Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/crytic/building-secure-contracts

Guidelines and training material to write secure smart contracts
https://github.com/crytic/building-secure-contracts

Last synced: 1 day ago
JSON representation

Guidelines and training material to write secure smart contracts

Host: GitHub
URL: https://github.com/crytic/building-secure-contracts
Owner: crytic
License: agpl-3.0
Created: 2020-01-10T17:58:29.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2024-10-22T17:44:02.000Z (about 2 months ago)
Last Synced: 2024-10-29T15:34:12.871Z (about 1 month ago)
Language: Solidity
Homepage: https://secure-contracts.com/
Size: 6.64 MB
Stars: 2,213
Watchers: 36
Forks: 345
Open Issues: 64
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: CODEOWNERS

Awesome Lists containing this project

awesome-evm-security - Building Secure Contracts - Trail of Bits' guidelines and best practices on how to write secure smart contracts. (Controls)
awesome-solidity - crytic/building-secure-contracts - Guidelines and training material to write secure smart contracts. (Resources)
awesome-solidity - crytic/building-secure-contracts - Guidelines and training material to write secure smart contracts. (Resources)
Blockchain-Development-Resources - Building secure contracts
awesome-solidity - crytic/building-secure-contracts - Guidelines and training material to write secure smart contracts. (Resources)

README

        # Building Secure Smart Contracts

![](https://github.com/crytic/building-secure-contracts/actions/workflows/slither.yml/badge.svg) ![](https://github.com/crytic/building-secure-contracts/actions/workflows/echidna.yml/badge.svg) ![](https://github.com/crytic/building-secure-contracts/actions/workflows/medusa.yml/badge.svg)

Brought to you by [Trail of Bits](https://www.trailofbits.com/), this repository offers guidelines and best practices for developing secure smart contracts. Contributions are welcome, you can contribute by following our [contributing guidelines](https://github.com/crytic/building-secure-contracts/blob/master/CONTRIBUTING.md).

**Table of Contents:**

- [Development Guidelines](./development-guidelines)

  - [Code Maturity](./development-guidelines/code_maturity.md): Criteria for developers and security engineers to use when evaluating a codebase’s maturity

  - [High-Level Best Practices](./development-guidelines/guidelines.md): Best practices for all smart contracts

  - [Incident Response Recommendations](./development-guidelines/incident_response.md): Guidelines for creating an incident response plan

  - [Secure Development Workflow](./development-guidelines/workflow.md): A high-level process to follow during code development

  - [Token Integration Checklist](./development-guidelines/token_integration.md): What to check when interacting with arbitrary tokens

- [Learn EVM](./learn_evm): Technical knowledge about the EVM

  - [EVM Opcodes](./learn_evm/evm_opcodes.md): Information on all EVM opcodes

  - [Transaction Tracing](./learn_evm/tracing.md): Helper scripts and guidance for generating and navigating transaction traces

  - [Arithmetic Checks](./learn_evm/arithmetic-checks.md): A guide to performing arithmetic checks in the EVM

  - [Yellow Paper Guidance](./learn_evm/yellow-paper.md): Symbol reference for easier reading of the Ethereum yellow paper

  - [Forks <> EIPs](./learn_evm/eips_forks.md): Summaries of the EIPs included in each Ethereum fork

    - [Forks <> CIPs](./learn_evm/cips_forks.md): Summaries of the CIPs and EIPs included in each Celo fork _(EVM-compatible chain)_

    - [Upgrades <> TIPs](./learn_evm/tips_upgrades.md): Summaries of the TIPs included in each TRON upgrade _(EVM-compatible chain)_

    - [Forks <> BEPs](./learn_evm/beps_forks.md): Summaries of the BEPs included in each BSC fork _(EVM-compatible chain)_

- [Not So Smart Contracts](./not-so-smart-contracts): Examples of common smart contract issues, complete with descriptions, examples, and recommendations

  - [Algorand](./not-so-smart-contracts/algorand)

  - [Cairo](./not-so-smart-contracts/cairo)

  - [Cosmos](./not-so-smart-contracts/cosmos)

  - [Substrate](./not-so-smart-contracts/substrate)

  - [Solana](./not-so-smart-contracts/solana)

- [Program Analysis](./program-analysis): Using automated tools to secure contracts

  - [Echidna](./program-analysis/echidna): A fuzzer that checks your contract's properties

  - [Medusa](./program-analysis/medusa/docs/src): A next-gen fuzzer that checks your contract's properties

  - [Slither](./program-analysis/slither): A static analyzer with both CLI and scriptable interfaces

  - [Manticore](./program-analysis/manticore): A symbolic execution engine that proves the correctness of properties

  - For each tool, this training material provides:

    - A theoretical introduction, an API walkthrough, and a set of exercises

    - Exercises that take approximately two hours to gain practical understanding

- [Resources](./resources): Assorted online resources

  - [Trail of Bits Blog Posts](./resources/tob_blogposts.md): A list of blockchain-related blog posts created by Trail of Bits

# License

secure-contracts and building-secure-contracts are licensed and distributed under the [AGPLv3 license](https://github.com/crytic/building-secure-contracts/blob/master/LICENSE). Contact us if you're looking for an exception to the terms.