{"id":13421515,"url":"https://github.com/Anugrahsr/Awesome-web3-Security","last_synced_at":"2025-03-15T10:31:13.689Z","repository":{"id":37045045,"uuid":"500124235","full_name":"Anugrahsr/Awesome-web3-Security","owner":"Anugrahsr","description":"A curated list of web3Security materials and resources For Pentesters and Bug Hunters.","archived":false,"fork":false,"pushed_at":"2024-03-13T08:15:29.000Z","size":1332,"stargazers_count":1154,"open_issues_count":0,"forks_count":159,"subscribers_count":23,"default_branch":"main","last_synced_at":"2024-05-23T09:11:40.553Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Anugrahsr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-06-05T14:43:40.000Z","updated_at":"2024-05-22T08:57:13.000Z","dependencies_parsed_at":"2024-01-11T20:45:58.996Z","dependency_job_id":"1fc36f64-05b0-4d70-a9ab-bfbcc3e35146","html_url":"https://github.com/Anugrahsr/Awesome-web3-Security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anugrahsr%2FAwesome-web3-Security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anugrahsr%2FAwesome-web3-Security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anugrahsr%2FAwesome-web3-Security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Anugrahsr%2FAwesome-web3-Security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Anugrahsr","download_url":"https://codeload.github.com/Anugrahsr/Awesome-web3-Security/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243718884,"owners_count":20336590,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T23:00:23.443Z","updated_at":"2025-03-15T10:31:12.804Z","avatar_url":"https://github.com/Anugrahsr.png","language":null,"funding_links":[],"categories":["Awesome List","Security","Awesome Repositories","Other Lists","📘 Valuable Repositories","一、入门核心：Web3 基础概念与资源库"],"sub_categories":["Cairo","TeX Lists"],"readme":"# Awesome-web3-Security ![awesome](https://awesome.re/badge.svg)\n![](/image/banner.jpg)\n---\nA curated list of web3 Security materials and resources For Pentesters and Bug Hunters.\n---\n\n# Vulnerable Web3 CTFs\n\n- [Capture the Ether](https://capturetheether.com/)\n- [The Ethernaut](https://ethernaut.openzeppelin.com/)\n- [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)\n- [Security Innovation Blockchain CTF](https://blockchain-ctf.securityinnovation.com/#/)\n- [GOAT Casino](https://github.com/nccgroup/GOATCasino)\n- [Paradigm CTF](https://github.com/paradigm-operations/paradigm-ctf-2021)\n- [Blocksec CTFs](https://github.com/blockthreat/blocksec-ctfs)\n- [ciphershastra CTF](https://ciphershastra.com/)\n- [DeFiVulnLabs](https://github.com/SunWeb3Sec/DeFiVulnLabs)\n- [QuillCTF](https://quillctf.super.site/)\n- [Vulnmachines - Blockchain hacking](https://www.vulnmachines.com/)\n- [Web3Pwn - Web3 Security Training Platform](https://www.web3pwn.com/)\n\n# Common Vulnerabilities in Smart contracts MindMap\nOpen the mindmap in [Xmind](https://www.xmind.net/m/2zbPP7/)\n![](/image/Vulnerabilities_in_Smart_contracts.png)\n\n# How to become a smart contract auditor?\nOpen the [MindMap](https://coggle.it/diagram/YqLzaiSABzXD4UnZ/t/smart-contract-auditor)\n![](/image/Smart_Contract_Auditor.png)\n\n# Web3 Security Tools\nOpen the [MindMap](https://xmind.works/share/zfdeD07U)\n![](https://user-images.githubusercontent.com/44763564/207535347-6c3e3a67-486c-489c-8363-87146083ca59.png)\nCheck the [Quillhash Web3-Security-Tools](https://github.com/Quillhash/Web3-Security-Tools) Repo for more details\n\nCheck Remix Ethereum project here: https://remix-project.org/\n(The Remix Project is a rich toolset which can be used for the entire journey of contract development by users of any knowledge level, and as a learning lab for teaching and experimenting with Ethereum.)\n\n# Web3 blogs and postmortem reports\n- [Immunefi Medium](https://medium.com/immunefi)\n- [Openzeppelin Blogs](https://blog.openzeppelin.com/security-audits/)\n- [QuillAudits Blogs](https://quillaudits.medium.com/)\n- [Solidity Scan Blogs](https://blog.solidityscan.com/)\n- [Beosin](https://medium.com/@Beosin_com)\n- [Neptune Mutual](https://neptunemutual.medium.com/)\n- [BlockSec](https://blocksecteam.medium.com/)\n- [CertiK](https://www.certik.com/resources/blog)\n- [mouse-run](https://mouse-run.beehiiv.com)\n\n# Crypto Bug Bounty Platforms\n- [Immunefi](https://immunefi.com/)\n- [Hackenproof](https://hackenproof.com/programs)\n- [Code4rena](https://code4rena.com/)\n- [Gitcoin](https://gitcoin.co/explorer)\n- [HackerOne](https://hackerone.com)\n- [Spearbit](https://spearbit.com/)\n- [Sherlock](https://app.sherlock.xyz/)\n- [The Saloon](https://saloon.finance/)\n- [Hats Finance](https://hats.finance/)\n\n\n# Web3 Security Newsletter\n- [Blockchain Threat Intelligence](https://newsletter.blockthreat.io/)\n- [REKT](https://rekt.news/)\n- [Week in Ethereum News](https://weekinethereumnews.com/)\n- [HashingBits Newsletter](https://quillaudits.substack.com/)\n\n# Complete Collection of Hacks, Trends, Resources\n- [Web3sec.news](https://web3sec.news)\n\n\n# Web3 Security Conference Talks and Videos\n- [Overview of Web3 Smart Contract Hacking | IWCON-S22 Talk by Duncan Townsend](https://www.youtube.com/watch?v=lJQwuyW4t-k)\n- [hat Ethereum Smart Contract Hacking Looks Like by LiveOverFlow](http://www.youtube.com/watch?v=P8LXLoTUJ5g)\n- [The Web3 Security Mindset with Corey Petty](https://www.youtube.com/watch?v=zcJmWr5_GOc)\n- [Security and Vulnerabilities in Web3 - Harry Papacharissiou](https://www.youtube.com/watch?v=QSmtVR0aniI)\n- [Web3 Security Playlist](https://www.youtube.com/playlist?list=PLox242_JhiuEe64LzW1M8XpiQ2-N5bZsX)\n- [Unstoppable - Damn Vulnerable DeFi | CTF](https://www.youtube.com/watch?v=A5s9aez43Co\u0026list=PLO5VPQH6OWdXKPThrch6U0imGdD3pHLXi)\n- [Smart Contract Hacking - 0x0C - Attacking Authorization with Web3.js](https://www.youtube.com/watch?v=cOP9z9XWjwc)\n- [How to Audit a Smart Contract | Can you find the Solidity Security Vulnerabilities?](https://www.youtube.com/watch?v=TmZ8gH-toX0)\n- [Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript – 32-Hour Course](https://www.youtube.com/watch?v=gyMwXuJrbJQ)\n\n// To be updated!\n\n# Resources to learn Solidity\n- https://cryptozombies.io/\n- https://www.learnweb3.io/\n- https://www.smartcontract.engineer/\n- https://solidity-by-example.org/\n- https://www.web3.university/\n- https://www.useweb3.xyz/\n\n# Smart Contract Security Audit Reports\n- [Chainsulting](https://github.com/chainsulting/Smart-Contract-Security-Audits)\n- [Code4rena Audit Reports](https://code4rena.com/reports)\n- [Consensys Audit Reports](https://consensys.net/diligence/audits/)\n- [QuillAudits Audit Reports](https://github.com/Quillhash/QuillAudit_Reports)\n- [Spearbit Audit Reports](https://github.com/spearbit/portfolio/tree/master/pdfs)\n- [iskdrews](https://github.com/iskdrews/awesome-solidity-security)\n- [Sherlock](https://github.com/sherlock-protocol/sherlock-reports)\n- [Avastars Smart Contract Audit Public Report](https://github.com/nicholashc/AvastarsAudit/)\n- [KubixSquare audit](https://github.com/KubixSquare/AuditReports)\n- [lemonade-audits](https://github.com/jigstack-dev/lemonade-audits)\n- [Techrate](https://github.com/TechRate/Smart-Contract-Audits)\n- [interfinetwork](https://github.com/interfinetwork/smart-contract-audits)\n- [Decentraland audit](https://github.com/decentraland/smart-contract-audits)\n- [Tech-Audit](https://github.com/Tech-Audit/Smart-Contract-Audits)\n- [Sifchain](https://drive.google.com/drive/folders/1kkjdpNuRmTjaiIKA6CQISavCvj4Awpbc)\n- [Complete List of Security Audit Reports](https://github.com/0xNazgul/Blockchain-Security-Audit-List)\n\n# Smart Contract Security Certifications\n- [Certified Blockchain Practitioner (CBP)](https://secops.group/certified-blockchain-practitioner) \nUse the coupon code **100-OFF** to get 100% discount\n- [Certified Blockchain Security Professional (CBSP)](https://blockchaintrainingalliance.com/products/cbsp))\n\n// To be updated!\n// RoadMap to be added\n\nA star to the repo would be fantastic\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FAnugrahsr%2FAwesome-web3-Security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FAnugrahsr%2FAwesome-web3-Security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FAnugrahsr%2FAwesome-web3-Security/lists"}