Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kareniel/awesome-evm-security

🕶 A high-level overview of the EVM security ecosystem
https://github.com/kareniel/awesome-evm-security

List: awesome-evm-security

awesome awesome-list blockchain ethereum evm security web3

Last synced: 25 days ago
JSON representation

🕶 A high-level overview of the EVM security ecosystem

Host: GitHub
URL: https://github.com/kareniel/awesome-evm-security
Owner: kareniel
License: cc0-1.0
Created: 2021-11-05T14:32:34.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2022-06-06T17:08:13.000Z (over 2 years ago)
Last Synced: 2024-05-22T13:17:30.458Z (4 months ago)
Topics: awesome, awesome-list, blockchain, ethereum, evm, security, web3
Homepage:
Size: 151 KB
Stars: 157
Watchers: 7
Forks: 13
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome - EVM Security - Understanding the Ethereum Virtual Machine security ecosystem. (Security)
more-awesome - EVM Security - Understanding the Ethereum Virtual Machine security ecosystem. (Security)
awesome-projects - EVM Security - Understanding the Ethereum Virtual Machine security ecosystem. (Security)
On-Chain-Investigations-Tools-List - Awesome EVM Security
Awesome-Web3 - EVM Security - Understanding the Ethereum Virtual Machine security ecosystem. (Security)
fucking-awesome - EVM Security - Understanding the Ethereum Virtual Machine security ecosystem. (Security)
guia-ackercode - EVM Security - Segurança para a Ethereum Virtual Machine. (🔐 Security)
awesome - EVM Security - Understanding the Ethereum Virtual Machine security ecosystem. (Security)
awesome - EVM Security - Understanding the Ethereum Virtual Machine security ecosystem. (Security)
ultimate-awesome - awesome-evm-security - 🕶 A high-level overview of the EVM security ecosystem. (Other Lists / PowerShell Lists)

README

        # Awesome EVM Security [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

[![Awesome EVM Security](awesome-evm-security.png)](https://github.com/kareniel/awesome-evm-security#readme)

[EVM](https://ethereum.org/en/developers/docs/evm/) stands for "Ethereum Virtual Machine". The EVM powers the Ethereum mainnet, but also Layer 2 protocols, sidechains, and EVM-compatible chains.

This list is an overview of the EVM ecosystem from an information security management perspective.

## Contents

- [Guides](#guides)

- [Governance](#governance)

- [Architecture](#architecture)

- [Standards](#standards)

- [System Assets](#system-assets)

- [Threats](#threats)

- [Vulnerabilities](#vulnerabilities)

- [Controls](#controls)

- [Ecosystem](#ecosystem)

## Guides

- [CryptoSec.info](https://cryptosec.info/) - Information to help beginners learn how to protect their funds against hackers and scammers.

- [Simplified Roadmap for Blockchain Security](https://devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html) - Covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security.

- [How to become a smart contract auditor](https://cmichel.io/how-to-become-a-smart-contract-auditor/) - Frequently asked questions that are related to auditing and auditors can get their first job.

## Governance

- [A beginner's guide to DAOs](https://linda.mirror.xyz/Vh8K4leCGEO06_qSGx-vS5lvgUqhqkCz9ut81WwCP2o) - Gives a high level overview of what DAOs are, why they are interesting and some of their use cases.

- [Deep DAO](https://deepdao.io/#/deepdao/dashboard) - Lists, ranks and analyzes top DAOs across multiple metrics.

- [SAFT Agreements](https://saftproject.com/) - A commercial instrument used to convey rights in tokens prior to the development of the tokens' functionality.

- [Voting Options in DAOs](https://medium.com/daostack/voting-options-in-daos-b86e5c69a3e3) - Voting Options in DAOs.

- [The Wyoming DAO bill](https://twitter.com/awrigh01/status/1369328856260354051) - A thread about Wyoming DAOs .

- [It Takes a Cryptonetwork](https://medium.com/primedao/it-takes-a-cryptonetwork-2ae9ab541c17) - Prime's Strategy for DAO to DAO Relations.

- [DAOs, Democracy and Governance](https://merkle.com/papers/DAOdemocracyDraft.pdf) - A paper by Ralph Merkle about DAOs.

## Architecture

- [Shelling Out: The Origins of Money](https://nakamotoinstitute.org/shelling-out/) - Illustrates the value of collectibles in reducing social transaction costs.

- [Foundations of Cryptoeconomic Systems](https://epub.wu.ac.at/7309/8/Foundations%20of%20Cryptoeconomic%20Systems.pdf) - This paper explores why the term

"cryptoeconomics" is context dependent and proposes complementary micro, meso and macro definitions of the term.

- [Towards a Practice of Token Engineering](https://blog.oceanprotocol.com/towards-a-practice-of-token-engineering-b02feeeff7ca) - How do we design tokenized ecosystems, their incentives and how do we analyze or verify them?

- [A Crash Course in Mechanism Design for Cryptoeconomic Applications](https://medium.com/blockchannel/a-crash-course-in-mechanism-design-for-cryptoeconomic-applications-a9f06ab6a976) - Introduces the basic concepts of mechanism design, and gives a taste for their usefulness in the cryptocurrency world.

- [WTF Is QF](https://wtfisqf.com/?grant=&grant=&grant=&grant=&match=1000) - A simple explanation of quadratic funding.

- [Bonding Curves Explained](https://yos.io/2018/11/10/bonding-curves) - What bonding curves are and their potential applications.

## Standards

- [DeFi Safety](https://www.defisafety.com/) - Best practices security score reviews.

- [DASP Top 10 of 2018](https://dasp.co/) - Decentralized Application Security Project Top 10 vulnerabilities.

- [IVSCS](https://immunefi.com/severity-updated/) - Immunefi Vulnerability Severity Classification System.

- [Smart Contract Security Verification Standard](https://securing.github.io/SCSVS/) - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.

- [Secureth guidelines](https://guidelines.secureth.org/) - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.

- [CryptoCurrency Security Standard (CCSS)](https://cryptoconsortium.github.io/CCSS/) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.

- [The Solcurity Standard](https://github.com/Rari-Capital/solcurity) - Opinionated security and code quality standard for Solidity smart contracts.

## System Assets

- [Security Considerations in the Solidity documentation](https://docs.soliditylang.org/en/v0.8.6/security-considerations.html) - Lists some pitfalls and general security recommendations.

- [Ethereum 2.0 Specifications Security Audit Report](https://leastauthority.com/static/publications/LeastAuthority-Ethereum-2.0-Specifications-Audit-Report.pdf) - Security Audit Report of the Eth2.0 spec by Least Authority.

- [Getting Deep Into EVM](https://hackernoon.com/getting-deep-into-evm-how-ethereum-works-backstage-ac7efa1f0015) - An Ultimate, In-depth Explanation of How EVM Works.

- [Ethereum EVM illustrated](https://takenobu-hs.github.io/downloads/ethereum_evm_illustrated.pdf) - Exploring some mental models and implementations.

- [Ethereum Blockspace: Who Gets What and Why](https://www.aniccaresearch.tech/blog/ethereum-blockspace-who-gets-what-and-why) - Ethereum blockspace market structure.

- [What Is Uniswap and How Does It Work?](https://academy.binance.com/en/articles/what-is-uniswap-and-how-does-it-work) - What Uniswap is, how it works, and how you can swap tokens on it simply with an Ethereum wallet.

- [Scaling EVM (Ethereum Virtual Machine)](https://capitalgram.com/posts/scaling-evm/) - How fast and far can the EVM based blockchain architecture still take us.

- [L2Beat](https://l2beat.com/) - Transparent and verifiable insights into emerging layer two (L2) technologies.

- [The Non-Fungible Token Bible](https://opensea.io/blog/guides/non-fungible-tokens) - Everything you need to know about NFTs.

- [KEVM](https://github.com/kframework/evm-semantics) - A formal model of the EVM in the K framework.

## Threats

- [Blockchain Graveyard](https://magoo.github.io/Blockchain-Graveyard/) - A list of all massive security breaches or thefts involving blockchains.

- [List of Bitcoin Heists](https://bitcointalk.org/index.php?topic=576337) - Research on prior Bitcoin-related thefts.

- [Blockchain Threat Intelligence](https://www.blockthreat.io/) - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.

- [Rekt News](https://rekt.news/) - Investigative journalism, creative commentary, and incident analysis.

- [DeFiYield's REKT db](https://defiyield.app/rekt-database) - Database of Crypto Hacks, Exploit, Scam.

- [CryptoScamDB](https://cryptoscamdb.org/scams) - Keeping track of cryptocurrency scams in an open-source database.

- [Mudit Gupta's Twitter threads](https://mudit.blog/twitter-threads/) - Early analysis and educational content on Twitter.

- [Flash Boys 2.0 Paper](https://ieeexplore.ieee.org/document/9152675) - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.

- [MEV-explore](https://explore.flashbots.net/) - Help the community understand and quantify the significance of "Dark Forest activities" and their impact on the Ethereum network.

- [Flashloan monitor](https://monitor.blocksecteam.com/) - Dashboard that helps you monitor flashloan transactions.

- [Known Attacks](https://consensys.github.io/smart-contract-best-practices/known_attacks/) - A list of known attacks which you should be aware of, from Consensys.

- [Solidity Security](https://blog.sigmaprime.io/solidity-security.html) - Comprehensive list of known attack vectors and common anti-patterns.

## Vulnerabilities

- [SWC Registry](https://swcregistry.io/) - Smart Contract Weakness Classification and Test Cases.

- [246 Findings](https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/) - 246 Findings From Trail of Bits Smart Contract Audits.

- [A Survey of Security Vulnerabilities in Ethereum Smart Contracts](https://arxiv.org/pdf/2105.06974.pdf) - Explains eight vulnerabilities that are specific to the application level of blockchain technology by analyzing the past exploitation case scenarios of these security vulnerabilities.

- [List of Security Vulnerabilities](https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities) - A comprehensive list of common smart contract security vulnerabilities, compiled from various sources.

- [List of Known Bugs](https://docs.soliditylang.org/en/v0.8.1/bugs.html) - A JSON-formatted list of some of the known security-relevant bugs in the Solidity compiler.

## Controls

- [Simple Security Toolkit](https://github.com/nascentxyz/simple-security-toolkit) - Opinionated recommendations that the team at Nascent find to be appropriate,  particularly for teams developing and managing early versions of a protocol.

- [Gnosis Safe](https://docs.gnosis-safe.io) - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.

- [List of DeFi auditors](https://www.defisafety.com/auditors) - List of DeFi auditors maintained by DeFiSafety.

- [State of DeFi Audits](https://medium.com/conflux-network/the-overlooked-element-of-defi-adoption-e3b29829e3da) - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.

- [Building Secure Contracts](https://github.com/crytic/building-secure-contracts/) - Trail of Bits' guidelines and best practices on how to write secure smart contracts.

- [Solidity Patterns](https://fravoll.github.io/solidity-patterns/) - A compilation of patterns and best practices for the smart contract programming language Solidity.

- [Security Pattern for Ethereum and Solidity](https://docs.google.com/spreadsheets/d/1PF4QZudW6Z7EV4hqQfwPo3A43AVqPrsuzzzey5yRYcs/edit#gid=0) - Google Sheets Checklists.

- [Solidity Best Practices for Smart Contract Security](https://consensys.net/blog/developers/solidity-best-practices-for-smart-contract-security/) - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.

- [CERtified](https://cer.live/) - Top 100 exchanges by Cybersecurity rating.

- [Smart Contract Security Registry](https://github.com/ethereum-lists/contracts) - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.

- [Forta](https://docs.forta.network/) - Community-based runtime security network for smart contracts.

## Ecosystem

- [People to follow on Twitter](https://twitter.com/i/lists/1453086258436128770) - Twitter list to an overview of the web3 ecosystem and security people.

- [Videos to watch on YouTube](https://www.youtube.com/playlist?list=PLox242_JhiuEe64LzW1M8XpiQ2-N5bZsX) - YouTube playlist of web3 security videos.

## Footnotes

### See Also

Other Awesome Lists:

- [Awesome BlockSec CTF](https://github.com/0xjeffsec/awesome-blocksec-ctf) - Blockchain security Capture the Flag (CTF) competitions.

- [Awesome Buggy ERC20 Tokens](https://github.com/sec-bit/awesome-buggy-erc20-tokens) - Vulnerabilities in ERC20 Smart Contracts With Tokens Affected.

- [Awesome Cryptoeconomics](https://github.com/jpantunes/awesome-cryptoeconomics) - Cryptoeconomic research and learning materials.

- [Awesome Zero-Knowledge Proofs (ZKP)](https://github.com/matter-labs/awesome-zero-knowledge-proofs) - A curated list of awesome things related to learning Zero-Knowledge Proofs (ZKP).

- [Officer CIA's Ultimate DeFi Research Base](https://github.com/OffcierCia/ultimate-defi-research-base) - Curated DeFI & Blockchain research papers and tools.

- [Awesome MEV resources](https://github.com/0xalpharush/awesome-MEV-resources)