Roadmap

• Understanding SIM Swap Attacks and How to Safeguard Yourself
• Check out our blog!
• Check out our blog!
• How to become a smart contract auditor
• Per Aspera ad Astra
• The Eye of Horus: Spotting and Analyzing Attacks on Ethereum Smart Contracts - Investigation shows that the number of attacks did not necessarily decrease over the past few years, but for some vulnerabilities remained constant.
• Analysis of Bitcoin Vulnerability to Bribery Attacks Launched Through Large Transactions - In this paper, authors design a novel bribery attack and show that this guarantee can be hugely undermined.
• Vulnerability of Blockchain Technologies to Quantum Attacks - Here authors analyze the major blockchain-based cryptocurrencies deployed today -- including Bitcoin, Ethereum, Litecoin and ZCash, and determine risk exposure to quantum attacks.
• BLOCKEYE - Hunting For DeFi Attacks on Blockchain. In this paper, authors proposed BLOCKEYE, a real-time attack detection system for DeFi projects on the Ethereum blockchain.
• Topological Anomaly Detection in Dynamic Multilayer Blockchain Networks - Authors introduce a new topological perspective to structural anomaly detection in dynamic multilayer networks.
• Verification of the Incremental Merkle Tree Algorithm with Dafny - Authors present our new and original correctness proof of the algorithm along with the Dafny machine-checkable version.
• GoHammer Blockchain Performance Test Tool - This tool will help in developing more efficient decentralized systems and will affect decreasing the costs of developing decentralized application projects.
• Requirement Analyses and Evaluations of Blockchain Platforms per Possible Use Cases - This document provides a generic model of understanding blockchain and its applications.
• A Note on Privacy in Constant Function Market Makers - In this note, authors show that privacy is impossible with the usual implementations of CFMMs under most reasonable models of an adversary and provide some mitigating strategies.
• A Survey of Security Vulnerabilities in Ethereum Smart Contracts - This paper explains eight vulnerabilities that are specific to the application level of BT by analyzing the exploitation case scenarios of these vulnerabilities.
• Transaction Fee Mechanism Design - Authors explain the behavior of fees in blockchains.
• AGSolT: a Tool for Automated Test-Case Generation for Solidity Smart Contracts - Authors found that AGSolT is capable of achieving high branch overage with both approaches and even discovered some errors in some of the most popular Solidity smart contracts on Github.
• Temporal-Amount Snapshot MultiGraph for Ethereum Transaction Tracking - Authors propose TASMG to model Ethereum transaction records as a temporal-amount network and then present TAW to effectively embed accounts via their transaction records, which integrates temporal and amount information of the proposed network.
• Demystifying Cryptocurrency Mining Attacks: A Semi-supervised Learning Approach Based on Digital Forensics and Dynamic Network Characteristics - This paper addresses the detection of crypto mining attacks in a generic network environment using dynamic network characteristics.
• FASTEN: Fair and Secure Distributed Voting Using Smart Contracts - Authors prove that the probability of privacy breaches is negligibly small. Further, cost analysis of executing FASTEN over Ethereum is comparable to most of the existing cost of elections.
• Interdependencies between Mining Costs, Mining Rewards and Blockchain Security - This paper studies to what extent the cost of operating a proof-of-work blockchain is intrinsically linked to the cost of preventing attacks, and to what extent the underlying digital ledger security budgets are correlated with the cryptocurrency market outcomes
• HyperSec: Visual Analytics for blockchain security monitoring - HyperSec, a visual analytics monitoring tool that provides relevant information at a glance to detect ongoing attacks on Hyperledger Fabric.
• Reentrancy Vulnerability Identification in Ethereum Smart Contracts - In this paper, authors present a framework that combines static and dynamic analysis to detect Reentrancy vulnerabilities in Ethereum smart contracts.
• A General Framework for the Security Analysis of Blockchain Protocols - This paper presents a parsimonious abstraction sufficient for capturing and comparing properties of many well-known permissionless blockchain protocols.
• Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities - The paper is aimed at security testers aiming to start out in blockchain security reviews and blockchain developers as a reference on common pitfalls.
• Vulnerabilities and Open Issues of Smart Contracts: A Systematic Mapping - This paper conducted a systematic literature mapping identifying initiatives and tools to analyze SCs and how to deal with the identified vulnerabilities.
• SuMo: A Mutation Testing Strategy for Solidity Smart Contracts - Authors report a first evaluation of SuMo on open-source projects for which test suites were available. The results authors got are encouraging, and they suggest that SuMo can effectively help developers to deliver more reliable smart contracts.
• (In)Stability for the Blockchain: Deleveraging Spirals and Stablecoin Attacks - The possibility of deleveraging spirals was first predicted in the initial release of this paper in 2019 and later observed in the Black Thursday crisis in Dai in 2020.
• An Anonymous Trust-Marking Scheme on Blockchain Systems - In this paper, authors propose an anonymous trust-marking scheme on blockchain systems that is universally applicable to any cryptocurrency.
• Bitwise Operations and Bit Manipulation in Solidity, Ethereum
• A Framework and DataSet for Bugs in Ethereum Smart Contracts - In this paper, to fill the gap, authors first collect as many smart contract bugs as possible from multiple sources and divide these bugs into 9 categories by extending the IEEE Standard Classification for Software Anomalies.
• A Secure Multi-chains Consensus Scheme Against Diverse Miners Behaviors Attacks in Blockchain Networks. - Experimental results show that PoDT is secure against DMB attacks and more effective than traditional consensus schemes in multi-chains environments.
• A Survey on Consortium Blockchain Consensus Mechanisms - This paper highilights several state-of-the art solutions in consensus algorithms for enterprise blockchain.
• Extracting Smart Contracts Tested and Verified in Coq - Authors implement extraction of Coq programs to functional languages based on MetaCoq's certified erasure.
• Trustless, privacy-preserving blockchain bridges - In this paper, authors present a protocol for facilitating trust-less cross-chain cryptocurrency transfers that preserve privacy of bridge withdrawals.
• Security checklists for Ethereum smart contract development: patterns and best practices - Authors cover the phases of design, coding, and testing and deployment of the software lifecycle.
• Dynamic Vulnerability Detection on Smart Contracts Using Machine Learning - In this work authors propose Dynamit, a monitoring framework to detect reentrancy vulnerabilities in Ethereum smart contracts.
• Targeting the Weakest Link: Social Engineering Attacks in Ethereum Smart Contracts - In this work, authors explore the possibility and existence of new social engineering attacks beyond smart contract honeypots.
• OptSmart: A Space Efficient Optimistic Concurrent Execution of Smart Contracts - In this paper, authors develop a concurrent miner that proposes a block by executing the AUs concurrently using optimistic Software Transactional Memory systems (STMs).
• DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode - Experimental results show that DefectChecker performs much better than these tools in terms of both speed and accuracy.
• SmartBugs: A Framework to Analyze Solidity Smart Contracts - Authors show how it enables easy integration and comparison of analysis tools by presenting a new extension to the tool SmartCheck that improves substantially the detection of vulnerabilities related to the DASP10 categories Bad Randomness, Time Manipulation, and Access Control (identified vulnerabilities increased from 11% to 24%).
• Profiling Gas Leaks in Solidity Smart Contracts - In this paper, authors identify a set of 19 Solidity code smells affecting the deployment and transaction costs of a smart contract, and assess the relevance of such smells through a survey involving 34 participants.
• Securing Parallel-chain Protocols under Variable Mining Power - In this paper, authors consider the design of provably secure parallel-chain protocols which can adapt to such mining power variations.
• Ethereum SmartContract Vulnerability Detection using Deep Neural Network and Transfer Learning - ESCORT framework enables transfer learning on new vulnerability types with minimal modification of the DNN model architecture and re-training overhead.
• SCSGuard: Deep Scam Detection for Ethereum Smart Contracts - Experimental results manifest that SCSGuard achieves high accuracy (0.94), precision (0.96\%) and recall (0.98) for both Ponzi and Honeypot scams, and new Phishing smart contracts.
• Securing Cyber-Physical Systems Through Blockchain-Based Digital Twins and Threat Intelligence - This article focuses on securing CPSs by integrating Artificial Intelligence (AI) and blockchain for intelligent and trusted DTs.
• A Survey on Blockchain Interoperability: Past, Present, and Future Trends - In this post, authors study blockchain interoperability techniques and solutions, providing a holistic overview of blockchain interoperability, paving the way for systematic research in this domain.
• SoK: Oracles from the Ground Truth to Market Manipulation - A paper that systemizes the design alternatives for oracles, showcases attacks, and discusses attack mitigation strategies.
• TryHackMe: Complete rooms with challenges and puzzles to break, all from the browser - Hands on cybersecurity training with real-world tasks
• Hack The Box - A Hacker's playground to dynamically and compete against other users in a collaborative ecosystem that promotes hands-on training experience
• Disclose: Cross-industry and vendor-agnostic standards for best practives in cybersecurity research - Open source maintainers and industry experts providing a central source for assistance, information, and help via templates, tools, data sets...
• OverTheWire - Set of wargames and challenges offered by a community to learn and practice security concepts in fun wargames.
• Pentesterlab - Hands-on labs covering different bu classes from basic to advanced.
• Portswigger labs - Set of web application secrity labs with attached community solutions
• Vulnhub - Users upload "challenge boxes" that often attempt to gain root access by exploiting known vulnerabilities.
• Damn Vulnerable Defi - An offensive security playground to learn red team cybersecurity in the context of DeFi and smart contracts. Examples include tasks where the users needs to stop the system from working, take out funds from a contract...
• Finematics - Educational videos on DeFi
• Formal Analysis of Composable DeFi Protocols - In this paper, authors propose a formal process-algebraic technique that models DeFi protocols in a compositional manner to allow for efficient property verification.
• DeFi-ning DeFi: Challenges & Pathway - Good Retrospective into the beginning of decentralized finance.
• A theory of Automated Market Makers in DeFi - Authors exploit our theory to formally prove a set of fundamental properties of AMMs, characterizing both structural and economic aspects.
• From banks to DeFi: the evolution of the lending market - Authors discuss the persisting reliance of DeFi lending on the traditional financial system, and conclude with the outlook of the lending market in the IOV era.
• On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols - In this paper, authors investigate two methods that allow them to automatically create profitable DeFi trades.
• Maximizing Extractable Value from Automated Market Makers - In this paper authors formally characterize rational miners as players which follow an optimal strategy in the mining game.
• The Decentralized Financial Crisis - In this paper authors explore how design weaknesses and price fluctuations in DeFi protocols could lead to a DeFi crisis.
• Liquidations: DeFi on a Knife-edge - In order to protect protocols from suffering losses, undercollateralized positions can be liquidated. In this paper, authors present empirical analysis of liquidations on protocols for loanable funds (PLFs).
• Measuring Asset Composability as a Proxy for DeFi Integration - Authors seek to understand the degree to which this practice may contribute to financial integration on Ethereum by examining transactions in 'composed' derivatives for the assets DAI, USDC, USDT, ETH and tokenized BTC for the full set of 344.8 million Ethereum transactions computed in 2020.
• Dynamic Curves for Decentralized Autonomous Cryptocurrency Exchanges - Authors propose in this work a new approach to constructing the AMM by proposing the idea of dynamic curves.
• High-Frequency Trading on Decentralized On-Chain Exchanges - In this work authors formalize, analytically exposit and empirically evaluate an augmented variant of front-running: sandwich attacks, which involve front- and back-running victim TXs.
• Flashot - A Snapshot of Flash Loan Attack on DeFi Ecosystem.
• DeFiRanger - Detecting Price Manipulation Attacks on DeFi Applications.
• Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit - Flash Loans. DeFi. Classic.
• SoK: Decentralized Finance (DeFi) - In this Systematization of Knowledge (SoK), authors delineate the DeFi ecosystem along its principal axes. SCSGuard: Deep Scam Detection for Ethereum Smart Contracts
• Empirical Evidence from four Governance Token Distributions - This paper provides a framework to quantify decentralization of governance power among blockchain applications.
• The Adoption of Blockchain-based Decentralized Exchanges - Authors show that liquidity providers lose token value if exchange rates are volatile due to the order execution mechanism of the blockchain-based exchange.
• Finance 4.0: Design principles for a value-sensitive cryptoecnomic system to address sustainability - Authors provide new insights on designing crypto systems.
• SoK: Oracles from the Ground Truth to Market Manipulation - In this SoK, authors systemize the design alternatives for oracles, showcase attacks, and discuss attack mitigation strategies.
• CeFi vs. DeFi - Comparing Centralized to Decentralized Finance - In this work, authors systematically analyze the differences between CeFi and DeFi, covering legal, economic, security, privacy and market manipulation. Authors also provide a structured methodology to differentiate between a CeFi and a DeFi service.
• Ethereum Name Service: the Good, the Bad, and the Ugly - Yet, no existing work has studied this emerging system, the security issues and misbehaviors in ENS. Authors present the first study of ENS by analyzing millions of event logs related to ENS.
• Mapping the NFT revolution - Market trends, trade networks and visual features.
• Fairness in ERC token markets - A Case Study of CryptoKitties.
• Non-Fungible Token: Overview, Evaluation, Opportunities and Challenges - In this technical report, authors explore the NFT ecosystems in several aspects.
• Networks of Ethereum Non-Fungible Tokens: A graph-based analysis of the ERC-721 ecosystem
• NFT School is an open-source project from web developers: NFT Basics, First Steps Tutorial, Minting Service Tutorial
• Stablecoins 2.0 - Authors seek to provide a sound foundation for stablecoin theory, with a risk-based functional characterization of the economic structure of stablecoins.
• Reducing the Volatility of Cryptocurrencies — A Survey of Stablecoins - Authors discuss how stablecoins help reduce the volatility of cryptocurrencies by surveying different types of stablecoins and their stability mechanisms.
• Understand Volatility of Algorithmic Stablecoin: Modeling, Verification and Empirical Analysis - Authors performed a systematic empirical analysis on real transaction activities of the Basis Cash stablecoin to relate theoretical possibilities to market observations.
• T-Cash: Transferable Fiat Backed Coins - In this paper authors propose a transferable electronic cash scheme using blockchain technology which allows users to continuously reuse coins within the system.
• A DLT-based Smart Contract Architecture for Atomic and Scalable Trading - In this paper, authors propose an atomic, scalable and privacy-preserving protocol that enables secure and dynamic updates. Then develop a smart contract-based Credit-Note System (CNS) that allows participants to lock funds before a state channel initialisation, which enhances flexibility and efficiency.
• Exploring Ethereum Data Stores: A Cost and Performance Comparison - In this work, authors examine a comprehensive set of data management approaches for ETH apps and assess the associated cost in gas as well as the retrieval performance.
• A Systematic Literature Review on Blockchain Governance - This study comprehensively investigates blockchain governance via 5W1H questions.
• A general framework for blockchain analytics - Authors propose a general-purpose framework, supporting data analytics on Bitcoin Ethereum — it allows to integrate block data with data from other sources, and to organise them in a database.
• AMR:Autonomous Coin Mixer with Privacy Preserving Reward Distribution - In this work, authors propose the first censorship resilient mixer, which can reward its users in a privacy-preserving manner for participating in the system.
• Technology Review of Blockchain Data Privacy Solutions - This report aims to review existing enterprise blockchain technologies: EOSIO powered systems, Hyperledger Fabric and Besu, Consensus Quorum, R3 Corda and Ernst and Young’s Nightfall.
• Blockchain Systems, Technologies and Applications: A Methodology Perspective - First, this article introduces how blockchain works, the research activity and challenge, and illustrates the roadmap involving the classic methodology with typical blockchain use cases and topics. Second, in blockchain system, how to adopt stochastic process, game theory, optimization, machine learning and cryptography to study blockchain running process and design blockchain protocol/algorithm are discussed in details.
• Ethna: Analyzing the Underlying Peer-to-Peer Network of the Ethereum Blockchain - Ethna implements a novel method that accurately measures the degrees of Ethereum nodes.
• Community Detection in Blockchain Social Networks - A novel community detection algorithm which is designed for low-rank signals on graph can help find users’ communities based on user-token subscription.
• Towards External Calls for Blockchain and Distributed Ledger Technology - In this paper authors show that this belief is preconceived by demonstrating a method that enables blockchain and distributed ledger technologies to perform calls to external systems initiated from the blockchain/DLT itself.
• Managing Blockchain Systems and Applications: A Process Model for Blockchain Configurations - Authors demonstrate the applicability of the proposed blockchain configuration process model on four blockchain projects
• A Note on Optimal Fees for Constant Function Market Makers - Authors present framework that can be used to compute optimal fees for real world pools using past trade data.
• Reward Mechanism for Blockchains Using Evolutionary Game Theory - In this paper, authors develop a reward mechanism framework that could apply to many PoS blockchains.
• Summing Up Smart Transitions - In this paper, authors present a generalization of first-order logic which can express the unbounded sum of balances.
• 100+ Metrics for Software Startups - A Multi-Vocal Literature Review - Using data in the form of metrics can help software startups to make the right decisions amidst uncertainty and limited resources.
• Blockchain Networks: Data Structures of Bitcoin , Monero, Zcash, Ethereum, Ripple and IOTA - Authors discuss how blockchain data can be abstracted as various types of networks, and how network abstractions used to reap insights into the structure.
• Decentralized Finance: On Blockchain- and Smart Contract-Based Financial Markets - Written by Fabian Schar, gives an overview of blockchain based markets with technical details but in a digestable format; great paper for new comers to the space.
• Key principles of storing crypto cold wallet attacks defense methods best practices
• POA Network
• POA Bridge
• Dynamical Analysis of the EIP-1559 Ethereum Fee Market - Authors perform a thorough analysis of the resulting fee market dynamic mechanism via a combination of tools from game theory and dynamical systems.
• Stochastic Properties of EIP1559 Basefees - Authors explain the new pricing mechanism for the Ethereum developed to bring stability to fluctuating gas prices.
• Transaction Fee Mechanism Design for the Ethereum Blockchain: An Economic Analysis of EIP-1559 - This report assesses the game-theoretic strengths and weaknesses of the proposal and explores some alternative designs.
• How does the NEW Ethereum work?
• Serenity Design Rationale
• Beaconcha
• Ethereum 2.0 Stats
• Ethereum 2.0 Docs
• Ethereum 2.0 Clients
• Ethereum 2.0 Forks
• Quantifying Blockchain Extractable Value: How dark is the forest? - Authors provide evidence that miners already extract Miner Extractable Value (MEV), which could destabilize the blockchain consensus security, as related work has shown.
• SmartContractResearch Forum
• ethresear.ch
• ethereum-magicians.org
• Retrospective: Hacks in Web3
• Retrospective: Hacks in Web3
• Rekt News - Anonymous platform for whistleblowers and DeFi detectives to present their information to the community.
• Blockchain Threat Intelligence - Newsletter covering the latest security news, tools, events, vulnerabilities, and threats in the cryptocurrency landscape. Also [supports this repo.](https://github.com/openblocksec/blocksec-incidents)
• Ethstats
• Node Stats
• solidity-by-example.org
• EVM Networks List
• Web Vanity Generator
• Vanity Eth Generators
• FindETH
• Ethereum input data decoder
• Ethereum Gas Charts
• Ethereum TxPool Statistics
• Gas Prices Dashboard
• The UI from ABI
• Oracles Club
• Tx Combo
• ETH or ERC-20 Mass-sender
• Fees WTF Calculator
• Spend Gas Stats
• Tenderly
• Solidity Collections - Collections of code snippets and utility libraries.
• Open DeFi Problems
• Ideas Lists
• 0x - DEX protocol
• Dapp-a-day 11-25
• Simpler Ethereum Multisig - especially section _Benefits_
• Blog von Elena Dimitrova, Dev at colony.io
• Library driven development
• Advanced Solidity code deployment techniques
• OpenZeppelin on Proxy Libraries
• MythX - Security verification platform and tools ecosystem for Ethereum developers
• Securify - Security scanner for Ethereum smart contracts
• SmartCheck - Static smart contract security analyzer
• Free Smart Contract Security Audit - Free smart contract security audits from Callisto Network
• Piet - A visual Solidity architecture analyzer
• Eth.js - Javascript Web3 alternative
• light.js - level reactive JS library optimized for light clients.
• Ethereumjs - A collection of utility functions for Ethereum like [ethereumjs-util](https://github.com/ethereumjs/ethereumjs-util) and [ethereumjs-tx](https://github.com/ethereumjs/ethereumjs-tx)
• Alchemy
• Torus - Open-sourced SDK to build dapps with a seamless onboarding UX
• Fortmatic - A simple to use SDK to build web3 dApps without extensions or downloads.
• Portis - A non-custodial wallet with an SDK that enables easy interaction with DApps without installing anything.
• Notify.js - Deliver real-time notifications to your users. With built-in support for Speed-Ups and Cancels, Blocknative Notify.js helps users transact with confidence. Notify.js is easy to integrate and quick to customize.
• Nethereum - .Net Web3
• Ethereum Contract Service - A MESG Service to interact with any Ethereum contract based on its address and ABI.
• Ethereum Service - A MESG Service to interact with events from Ethereum and interact with it.
• Ethereum Logging Framework - provides advanced logging capabilities for Ethereum applications and networks including a query language, query processor, and logging code generation
• Geth - Go client
• QuikNode - Blockchain developer cloud with API access and node-as-a-service.
• EasyDapper - Generate dapps from Truffle artifacts, deploy contracts on public/private networks, offers live customizable public page to interact with contracts.
• EasyDapper - Generate dapps from Truffle artifacts, deploy contracts on public/private networks, offers live customizable public page to interact with contracts.
• One Click dApp - Instantly create a dApp at a unique URL using the ABI.
• Truffle Pig - a development tool that provides a simple HTTP API to find and read from Truffle-generated contract files, for use during local development. Serves fresh contract ABIs over http.
• Solidity code coverage - Solidity code coverage tool
• Doppelgänger - a library for mocking smart contract dependencies during unit testing.
• ERCx - Testing tool with a Web interface to test conformance and properties of ERC-20 tokens. Based on Foundry forge.
• thread
• Jobsincrypto
• CryptoJobsList
• LobsterHR
• DeveloperDAO
• LidoGrants
• GitCoin
• anonfriendly.com
• Web3grants
• hackathons.live
• spearbit.com
• Web3SecurityDAO
• WHITE HAT DAO
• Hats.Finance
• auditjobs.xyz
• www.jobstash.xyz
• frontrunnrs.xyz
• www.jobprotocol.xyz
• ProofsArgsAndZK.pdf
• Yul for Gas Optimisation
• Retrospective: Hacks in Web3