Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bunturx/Awesome-Blockchain-Security


https://github.com/bunturx/Awesome-Blockchain-Security

List: Awesome-Blockchain-Security

Last synced: about 2 months ago
JSON representation

Awesome Lists containing this project

README 

        
A list of resources about 

# Blockchain Security



## Education

- [Secureum](https://secureum.substack.com/): Secureum Bootcamp for Smart Contract Security Auditing is an intense 3-month program.

Created by the great [@0xRajeev](https://twitter.com/0xRajeev)

The core focus will be Ethereum Smart Contract Security Auditing.

The covered topics will include Ethereum, Solidity, Smart Contract Security & Audits.

- [Secureum Mind Map](https://github.com/x676f64/secureum-mind_map)



## Blockchain Explorers

- [Etherscan](https://etherscan.io/): The Ethereum Blockchain Explorer.

- [BSCScan](https://bscscan.com/): BNB Smart Chain Explorer.

- [Etherchain](https://etherchain.org/)

- [PolygonScan](https://polygonscan.com/): Polygon PoS Chain Explorer.

- [Blockchain.com Explorer](https://www.blockchain.com/explorer)

- [Blockchair](https://blockchair.com/es)

- [BlockCypher](https://live.blockcypher.com/)a

- [CoinMarketCap Block Explorer](https://blockchain.coinmarketcap.com/)

- [BTC.com Block Explorer](https://explorer.btc.com/)



Ripple (XRP) Explorer

- [XRP Charts](https://xrpcharts.ripple.com)

- [Bithomp XRP Explorer](https://bithomp.com/explorer/)

- [XRP Ledger Explorer](https://xrpscan.com/)

- [XRPL Explorer Ledger](https://livenet.xrpl.org/)



Monero block explorer

- [LocalMonero block explorer](https://localmonero.co/blocks)

- [MoneroVision blockchain explorer](https://monerovision.com/#/)

- [XMRChain](https://xmrchain.net/)

- [Blockchair Monero](https://blockchair.com/es/monero)



Web Descentralized Explorer

- [Blockscan](https://blockscan.com/)



## E.V.M - Ethereum Virtual Machine

- [Ethereum Opcodes - Oficial Documentation](https://ethereum.org/en/developers/docs/evm/opcodes/)

- [EVM Opcodes](https://www.ethervm.io/)

- [Eveem Decompiler](https://eveem.org/)



## Vulnerabilities

- [SWC Registry](https://swcregistry.io/): The Smart Contract Weakness Classification Registry (SWC Registry) is an implementation of the weakness classification scheme proposed in EIP-1470. It is loosely aligned to the terminologies and structure used in the Common Weakness Enumeration (CWE) while overlaying a wide range of weakness variants that are specific to smart contracts.

- [List of Security Vulnerabilities](https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities)



## Smart Contracts Security

- [Ethereum Smart Contract Security Best Practices](https://consensys.github.io/smart-contract-best-practices/) maintained by [ConsenSys Dilligence](https://consensys.net/diligence/)

- [Ethereum Security Post](https://blog.ethereum.org/category/security/)

- [SigmaPrime Blog, Solidity Security](https://blog.sigmaprime.io/solidity-security.html): Comprehensive list of known attack vectors and common anti-patterns.

- [Introducción a Hacking y Seguridad de Smart Contracts en Ethereum](https://www.youtube.com/watch?v=sqjHodAj5Xc&list=PLTqiwJDd_R8yHOvteko_DmUxUTMHnlfci): Training of 4+ hours by [Martin Abbatemarco](https://twitter.com/tinchoabbate)

- [Introducción a Ethereum Development](https://www.youtube.com/watch?v=zoJb3G8TQcE&list=PLTqiwJDd_R8y9pfUBjhkVa1IDMwyQz-fU): by [Martin Triay](https://twitter.com/martriay)



## Smart Contracts Languajes

#### Solidity

- [Solidity Documentation](https://docs.soliditylang.org/)

- [Solidity By Example](https://solidity-by-example.org/)

- [CryptoZombies](https://cryptozombies.io/): Learn Solidity through play a game

- [Solidity & Vyper Cheat Sheet](https://reference.auditless.com/cheatsheet/)

- [GitHub](https://github.com/ethereum/solidity/)

- [Solidity Gitter Chatroom](https://gitter.im/ethereum/solidity/) bridged to [Solidity Matrix Chatroom](https://matrix.to/#/#ethereum_solidity:gitter.im)

- [Cheat Sheet](https://reference.auditless.com/cheatsheet)

- [Solidity Blog](https://blog.soliditylang.org/)

- [Solidity Twitter](https://twitter.com/solidity_lang)



#### Vyper

- [Documentation](https://vyper.readthedocs.io)

- [Vyper by Example](https://vyper.readthedocs.io/en/latest/vyper-by-example.html)

- [Learn.Vyperlang.org](https://learn.vyperlang.org/#/) for learning Vyper by building a Pokémon game.

- [GitHub](https://github.com/vyperlang/vyper)

- [Vyper Gitter Chatroom](https://gitter.im/vyperlang/community)

- [Cheat Sheet](https://reference.auditless.com/cheatsheet)

- [Update Jan 8, 2020](https://blog.ethereum.org/2020/01/08/update-on-the-vyper-compiler)



#### Yul and Yul+

- [Yul Documentation](https://docs.soliditylang.org/en/latest/yul.html)

- [Yul+ Documentation](https://github.com/fuellabs/yulp)

- [Yul+ Playground](https://yulp.fuel.sh/)

- [Yul+ Introduction Post](https://medium.com/@fuellabs/introducing-yul-a-new-low-level-language-for-ethereum-aa64ce89512f)



#### Fe

- [GitHub](https://github.com/ethereum/fe)

- [Fe Announcement](https://snakecharmers.ethereum.org/fe-a-new-language-for-the-ethereum-ecosystem/)

- [Fe 2021 Roadmap](https://notes.ethereum.org/LVhaTF30SJOpkbG1iVw1jg)

- [Fe Discord Chat](https://discord.com/invite/ywpkAXFjZH)

- [Fe Twitter](https://twitter.com/official_fe)



## CTF (Capture The Flag): 

Capture the Flag (CTF) is a special kind of information security competitions

- [Capture the Ether](https://capturetheether.com/)

- [The Ethernaut](https://ethernaut.openzeppelin.com/)

- [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/) Created by the great [Martin Abbatemarco](https://twitter.com/tinchoabbate)

- [Security Innovation Blockchain CTF](https://blockchain-ctf.securityinnovation.com/#/)

- [GOAT Casino](https://github.com/nccgroup/GOATCasino)

- [Paradigm CTF](https://github.com/paradigm-operations/paradigm-ctf-2021)

- [Blocksec CTFs](https://github.com/blockthreat/blocksec-ctfs): a list of all of them



## Tools

| Tool | Link | Desc |

|--------|-----|------|

|Slither|[link](https://github.com/trailofbits/slither)|Static analysis framework with detectors for many common Solidity issues. It has taint and value tracking capabilities and is written in Python.|

|MythX|[link](https://mythx.io/)|MythX is a professional-grade cloud service that uses symbolic analysis and input fuzzing to detect common security bugs and verify the correctness of smart contract code. Using MythX requires an API key from mythx.io.|

|Mythril|[link](https://github.com/ConsenSys/mythril)|The Swiss army knife for smart contract security.|

|Contract-Library|[link](https://contract-library.com/)|Decompiler and security analysis tool for all deployed contracts.|

|MadMax|[link](https://github.com/nevillegrech/MadMax)| Static analysis tool for gas DoS vulnerabilities.|

|Gigahorse|[link](https://github.com/nevillegrech/gigahorse-toolchain)| Fast binary lifter and program analysis framework written in Datalog.|

|Echidna|[link](https://github.com/trailofbits/echidna)| The only available fuzzer for Ethereum software. Uses property testing to generate malicious inputs that break smart contracts.|

|Manticore|[link](https://github.com/trailofbits/manticore)| Dynamic binary analysis tool with EVM support.|

|Oyente|[link](https://github.com/melonproject/oyente)| Analyze Ethereum code to find common vulnerabilities, based on this paper.|

|Securify|[link](https://github.com/eth-sri/securify2)| Fully automated online static analyzer for smart contracts, providing a security report based on vulnerability patterns.|

|SmartCheck|[link](https://smartdec.net/)| Static analysis of Solidity source code for security vulnerabilities and best practices.|

|Octopus|[link](https://github.com/pventuzelo/octopus)| Security Analysis tool for Blockchain Smart Contracts with support of EVM and (e)WASM.|

|sFuzz|[link](https://sfuzz.github.io/) |Efficient fuzzer inspired from AFL to find common vulnerabilities.|

|Vertigo|[link](https://sfuzz.github.io/)| Mutation Testing for Ethereum Smart Contracts.|

|Solidity Visual Developer|[link](https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor)|This extension contributes security centric syntax and semantic highlighting, a detailed class outline, specialized views, advanced Solidity code insights and augmentation to Visual Studio Code.|

|tintinweb|[link](https://marketplace.visualstudio.com/publishers/tintinweb)|Visual Studio Code Extensions by tintinweb|



## Online Tools

- [Solidity Scan](https://solidityscan.com/): Smart-contract scanning tool built to discover vulnerabilities & mitigate risks in your code.

- [Dedaub Contract Library](https://library.dedaub.com/contracts/hottest): Smart Contract Code Explorer

- [DApp Radar](https://dappradar.com/): Discover, Track & Trade Everything DeFi, NFT and Gaming

- [EthTx Transaction Decoder](https://ethtx.info/):EthTx is an open source decoder of blockchain transactions.

- [Online Solidity Decompiler](https://www.ethervm.io/decompile)



## Scam Identifiers

- [Token Sniffer](https://tokensniffer.com): This site scans contracts for known scams, computes helpful token metrics, and maintains a list of scams

- [Token FOMO](https://tokenfomo.io): Every token deployed in the last 24 hours

- [Rugdoc](https://rugdoc.io)

- [Is This Coins a Scam?](https://isthiscoinascam.com/)

- [Token Analyzer](https://www.bscheck.eu/): Token Analyzer to detect potential scams.

- [Honeypot Detector for BSC Network](https://honeypot.is/)

- [Bad Bitcoin.org](https://badbitcoin.org/)



## Conferences



| Titulo | Desc | web | Año | Video

|--------|-----|------|------|--------|

| TrustX |a first-of-its-kind technical event dedicated to the Ethereum security ecosystem | https://www.secureum.xyz/trustx |2022 |[Videos](https://www.youtube.com/playlist?list=PLYORQHvGMg-VJ2N7273F8htBCEFdTqjui)|

|Ekoparty Security Conference|Latin American Security Conference with a Space dedicated to Blockchain Security|   http://ekoparty.org  | Since 2005 | [Videos](https://www.youtube.com/playlist?list=PL29lfGiRoK6H7NID647F0AQoHzvWg1dDp) |

| Blockchain Security Space at Ekoparty | Latin american community dedicated to share the knowledge about differents Security Blockchain topics.  |  [Website](https://web3-security-latam.gitbook.io/blockchain-security-space/)|2022|[Videos](https://www.youtube.com/channel/UCW3L_Y5SV_towM82RUlDd1A)|

| Defcon - Blockchain Village  | One of the world's largest and most notable hacker conventions, held annually in Las Vegas, Nevada.    |   https://blockchainvillage.net   |2019 |[Videos](https://www.youtube.com/playlist?list=PL9fPq3eQfaaCi3xCMqdz4v0Y4BVjAPCBY) |

| Defcon - Blockchain Village  | One of the world's largest and most notable hacker conventions, held annually in Las Vegas, Nevada.    |   https://blockchainvillage.net   |2020 |[Videos](https://www.youtube.com/playlist?list=PL9fPq3eQfaaBdXIvjSR4LwCHUe2LPzIov) |

| Defcon - Blockchain Village  | One of the world's largest and most notable hacker conventions, held annually in Las Vegas, Nevada.    |   https://blockchainvillage.net   |2021 |[Videos](https://www.youtube.com/playlist?list=PL9fPq3eQfaaDqrnDrbV-H9GBSBBtnflSw) |

| Off The Chain Conference  | A CURIOUSLY STRONG BLOCKCHAIN AND CRYPTOCURRENCY SECURITY CONFERENCE| https://www.offthechaincon.com |2022 | [Videos](https://www.youtube.com/watch?v=RKNPyDGWIrM&ab_channel=OffTheChainConference)|

| Unchained Blockchain Security Conference  |  A two days virtual conference featuring global Blockchain veterans presenting their novel ideas, stories, and experiences around creating a secured Web3.0 ecosystem.   |  https://razzorsec.ml/unchained.html    |2022 |[Videos](https://www.youtube.com/playlist?list=PLsTlBQwiFsTH_vumCsfx1kshgBuS4_Bfs) |

| DeFi Security 101  | This is a one-day crash course on DeFi security at Stanford, just before DeFi Security Summit. The goals are to prepare students for the DSS event and attract them to perform research in this space.  The course is in-person only.    |  https://defisecuritysummit.org/defi-security-101/    | 2022| |

| First Annual DeFi Security Summit  |  First Annual DeFi Security Summit -PAUL & MILDRED BERG HALL, STANFORD, AUGUST 27-28  | https://defisecuritysummit.org/     | 2022| |

| The Science of Blockchain Conference 2022  |  The conference focuses on technical innovations in the blockchain ecosystem, and brings together researchers and practioners working in the space. We are interested in the application of cryptography, decentralized protocols, formal methods, and empirical analysis, to improving the security and scalability of blockchain deployments. We aim to foster collaboration among practitioners and researchers working on blockchain protocol development, cryptography, distributed systems, secure computing, crypto-economics, and economic risk analysis. | https://cbr.stanford.edu/sbc22  | 2022| |

| ETHLatam  | AGOSTO 11-12-13 2022, Buenos Aires Argentina  |https://ethlatam.org/      | 2022| [Videos](https://www.youtube.com/channel/UCYZOSfxEQ4hmocHqjZAy_dw)|



## Newsletters about the Crypto World

- [Rekt](https://rekt.news/)

- [Week In Ethereum](https://weekinethereum.substack.com/)

- [Blockchain Threat Intelligence](https://newsletter.blockthreat.io/)

- [MDMA: Monday DeFi Market Alpha](https://t.co/xxzofu4qAS)

- [Chainalysis Weekly Newsletter](https://www.chainalysis.com/)



## Youtube Channels

- [Smart Contract Programmer](https://www.youtube.com/channel/UCJWh7F3AFyQ_x01VKzr9eyA/playlists)



## Bug Bounty Programs

- [Code4Arena](https://code4rena.com/)

- [Hackenproof](https://hackenproof.com/)

- [Immunefi](https://immunefi.com/)



## Jobs

- [Cryptocurrency Jobs](https://cryptocurrencyjobs.co/?query=security)

- [Crypto Jobs List](https://cryptojobslist.com/es/security)



## PDF Documentation & Books [link](https://github.com/bunturx/Awesome-Blockchain-Security/tree/main/documents)

- [Ethereum Evm Illustrated - Takenobu T.](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/Ethereum%20Evm%20Illustrated%20-%20Takenobu%20T..pdf)

- [Mastering Ethereum - Andreas M. Antonopoulos, Gavin Wood](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/Mastering%20Ethereum%20-%20Andreas%20M.%20Antonopoulos%2C%20Gavin%20Wood.pdf)

- [ETHEREUM:Yellow Paper](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/ETHEREUM:%20A%20SECURE%20DECENTRALISED%20GENERALISED%20TRANSACTION%20LEDGER%20-%20Gavin%20Wood.pdf)

- [Certik Defi Security Report 2021-v6](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/Certik%20Defi%20Security%20Report%202021-v6.pdf)

- [SMART CONTRACTS SECURITY VERIFICATION STANDARD - Securing](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/SMART%20CONTRACTS%20SECURITY%20VERIFICATION%20STANDARD%20-%20Securing.pdf)

- [A Survey of Verification, Validation and Testing Solutions for Smart Contracts - Chaı̈maa Benabbou, Önder Gürcan](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/A%20Survey%20of%20Verification%2C%20Validation%20and%20Testing%20Solutions%20for%20Smart%20Contracts%20-%20Cha%C4%B1%CC%88maa%20Benabbou%2C%20%C3%96nder%20G%C3%BCrcan.pdf)

- [Fundamentos Blockchain - Joan Amengual](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/Fundamentos%20Blockchain%20-%20Joan%20Amengual.pdf)

- [Tokens - Joan Amengual](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/Tokens%20-%20Joan%20Amengual.pdf)

- [CheatSheet Solidity](https://github.com/bunturx/Awesome-Blockchain-Security/blob/main/documents/CheatSheet%20Solidity.pdf)