{"id":13530593,"url":"https://github.com/crytic/building-secure-contracts","last_synced_at":"2025-05-14T01:09:59.192Z","repository":{"id":37266207,"uuid":"233102473","full_name":"crytic/building-secure-contracts","owner":"crytic","description":"Guidelines and training material to write secure smart contracts","archived":false,"fork":false,"pushed_at":"2025-03-26T21:45:51.000Z","size":6759,"stargazers_count":2326,"open_issues_count":53,"forks_count":365,"subscribers_count":34,"default_branch":"master","last_synced_at":"2025-04-10T22:17:54.465Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://secure-contracts.com/","language":"Solidity","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crytic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-10T17:58:29.000Z","updated_at":"2025-04-10T09:26:27.000Z","dependencies_parsed_at":"2023-02-18T06:45:40.632Z","dependency_job_id":"9acc4bfd-004c-484f-bd50-35bdf7c70d9c","html_url":"https://github.com/crytic/building-secure-contracts","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fbuilding-secure-contracts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fbuilding-secure-contracts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fbuilding-secure-contracts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crytic%2Fbuilding-secure-contracts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crytic","download_url":"https://codeload.github.com/crytic/building-secure-contracts/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248305856,"owners_count":21081577,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T07:00:52.243Z","updated_at":"2025-04-10T22:17:59.136Z","avatar_url":"https://github.com/crytic.png","language":"Solidity","readme":"# Building Secure Smart Contracts\n\n![](https://github.com/crytic/building-secure-contracts/actions/workflows/slither.yml/badge.svg) ![](https://github.com/crytic/building-secure-contracts/actions/workflows/echidna.yml/badge.svg) ![](https://github.com/crytic/building-secure-contracts/actions/workflows/medusa.yml/badge.svg)\n\nBrought to you by [Trail of Bits](https://www.trailofbits.com/), this repository offers guidelines and best practices for developing secure smart contracts. Contributions are welcome, you can contribute by following our [contributing guidelines](https://github.com/crytic/building-secure-contracts/blob/master/CONTRIBUTING.md).\n\n**Table of Contents:**\n\n- [Development Guidelines](./development-guidelines)\n  - [Code Maturity](./development-guidelines/code_maturity.md): Criteria for developers and security engineers to use when evaluating a codebase’s maturity\n  - [High-Level Best Practices](./development-guidelines/guidelines.md): Best practices for all smart contracts\n  - [Incident Response Recommendations](./development-guidelines/incident_response.md): Guidelines for creating an incident response plan\n  - [Secure Development Workflow](./development-guidelines/workflow.md): A high-level process to follow during code development\n  - [Token Integration Checklist](./development-guidelines/token_integration.md): What to check when interacting with arbitrary tokens\n- [Learn EVM](./learn_evm): Technical knowledge about the EVM\n  - [EVM Opcodes](./learn_evm/evm_opcodes.md): Information on all EVM opcodes\n  - [Transaction Tracing](./learn_evm/tracing.md): Helper scripts and guidance for generating and navigating transaction traces\n  - [Arithmetic Checks](./learn_evm/arithmetic-checks.md): A guide to performing arithmetic checks in the EVM\n  - [Yellow Paper Guidance](./learn_evm/yellow-paper.md): Symbol reference for easier reading of the Ethereum yellow paper\n  - [Forks \u003c\u003e EIPs](./learn_evm/eips_forks.md): Summaries of the EIPs included in each Ethereum fork\n    - [Forks \u003c\u003e CIPs](./learn_evm/cips_forks.md): Summaries of the CIPs and EIPs included in each Celo fork _(EVM-compatible chain)_\n    - [Upgrades \u003c\u003e TIPs](./learn_evm/tips_upgrades.md): Summaries of the TIPs included in each TRON upgrade _(EVM-compatible chain)_\n    - [Forks \u003c\u003e BEPs](./learn_evm/beps_forks.md): Summaries of the BEPs included in each BSC fork _(EVM-compatible chain)_\n- [Not So Smart Contracts](./not-so-smart-contracts): Examples of common smart contract issues, complete with descriptions, examples, and recommendations\n  - [Algorand](./not-so-smart-contracts/algorand)\n  - [Cairo](./not-so-smart-contracts/cairo)\n  - [Cosmos](./not-so-smart-contracts/cosmos)\n  - [Substrate](./not-so-smart-contracts/substrate)\n  - [Solana](./not-so-smart-contracts/solana)\n  - [TON](./not-so-smart-contracts/ton)\n- [Program Analysis](./program-analysis): Using automated tools to secure contracts\n  - [Echidna](./program-analysis/echidna): A fuzzer that checks your contract's properties\n  - [Medusa](./program-analysis/medusa/docs/src): A next-gen fuzzer that checks your contract's properties\n  - [Slither](./program-analysis/slither/docs/src/): A static analyzer with both CLI and scriptable interfaces\n  - [Manticore](./program-analysis/manticore): A symbolic execution engine that proves the correctness of properties\n  - For each tool, this training material provides:\n    - A theoretical introduction, an API walkthrough, and a set of exercises\n    - Exercises that take approximately two hours to gain practical understanding\n- [Resources](./resources): Assorted online resources\n  - [Trail of Bits Blog Posts](./resources/tob_blogposts.md): A list of blockchain-related blog posts created by Trail of Bits\n\n# License\n\nsecure-contracts and building-secure-contracts are licensed and distributed under the [AGPLv3 license](https://github.com/crytic/building-secure-contracts/blob/master/LICENSE). Contact us if you're looking for an exception to the terms.\n","funding_links":[],"categories":["Controls","Resources","Solidity","By Language","GitHub Repositories","Security \u0026 Best Practices"],"sub_categories":["Solidity"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Fbuilding-secure-contracts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrytic%2Fbuilding-secure-contracts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrytic%2Fbuilding-secure-contracts/lists"}