Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Anugrahsr/Awesome-web3-Security

A curated list of web3Security materials and resources For Pentesters and Bug Hunters.
https://github.com/Anugrahsr/Awesome-web3-Security

List: Awesome-web3-Security

Last synced: about 2 months ago
JSON representation

A curated list of web3Security materials and resources For Pentesters and Bug Hunters.

Host: GitHub
URL: https://github.com/Anugrahsr/Awesome-web3-Security
Owner: Anugrahsr
Created: 2022-06-05T14:43:40.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-03-13T08:15:29.000Z (6 months ago)
Last Synced: 2024-05-23T09:11:40.553Z (4 months ago)
Size: 1.27 MB
Stars: 1,154
Watchers: 23
Forks: 159
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

Library-of-Ethereum - Awesome web3 Security - A curated list of web3 Security materials and resources For Pentesters and Bug Hunters. (Security / Cairo)
awesome-web3 - Web3 Security - Curated list of web3 security materials and resources for pentesters and bug hunters. (Awesome List)
Awesome-Hacking - Web3 Security
ultimate-awesome - Awesome-web3-Security - A curated list of web3Security materials and resources For Pentesters and Bug Hunters. (Other Lists / PowerShell Lists)
fucking-Awesome-Hacking - Web3 Security

README

        # Awesome-web3-Security ![awesome](https://awesome.re/badge.svg)

![](/image/banner.jpg)

---

A curated list of web3 Security materials and resources For Pentesters and Bug Hunters.

---

# Vulnerable Web3 CTFs

- [Capture the Ether](https://capturetheether.com/)

- [The Ethernaut](https://ethernaut.openzeppelin.com/)

- [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/)

- [Security Innovation Blockchain CTF](https://blockchain-ctf.securityinnovation.com/#/)

- [GOAT Casino](https://github.com/nccgroup/GOATCasino)

- [Paradigm CTF](https://github.com/paradigm-operations/paradigm-ctf-2021)

- [Blocksec CTFs](https://github.com/blockthreat/blocksec-ctfs)

- [ciphershastra CTF](https://ciphershastra.com/)

- [DeFiVulnLabs](https://github.com/SunWeb3Sec/DeFiVulnLabs)

- [QuillCTF](https://quillctf.super.site/)

- [Vulnmachines - Blockchain hacking](https://www.vulnmachines.com/)

- [Web3Pwn - Web3 Security Training Platform](https://www.web3pwn.com/)

# Common Vulnerabilities in Smart contracts MindMap

Open the mindmap in [Xmind](https://www.xmind.net/m/2zbPP7/)

![](/image/Vulnerabilities_in_Smart_contracts.png)

# How to become a smart contract auditor?

Open the [MindMap](https://coggle.it/diagram/YqLzaiSABzXD4UnZ/t/smart-contract-auditor)

![](/image/Smart_Contract_Auditor.png)

# Web3 Security Tools

Open the [MindMap](https://xmind.works/share/zfdeD07U)

![](https://user-images.githubusercontent.com/44763564/207535347-6c3e3a67-486c-489c-8363-87146083ca59.png)

Check the [Quillhash Web3-Security-Tools](https://github.com/Quillhash/Web3-Security-Tools) Repo for more details

Check Remix Ethereum project here: https://remix-project.org/

(The Remix Project is a rich toolset which can be used for the entire journey of contract development by users of any knowledge level, and as a learning lab for teaching and experimenting with Ethereum.)

# Web3 blogs and postmortem reports

- [Immunefi Medium](https://medium.com/immunefi)

- [Openzeppelin Blogs](https://blog.openzeppelin.com/security-audits/)

- [QuillAudits Blogs](https://quillaudits.medium.com/)

- [Solidity Scan Blogs](https://blog.solidityscan.com/)

- [Beosin](https://medium.com/@Beosin_com)

- [Neptune Mutual](https://neptunemutual.medium.com/)

- [BlockSec](https://blocksecteam.medium.com/)

- [CertiK](https://www.certik.com/resources/blog)

- [mouse-run](https://mouse-run.beehiiv.com)

# Crypto Bug Bounty Platforms

- [Immunefi](https://immunefi.com/)

- [Hackenproof](https://hackenproof.com/programs)

- [Code4rena](https://code4rena.com/)

- [Gitcoin](https://gitcoin.co/explorer)

- [HackerOne](https://hackerone.com)

- [Spearbit](https://spearbit.com/)

- [Sherlock](https://app.sherlock.xyz/)

- [The Saloon](https://saloon.finance/)

- [Hats Finance](https://hats.finance/)

# Web3 Security Newsletter

- [Blockchain Threat Intelligence](https://newsletter.blockthreat.io/)

- [REKT](https://rekt.news/)

- [Week in Ethereum News](https://weekinethereumnews.com/)

- [HashingBits Newsletter](https://quillaudits.substack.com/)

# Complete Collection of Hacks, Trends, Resources

- [Web3sec.news](https://web3sec.news)

# Web3 Security Conference Talks and Videos

- [Overview of Web3 Smart Contract Hacking | IWCON-S22 Talk by Duncan Townsend](https://www.youtube.com/watch?v=lJQwuyW4t-k)

- [hat Ethereum Smart Contract Hacking Looks Like by LiveOverFlow](http://www.youtube.com/watch?v=P8LXLoTUJ5g)

- [The Web3 Security Mindset with Corey Petty](https://www.youtube.com/watch?v=zcJmWr5_GOc)

- [Security and Vulnerabilities in Web3 - Harry Papacharissiou](https://www.youtube.com/watch?v=QSmtVR0aniI)

- [Web3 Security Playlist](https://www.youtube.com/playlist?list=PLox242_JhiuEe64LzW1M8XpiQ2-N5bZsX)

- [Unstoppable - Damn Vulnerable DeFi | CTF](https://www.youtube.com/watch?v=A5s9aez43Co&list=PLO5VPQH6OWdXKPThrch6U0imGdD3pHLXi)

- [Smart Contract Hacking - 0x0C - Attacking Authorization with Web3.js](https://www.youtube.com/watch?v=cOP9z9XWjwc)

- [How to Audit a Smart Contract | Can you find the Solidity Security Vulnerabilities?](https://www.youtube.com/watch?v=TmZ8gH-toX0)

- [Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript – 32-Hour Course](https://www.youtube.com/watch?v=gyMwXuJrbJQ)

// To be updated!

# Resources to learn Solidity

- https://cryptozombies.io/

- https://www.learnweb3.io/

- https://www.smartcontract.engineer/

- https://solidity-by-example.org/

- https://www.web3.university/

- https://www.useweb3.xyz/

# Smart Contract Security Audit Reports

- [Chainsulting](https://github.com/chainsulting/Smart-Contract-Security-Audits)

- [Code4rena Audit Reports](https://code4rena.com/reports)

- [Consensys Audit Reports](https://consensys.net/diligence/audits/)

- [QuillAudits Audit Reports](https://github.com/Quillhash/QuillAudit_Reports)

- [Spearbit Audit Reports](https://github.com/spearbit/portfolio/tree/master/pdfs)

- [iskdrews](https://github.com/iskdrews/awesome-solidity-security)

- [Sherlock](https://github.com/sherlock-protocol/sherlock-reports)

- [Avastars Smart Contract Audit Public Report](https://github.com/nicholashc/AvastarsAudit/)

- [KubixSquare audit](https://github.com/KubixSquare/AuditReports)

- [lemonade-audits](https://github.com/jigstack-dev/lemonade-audits)

- [Techrate](https://github.com/TechRate/Smart-Contract-Audits)

- [interfinetwork](https://github.com/interfinetwork/smart-contract-audits)

- [Decentraland audit](https://github.com/decentraland/smart-contract-audits)

- [Tech-Audit](https://github.com/Tech-Audit/Smart-Contract-Audits)

- [Sifchain](https://drive.google.com/drive/folders/1kkjdpNuRmTjaiIKA6CQISavCvj4Awpbc)

- [Complete List of Security Audit Reports](https://github.com/0xNazgul/Blockchain-Security-Audit-List)

# Smart Contract Security Certifications

- [Certified Blockchain Practitioner (CBP)](https://secops.group/certified-blockchain-practitioner) 

Use the coupon code **100-OFF** to get 100% discount

- [Certified Blockchain Security Professional (CBSP)](https://blockchaintrainingalliance.com/products/cbsp))

// To be updated!

// RoadMap to be added

A star to the repo would be fantastic