp/public-audits)
* [The Dangers of Price Oracles in Smart Contracts](https://www.youtube.com/watch?v=YGO7nzpXCeA&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=5)
* [Strategies for Secure Governance with Smart Contracts](https://www.youtube.com/watch?v=GbDAmMdmh8Q&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=6)
* [Security in Upgrades of Smart Contracts](https://www.youtube.com/watch?v=5WE6PEc305w&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=7)
* [Onward with Smart Contract Security](https://www.youtube.com/watch?v=RipXdV7vygs&list=PLdJRkA9gCKOONBSlcifqLig_ZTyG_YLqz&index=8)
* [Publications from Trail of Bits](https://github.com/trailofbits/publications#blockchain)
* [Damn vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)
* [Smart contract security fundamentals by OpenZeppelin](https://www.youtube.com/playlist?list=PLBy3Qkuapv_7R1ZI_Cs2NOFn7ZTaNWY6G)
* [Paradigm CTF solutions](https://cmichel.io/paradigm-ctf-2021-solutions/)
* [White Hat panel: DeFi exploits](https://www.youtube.com/watch?v=Df2zzfoTfMc)
* [Smart contract audit checklist](https://consensys.net/diligence/blog/2019/09/how-to-prepare-for-a-smart-contract-audit/)
* [Another audit checklist](https://github.com/nascentxyz/simple-security-toolkit)
* [Ethereum signature database](https://www.4byte.directory/)


<br>


---

## Basics on the EVM

<br>

* [Ethereum's Whitepaper](https://ethereum.org/en/whitepaper/)
* [Speeding up the EVM by Flashbots](https://writings.flashbots.net/research/speeding-up-evm-part-1/)
* [EVM opcodes](https://github.com/crytic/evm-opcodes)
* [Understanding rollups](https://barnabe.substack.com/p/understanding-rollup-economics-from?s=r)


---

## Contracts of interest

<br>

* [ERC-20](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/ERC20.sol)
* [ERC-721](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC721/ERC721.sol)
* [Security contracts from OpenZeppelin](https://github.com/OpenZeppelin/openzeppelin-contracts/tree/master/contracts/security)
* [Uniswap v3](https://github.com/Uniswap/v3-core/tree/main/contracts)
* [Fei protocol](https://github.com/fei-protocol/fei-protocol-core/tree/master/contracts)
* [Chainlink](https://github.com/smartcontractkit/chainlink/tree/develop/contracts/src/v0.4)



<br>

---

## Useful tools

* [EthTx Transaction Decoder](https://ethtx.info/)
* [Eth converter](https://eth-converter.com/)
* [JSON formatter](https://jsonformatter.curiousconcept.com/)
* [Craft requests from curl commands](https://reqbin.com/)
* [Smart contract fuzzer](https://github.com/crytic/echidna)
* [Smart contract code analyzer](https://github.com/crytic/slither)
* [Another smart contract code analyzer](https://github.com/ConsenSys/mythril)
* [Verx, smart contract verifier](http://verx.ch/)
* [Solhint, a linter for Solidity](https://github.com/protofire/solhint)
* [Solidity coverage tool](https://github.com/sc-forks/solidity-coverage)
* [Solidity support for Visual Studio code](https://marketplace.visualstudio.com/items?itemName=JuanBlanco.solidity)