Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-starknet-security

A curated list of awesome Starknet Security Resources. Tools, audits, CTFs and more.
https://github.com/amanusk/awesome-starknet-security

Last synced: 1 day ago
JSON representation

Audit reports
- Cairo
  - Nimbora - Nimbora V2 report by Cairo- Security-Clan.
  - Opus - Opus Code4rena contest report.
  - Argent Account and Multisig - Argent account and Argent Multisig for Starknet audit by Consensys Diligence.
  - AVNU - AVNU audit by Nethermind.
  - Pragma - Pragma oracle audit by Nethermind.
  - Snapshot X - Snapshot X audit by OpenZeppelin.
  - Starknet ID - Starknet ID audit by Nethermind.
  - zkLend - zkLend audit by Nethermind.
  - Carmine - Carmine audit by Nethermind.
  - Unruggable.meme - Unruggable meme protocol community audits by Antoine M., Credennce0x, 0xerim.
  - ZKX - ZKX audit by Nethermind.
  - Braavos - Braavos Account audit by Nethermind.
- Cairo 0
  - Briq - Briq protocol audit by Nethermind.
  - ChainSecurity DAI Bridge Audit - MakerDAO's DAI bridge audit by ChainSecurity.
  - Empiric Netowrk - Empiric network audit by Zellic.
  - SithSwap - SithSwap AMM by Nethermind.
  - SHA256 from Cartridge - audit of SHA-256 implementation from Cartridge by Nethermind.
Tools
- Aegis - Cairo Formal verification tool.
- Semgrep - Static analyzer for Cairo.
- Thoth - Decompiler and security toolkit.
- amarna - Static-analyzer and linter for the Cairo programming language.
- Cairo Fuzzer - Cairo Fuzzing tool.
- Caracal - Static analyzer tool over Sierra.
- sierra-analyzer - Security toolkit in Rust for analyzing Sierra files.
- Starknet Foundry - Starknet contracts development toolkit.
- cairovm.codes - Compile and debug Sierra code.
- Aegis - Cairo Formal verification tool.
- entro - Decoding and indexing Starknet data.
- cairo-profiler - Profiler for Cairo and Starknet.
- StarkRekt - Check and reset their token spending permissions on Starknet.
- StarkRevoke - Token revocation tool for Starknet.
- Semgrep - Static analyzer for Cairo.
Blogposts and Tutorials
- Cairo 0
  - Auditing Cairo 1.0 Contracts - Cairo auditing tips and pitfalls.
  - Introduction to Cairo 1 smart-contracts security - Introduction to Cairo 1 security, tips and considerations.
  - Under the hood of Cairo 1 - Understanding Sierra code.
  - Zero-Click Argent-X Wallet Contract Vulnerability, Explained - Vulnerability in implementing Starknet smart account.
  - Auditing Cairo 1.0 Contracts - Cairo auditing tips and pitfalls.
  - Cairo 0.x Security - Cairo 0.x pitfalls and considerations.
  - Cairo Contracts and pitfalls overview - Cairo traps and vulnerabilities.
  - Cairo: the Starknet way to writing safe code - Comparing Cairo and Solidity for smart contracts.
  - Introduction to Cairo 1 smart-contracts security - Introduction to Cairo 1 security, tips and considerations.
  - Under the hood of Cairo 1 - Understanding Sierra code.
  - Adventures with Account Abstraction – Risks and Mitigations in `__validate__` - Considerations for `__validate__` function of Starknet smart accounts.
- Video tutorials
  - Cairo Security (Peteris Erins) - Spearbit seminar on Cairo security.
  - Cairo Security (Peteris Erins) - Spearbit seminar on Cairo security.
  - Code4rena x Starknet Basecamp - Starknet basecamp for first Cairo contest.
  - Code4rena x Starknet Basecamp - Starknet basecamp for first Cairo contest.
General
- Repositories and Examples
  - not-so-smart-cairo - Examples of common Cairo smart contract vulnerabilities by Trail of Bits.
CTFs and Wargames
- CTFs
  - Curta puzzle #13: Ping Pong - Starknet messaging challenge.
  - Paradigm CTF 2022 - Paradigm CTF with Solidity and Cairo challenges.
  - StarknetCC-CTF Lisbon 2022 - Lisbon 2022 Cairo CTF.
- CTF writeups
  - StarknetCC-CTF - StarknetCC 2022 CTF writeup by Ledger.
  - StarknetCC-CTF - StarknetCC 2022 CTF writeup by pscott.
- Wargames
  - Node Guardians - Online wargame and challenge with quests and standalone challenges.
  - Starknet-Security-Challenges - Cairo and Starknet challenges inspired by Capture the Ether.
  - Underhanded Cairo - Cairo challenges in cairopractice.com.
  - cairo-damn-vulnerable-defi - Cairo and Starknet challenges inspired by Capture the Ether.

Programming Languages

Rust 5 Cairo 4 Python 3

Ecosyste.ms: Awesome

awesome-starknet-security

Audit reports

Cairo

Cairo 0

Tools

Blogposts and Tutorials

Cairo 0

Video tutorials

General

Repositories and Examples

CTFs and Wargames

CTFs

CTF writeups

Wargames