{"id":27127719,"url":"https://github.com/jcsec-security/cosmwasm-security-spotlight","last_synced_at":"2025-10-26T23:51:20.230Z","repository":{"id":153436597,"uuid":"617039940","full_name":"jcsec-security/cosmwasm-security-spotlight","owner":"jcsec-security","description":"Posts and labs to learn CosmWasm smart contract security vulnerabilities and audit","archived":false,"fork":false,"pushed_at":"2024-02-23T09:36:26.000Z","size":17,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-02-23T10:37:47.322Z","etag":null,"topics":["audit","blockchain","bug","bugbounty","contract","cosmos","cosmossdk","cosmwasm","ctf","dapp","defi","hacking","rust","security","smart","smartcontract","vulnerabilities"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jcsec-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-03-21T15:26:47.000Z","updated_at":"2024-04-15T09:59:08.775Z","dependencies_parsed_at":"2024-02-23T10:46:13.273Z","dependency_job_id":null,"html_url":"https://github.com/jcsec-security/cosmwasm-security-spotlight","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcsec-security%2Fcosmwasm-security-spotlight","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcsec-security%2Fcosmwasm-security-spotlight/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcsec-security%2Fcosmwasm-security-spotlight/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jcsec-security%2Fcosmwasm-security-spotlight/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jcsec-security","download_url":"https://codeload.github.com/jcsec-security/cosmwasm-security-spotlight/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247704511,"owners_count":20982293,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","blockchain","bug","bugbounty","contract","cosmos","cosmossdk","cosmwasm","ctf","dapp","defi","hacking","rust","security","smart","smartcontract","vulnerabilities"],"created_at":"2025-04-07T17:57:40.369Z","updated_at":"2025-10-26T23:51:15.190Z","avatar_url":"https://github.com/jcsec-security.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003e [!NOTE] \n\u003e Would you like to know more about my security services?\n\u003e [Check out my website](https://jcsec.io/)!\n---\n\n# CosmWasm Security Spotlight\n\nCosmWasm Security Spotlight is intended to be a series of medium posts about vulnerabilities found in audits of CW smart contracts. It would be a good starting point for anyone looking to get into CW contracts audits or to develop more secure smart contracts.\n\nIn addition, I created some hands-on labs so the reader can practice their bug-hunting skills in easy targets. This series is being published in collaboration with [Oak Security](https://www.oaksecurity.io/).\n\n- [#1 Unsaved storage changes](https://jcsec-audits.medium.com/cosmwasm-security-spotlight-1-cba294b27ea2)\n    - Spot the bug challenge [01-Storewhat?](https://github.com/oak-security/cosmwasm-security-dojo/tree/main/challenges/01-storewhat)\n- [#2 Access Controls](https://jcsec-audits.medium.com/cosmwasm-security-spotlight-2-3b8abeb066a1)\n    - Spot the bug challenge [02-Auth](https://github.com/oak-security/cosmwasm-security-dojo/tree/main/challenges/02-auth)\n- [#3 Address validation](https://jcsec-audits.medium.com/cosmwasm-security-spotlight-3-2b11f36fd61)\n    - Spot the bug challenge [05-Addressing](https://github.com/oak-security/cosmwasm-security-dojo/tree/main/challenges/05-addressing)\n- [#4 Rounding issues](https://jcsec-audits.medium.com/cosmwasm-security-spotlight-4-b5ba69b96c5f)\n    - Spot the bug challenge [06-Rounding](https://github.com/oak-security/cosmwasm-security-dojo/tree/main/challenges/06-rounding) \n\n# CosmWasm CTF - AwesomWasm 2023\n\nCheck the CTF that I co-created for the AwesomWasm 2023 conference to challenge your knowledge afterward!\n- [Oak Security CosmWasm CTF](https://github.com/oak-security/cosmwasm-ctf)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcsec-security%2Fcosmwasm-security-spotlight","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjcsec-security%2Fcosmwasm-security-spotlight","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjcsec-security%2Fcosmwasm-security-spotlight/lists"}