awesome-starknet-security
A curated list of awesome Starknet Security Resources. Tools, audits, CTFs and more.
https://github.com/amanusk/awesome-starknet-security
Last synced: 1 day ago
JSON representation
-
Audit reports
-
Cairo
- Nimbora - Nimbora V2 report by Cairo- Security-Clan.
- Opus - Opus Code4rena contest report.
- Argent Account and Multisig - Argent account and Argent Multisig for Starknet audit by Consensys Diligence.
- AVNU - AVNU audit by Nethermind.
- Pragma - Pragma oracle audit by Nethermind.
- Snapshot X - Snapshot X audit by OpenZeppelin.
- Starknet ID - Starknet ID audit by Nethermind.
- zkLend - zkLend audit by Nethermind.
- Carmine - Carmine audit by Nethermind.
- Unruggable.meme - Unruggable meme protocol community audits by Antoine M., Credennce0x, 0xerim.
- ZKX - ZKX audit by Nethermind.
- Braavos - Braavos Account audit by Nethermind.
-
Cairo 0
- Briq - Briq protocol audit by Nethermind.
- ChainSecurity DAI Bridge Audit - MakerDAO's DAI bridge audit by ChainSecurity.
- Empiric Netowrk - Empiric network audit by Zellic.
- SithSwap - SithSwap AMM by Nethermind.
- SHA256 from Cartridge - audit of SHA-256 implementation from Cartridge by Nethermind.
-
-
Tools
- Aegis - Cairo Formal verification tool.
- Starknet Foundry - Starknet contracts development toolkit.
- Thoth - Decompiler and security toolkit.
- amarna - Static-analyzer and linter for the Cairo programming language.
- Cairo Fuzzer - Cairo Fuzzing tool.
- Caracal - Static analyzer tool over Sierra.
- sierra-analyzer - Security toolkit in Rust for analyzing Sierra files.
- cairovm.codes - Compile and debug Sierra code.
- Aegis - Cairo Formal verification tool.
- entro - Decoding and indexing Starknet data.
- cairo-profiler - Profiler for Cairo and Starknet.
- StarkRekt - Check and reset their token spending permissions on Starknet.
- StarkRevoke - Token revocation tool for Starknet.
- Semgrep - Static analyzer for Cairo.
-
Blogposts and Tutorials
-
Cairo 0
- Auditing Cairo 1.0 Contracts - Cairo auditing tips and pitfalls.
- Introduction to Cairo 1 smart-contracts security - Introduction to Cairo 1 security, tips and considerations.
- Under the hood of Cairo 1 - Understanding Sierra code.
- Zero-Click Argent-X Wallet Contract Vulnerability, Explained - Vulnerability in implementing Starknet smart account.
- Auditing Cairo 1.0 Contracts - Cairo auditing tips and pitfalls.
- Cairo 0.x Security - Cairo 0.x pitfalls and considerations.
- Cairo Contracts and pitfalls overview - Cairo traps and vulnerabilities.
- Cairo: the Starknet way to writing safe code - Comparing Cairo and Solidity for smart contracts.
- Introduction to Cairo 1 smart-contracts security - Introduction to Cairo 1 security, tips and considerations.
- Under the hood of Cairo 1 - Understanding Sierra code.
- In-Depth Analysis of zkLend Hack Linked to EraLend Hack - ZkLend hack analysis by SlowMist.
- zkLend Exploit Post-Mortem - ZkLend exploit post-mortem by BlockSec.
- Adventures with Account Abstraction – Risks and Mitigations in `__validate__` - Considerations for `__validate__` function of Starknet smart accounts.
-
Video tutorials
- Cairo Security (Peteris Erins) - Spearbit seminar on Cairo security.
- Cairo Security (Peteris Erins) - Spearbit seminar on Cairo security.
- Code4rena x Starknet Basecamp - Starknet basecamp for first Cairo contest.
- Code4rena x Starknet Basecamp - Starknet basecamp for first Cairo contest.
-
-
General
-
Repositories and Examples
- not-so-smart-cairo - Examples of common Cairo smart contract vulnerabilities by Trail of Bits.
- zkLend-reproduction - Reproduction of the ZkLend hack with Starknet-Foundry.
-
-
CTFs and Wargames
-
CTFs
- Curta puzzle #13: Ping Pong - Starknet messaging challenge.
- Paradigm CTF 2022 - Paradigm CTF with Solidity and Cairo challenges.
- StarknetCC-CTF Lisbon 2022 - Lisbon 2022 Cairo CTF.
-
CTF writeups
- StarknetCC-CTF - StarknetCC 2022 CTF writeup by Ledger.
- StarknetCC-CTF - StarknetCC 2022 CTF writeup by pscott.
-
Wargames
- Node Guardians - Online wargame and challenge with quests and standalone challenges.
- Starknet-Security-Challenges - Cairo and Starknet challenges inspired by Capture the Ether.
- Underhanded Cairo - Cairo challenges in cairopractice.com.
- cairo-damn-vulnerable-defi - Cairo and Starknet challenges inspired by Capture the Ether.
- Starknet-Security-Challenges - Cairo and Starknet challenges inspired by Capture the Ether.
-
Categories
Sub Categories
Keywords
starknet
5
cairo
4
cairo-lang
3
blockchain
2
security
2
dapp
1
framework
1
rust
1
testing
1
toolkit
1
analysis
1
callflow
1
cfg
1
decompiler
1
disassembler
1
reversing
1
sierra
1
symbolic-execution
1
linter
1
static-analysis
1
fuzzer
1
fuzzing
1
crypto
1
ctf
1
ethereum
1
evm
1
solidity
1
cairo-lan
1
nubia
1