Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/offciercia/tips-solidity-code-auditors

Gaining the most elusive of tips. Add your input and let's collect them all!
https://github.com/offciercia/tips-solidity-code-auditors
audit bug-bounty bugbounty smart-contracts solidity web3
Last synced: 7 days ago
JSON representation
Gaining the most elusive of tips. Add your input and let's collect them all!
Host: GitHub
URL: https://github.com/offciercia/tips-solidity-code-auditors
Owner: OffcierCia
License: unlicense
Created: 2023-10-20T12:17:45.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-03-06T20:11:29.000Z (11 months ago)
Last Synced: 2025-01-07T22:08:49.169Z (14 days ago)
Topics: audit, bug-bounty, bugbounty, smart-contracts, solidity, web3
Homepage: https://officercia.mirror.xyz/
Size: 1.19 MB
Stars: 270
Watchers: 4
Forks: 26
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

        # Tips for Solidity Code Auditors

![Roadmap](./Taxonomy.png)

> Source at [wiki.r.security](https://wiki.r.security/wiki/Main_Page)

| Section                    | Link                                                                                                                         |

|----------------------------|------------------------------------------------------------------------------------------------------------------------------|

| General Tips & Suggestions | [Explore](https://github.com/OffcierCia/tips-solidity-code-auditors/blob/main/README.md#general-tips--suggestions)           |

| Tools & Services           | [Explore](https://github.com/OffcierCia/tips-solidity-code-auditors/blob/main/README.md#tools--services)                     |

| Useful Resources           | [Explore](https://github.com/OffcierCia/tips-solidity-code-auditors/blob/main/README.md#useful-resources---by-officerciaeth) |

| Awesome GitHub Lists       | [Explore](https://github.com/OffcierCia/tips-solidity-code-auditors/blob/main/README.md#awesome-github-lists)                |

| Additional Resources       | [Explore](https://github.com/OffcierCia/tips-solidity-code-auditors/blob/main/README.md#additional-resources)                |

| Work...?                   | [Explore](https://github.com/OffcierCia/tips-solidity-code-auditors/blob/main/README.md#work)                                |

| Support Me:                | [Explore](https://github.com/OffcierCia/tips-solidity-code-auditors/blob/main/README.md#support-me)                          |

> Gaining the most elusive of tips. Add your input and let's collect them all!

[![Support Project](https://img.shields.io/badge/Support-Project-critical)](https://github.com/OffcierCia/support/blob/main/README.md)

[![Mail](https://img.shields.io/badge/Mail-offcierciapr%40protonmail.com-brightgreen)](mailto:[email protected])

## General Tips & Suggestions

1.  Did you know that you [can](https://docs.blink.sh/advanced/code) utilize [VSCode](https://marketplace.visualstudio.com/items?itemName=BlinkShellInc.blink-fs) on your iPad ([preferably](https://twitter.com/0xkasper/status/1680373205440102401) with a Magic Keyboard) using the [Blink App](https://apps.apple.com/us/app/blink-shell-build-code/id1594898306)? If not, watch the [following video](https://youtu.be/BsbQxSUdUOw)! I hope you find this [tip](https://twitter.com/0xkasper/status/1680373205440102401) useful in your work!

2. Clone any project, then upload extension into [vscode](https://github.com/juanfranblanco/vscode-solidity), [2nd link](https://marketplace.visualstudio.com/items?itemName=Saw-mon-and-Natalie.vscode-evm-toolkit) -> add key from [sourcegraph](https://sourcegraph.com/search?q=context:global+file:MasterChef.sol&patternType=standard&sm=1&groupBy=repo), select the contract and the AI analyzes the structure of your project for you! Check out this [example](https://sourcegraph.com/search?q=context:global+file:MasterChef.sol&patternType=standard&sm=1&groupBy=repo)!

3. Try [auditwizard.io](https://www.auditwizard.io/) - revolutionize your workflow today!

4. Check out pre-built [security properties](https://github.com/0xNazgul/fuzzydefi) for commonly forked DeFi protocols.

5. MEV / Sandwich / Front-run & Back-run: [Compilation](https://telegra.ph/Cool-Pack-for-Chads-10-19) & [advanced](https://medium.com/1inch-network/advanced-mev-strategies-lp-sandwich-and-reverse-lp-sandwich-attacks-4558c631feff) info.

6. Try [Slither Detectors by Pessimistic.io](https://github.com/pessimistic-io/slitherin) & check out [SolCurity](https://github.com/Rari-Capital/solcurity).

7. Give a try: [Pyrometer](https://github.com/nascentxyz/pyrometer) & [Sporalyzer](https://blog.fungify.it/p/introducing-sporalyzer-a-tool-for).

8. Explore Web3 with full confidence guarded by [Web3Antivirus security browser extension](https://web3antivirus.io/) & [learn evm attacks](https://github.com/coinspect/learn-evm-attacks)! Consider [auditing](https://twitter.com/tpiliposian/status/1699387384075329718) as part of a team.

9. [Try using obsidian.md for notes!](https://github.com/WebBreacher/obsidian-osint-templates), set [it up correctly](https://github.com/thor314/obsidian-setup) & check out [Audit Quality](https://github.com/audit-quality)!

10. [Check out](https://officercia.mirror.xyz/DD3t4MB6J6GsRZlkqc8FSdW_4ZDa7pj6CAADzcGJiXo) R.xyz ([link!](https://r.xyz/)) and apply for a closed beta ([here](https://r.xyz/))!

11. Follow my [own blog](https://officercia.mirror.xyz/) & [Hexens' blog](https://hexens.io/blog)!

12. This project was created to support [Code4rena Bot Races with useful](https://github.com/DadeKuma/bot-racer) stats and tools. Read [more](https://twitter.com/0xtodorov/status/1650924881498742788) about it [here](https://x.com/DadeKuma/status/1656199257454530562?s=20) & try [4naly3er](https://github.com/Picodes/4naly3er)!

13. [Bot Racing: The Rise of Web3 Bots.](https://coinsbench.com/bot-racing-the-rise-of-web3-bots-3abda06cd448) & [Code4Rena Bot Racing explained](https://www.youtube.com/watch?v=XVQLSeGTJ_M)!

14. Check out GasBad which is an open-source project that evaluates [gas efficiency in Solidity](https://github.com/ecivini/gas-bad) libraries!

15. Try out this tool - it scans constructor of [solidity smart contract for checks](https://github.com/elkaholic6/Solidity-constructor-analysis) to zero address.

16. [DeFi Common Fork Bugs List](https://github.com/YAcademy-Residents/defi-fork-bugs).

17. There was also an [incredible tool](https://github.com/lpinilla/Smart-Contract-Hash-Matcher), and I really like [this idea](https://twitter.com/zellic_io/status/1592660477502717952), since it is probably a [logical continuation](https://twitter.com/zellic_io/status/1592660477502717952) of an [old script](https://github.com/lpinilla/Smart-Contract-Hash-Matcher) and [this service](https://contract-diff.xyz), but this is actually lot better than another simulator ([it](https://twitter.com/zellic_io/status/1592660477502717952) probably uses simulation like in [this](https://telegra.ph/A-Short-List-of-the-Rug-Checker-Tools-04-09) list).

18. Try using [Semgrep rules for smart contracts](https://github.com/Decurity/semgrep-smart-contracts) based on DeFi exploits!

19. Complete this [set of tasks](https://github.com/pessimistic-io/internship-tasks)!

20. Check out this curated [list of web3Security materials and resources](https://github.com/Anugrahsr/Awesome-web3-Security) For Pentesters and Bug Hunters!

21. Let's break down such a concept as mind-mapping - [study this list](https://github.com/OffcierCia/non-typical-OSINT-guide#mind-mapping) & check out [AuditorsRoadmap](https://github.com/razzorsec/AuditorsRoadmap) mind-map!

22. [Explorer Bookmark](https://twitter.com/tpiliposian/status/1716760766223630790) is a fantastic VS Code extension for all the code4rena Wardens, Sherlockdefi Watsons, and CodeHawks Hawks out there. No more struggling to find contracts in [scope among](https://www.youtube.com/watch?v=BDtbTCuJoOM) a sea of others. [With this extension](https://twitter.com/tpiliposian/status/1716760766223630790), you can easily collect in one place and access all the contracts within the scope of your audit. Enjoy a more streamlined workflow!

23. Also [use the "Hide Comments"](https://twitter.com/martinmarchev/status/1703396096070844508) VSCode extension when [auditing](https://medium.com/coinmonks/solidity-for-dummies-736312af0dfe). It [helps](https://blockchainalpha.hashnode.dev/how-to-build-a-profitable-web3-auditing-business-for-solo-auditors-and-firms) you cut through the noise, remain unbiased and focus on what the [code](https://medium.com/@numacodes/extrapolating-concepts-to-web3-coding-and-understanding-a-decentralized-bank-using-solidity-69797a771c47) truly does! Study [audits](https://zuhaibmd.medium.com/audit-anomalies-archive-issue-6-b6ed431e82b7) anomalies [archive](https://solodit.xyz/).

24. Use the "[Solidity Visual Developer](https://x.com/cyberthirst/status/1690271146371866625?s=20)" extension [which comes with the](https://twitter.com/realjohnnytime/status/1607705939104202752) **@audit, @audit-info, @audit-ok, @audit-issue** to categorize your notes!

25. Also Use [Inline Bookmarks](https://twitter.com/realjohnnytime/status/1668939507448573954) VSCode Extension by ConsenSys Audits to organize all your audit comments & findings! Thoroughly document/explain each function using simple language to [reason about](https://twitter.com/bytes032/status/1626206977897496576) it.

26. [How To Learn Fast?](https://degatchi.com/articles/how-to-learn-fast) | [How to make better decisions?](https://twitter.com/chamath/status/1719887650688282786)

## Tools & Services

- [glide.r](https://glide.r.xyz/)

- [sol2uml](https://github.com/naddison36/sol2uml)

- [tx2uml](https://github.com/naddison36/tx2uml)

- [EVM - Draw](https://twitter.com/danielvf/status/1637815201243320320) & [link](https://github.com/DanielVF/evm-contract-draw)

- [openchain.xyz](https://openchain.xyz/trace)

- [Vscode Solidity Inspector](https://github.com/PraneshASP/vscode-solidity-inspector)

- [EVM Slot Reader](https://evm-slotreader.on.fleek.co)

- [heimdall-rs](https://github.com/Jon-Becker/heimdall-rs)

- [EVM Bench](https://github.com/ziyadedher/evm-bench)

- [Function Selector Miner](https://github.com/kadenzipfel/function-selector-miner)

- [explorer.swiss-knife.xyz](https://explorer.swiss-knife.xyz/)

- [Solhunt](https://github.com/iFrostizz/solhunt)

- [Solsec](https://github.com/0xsanny/solsec)

- [Gas Gauge](https://arxiv.org/abs/2112.14771)

- [ityfuzz](https://github.com/fuzzland/ityfuzz)

- [evmdiff.com](https://www.evmdiff.com/)

- [contract-diff.xyz](https://contract-diff.xyz/)

- [x48.tools/diff](https://x48.tools/diff)

- [bytegraph.xyz](https://bytegraph.xyz/)

- [lcov-parse](https://www.npmjs.com/package/lcov-parse)

- [EVM cfg](https://github.com/plotchy/evm-cfg)

- [Check external calls in a contract](https://gist.github.com/0xalpharush/dc77c0beba3533bfea1c5457081222c5)

- [evm.storage](https://evm.storage/)

- [contractreader.io](https://www.contractreader.io)

- [Tatum Explorer](https://maltego.com/transform-hub/tatum-blockchain-explorer/)

- [cadcad.org](https://cadcad.org)

- [With this tool you can search across a half million git repos!](https://grep.app/search?q=verifyCallResult&filter[path][0]=contracts/)

- [Hardhat Gas Reporter](https://www.npmjs.com/package/hardhat-gas-reporter)

- [Get Ethereum block number by a given date.](https://www.npmjs.com/package/ethereum-block-by-date)

- [Hardhat plugin for exporting the contract storage layout.](https://www.npmjs.com/package/hardhat-storage-layout)

- [Allowing smart contract developers to do simulation driven development via an EVM emulator.](https://github.com/primitivefinance/arbiter)

- [Memory Strux](https://github.com/devtooligan/memory-strux)

- [tecommons.org](https://tecommons.org)

- [Octopus](https://github.com/FuzzingLabs/octopus)

- [Solidity rlp Encode](https://github.com/bakaoh/solidity-rlp-encode)

- [Dune to CSV](https://gist.github.com/rafaelugolini/063360764295b31b34e176de33e80171)

- [Duneanalytics Tools](https://github.com/itzmestar/duneanalytics)

- [machinations.io](https://machinations.io)

- [tenderly.co](https://tenderly.co/)

- [impersonator.xyz](https://www.impersonator.xyz/)

- [A 4-hr smart contract fuzzer speed run.](https://github.com/0xalpharush/fuzzing-like-a-degen)

- [Fuzzing cryptographic libraries. Magic bug printer go brrrr.](https://github.com/guidovranken/cryptofuzz)

## Useful Resources - by officercia.eth

- [Navigation Page](https://officercia.mirror.xyz/Uc1sf64yUCb0uo1DxR_nuif5EmMPs-RAshDyoAGEZZY)

- [BalancerV1 Integration Tips](https://officercia.mirror.xyz/lp4VdemAThz7J-KnwfrMK2LS0XIG5g9Pn1chAHbEdTs)

- [Meta-Transactions: General Overview](https://officercia.mirror.xyz/U4Q90DtLU-6A_Kfd6JWYrt2nMHohmSt_z56FWFHKyHI)

- [CurveV1 Integration Tips](https://officercia.mirror.xyz/83FZZWokJ63mewVW26YJyFCZhr3Mfgbo2ToM8IjL1fM)

- [Auditing Projects on the NEAR Blockchain: From Zero to Hero](https://officercia.mirror.xyz/XCAcCsZ2EU6Aviieqn_FfXmUnMNc9Z4gySuDTfJlLv4)

- [Reentrancy Attacks on Smart Contracts Distilled](https://officercia.mirror.xyz/RoWpSjah4hvKvCyrCgqtdyWX657e3-qUeShBZ2VtkUs)

- [Gas Gauge: Pressure Control](https://officercia.mirror.xyz/ZWYaJILJntwLtK7rXBfTU45bbBI7Zm1CXy5_S_YyDhM)

- [Short Types in Solidity: Rare Tricks Uncovered](https://officercia.mirror.xyz/SnmH8v6QV6jHa64boANXySxBZsem8oiSP7zxgss_BEU)

- [Fuzzing Solidity Smart Contracts with Echidna: Die-Hard Level Tips](https://officercia.mirror.xyz/4A39GO-YRE8JTe_M0CsMpig4tXOHb1-vg1Mcjz9Vd4M)

- [Slither: An Auditor’s Cornucopia](https://officercia.mirror.xyz/KwP9oK2RGnzgvdD8EIo6SwrrkFYhCWFCFBMn8NZ0LeU)

- [Per Aspera ad Astra: How to become a smart contract auditor & bugbounty-hunter](https://officercia.mirror.xyz/FvMKbibx7gDlufgZSkmYn77CI8HPBsVCeqUKmpXHr0k)

- [Tenderly App — a Swiss Pocketknife for the Web3 developer](https://officercia.medium.com/tenderly-app-a-swiss-pocketknife-for-the-web3-developer-89bb904bee46)

- [Convex Finance DeFi Integration Tips](https://officercia.mirror.xyz/tvtasrvZ3gaqm_jbbsSO4HQe8anNKLFIckgOX8W7DTE)

- [Auditing Tips for NFT Projects](https://officercia.mirror.xyz/YlW24vuFe7Ao0WWAxip1JgDXnyzX9B4cT_AoPFhD-Ww)

- [AAVE V3 DeFi Integration Tips](https://officercia.mirror.xyz/DqRTkbCToO3_YpauiR8tJGQKI-kBJfg5ZUwfUkfjDNQ)

- [AAVE V3 DeFi Integration: Specifications](https://blog.pessimistic.io/aave-v3-defi-integration-specifications-9e9ef9405be0)

- [Slitherin Timeline 2.0](https://officercia.mirror.xyz/8DABZlDeUubmCt8fLk6KbiPjBTIYAaOvIHHPuAgXpJs)

- [Compound v2 DeFi Integration: Specifications](https://officercia.mirror.xyz/l-mCHcRdRxUcm8rRN0_miR5bCrHnRSNtp6UrnSQ0dt4)

- [Compound v2 DeFi Integration Tips](https://officercia.mirror.xyz/kJahfTtMlojP3sJYiYshHQdI7DXxfCUwoWenHIa-wnI)

- [Oracles, Entropy & Chainlink VRF Secure Integration Tips](https://officercia.mirror.xyz/vUsNhI6GZhXWabifqFZqNmB93Fr0zsfIpCKBZEeEB7E)

- [Chainlink VRF Secure Integration Tips: Specifications](https://officercia.mirror.xyz/ekYLAK6uZl2fNCCzAL0eCTtImBD8fSdTurM0duryoxU)

- [Auditor’s Notes: Semantic Grep & Solidity](https://officercia.mirror.xyz/TU9__AcmdWlGuXfN8FQlKvh42gs6V1VbS7vOt0iz3kA)

- [Price & Reward Manipulation Attacks Distilled](https://officercia.mirror.xyz/2SXrASlpw5L4PPQpXhJgiNyJ9b2CqfDzQHcGXZd4CHk)

- [Read-only Reentrancy: In-Depth](https://officercia.mirror.xyz/DBzFiDuxmDOTQEbfXhvLdK0DXVpKu1Nkurk0Cqk3QKc)

- [Web3 Security Distilled](https://officercia.mirror.xyz/xleAGwAmESpXaHtOSuXde-u3dEnNIcOH6kVcMw1z9iI)

- [Arbitrum: Basic Features, Technical Details and Differences from Ethereum](https://officercia.mirror.xyz/d798TVQyA1ALq3qr1R9vvujdF7x-erXxK2wQWwbgRKY)

- [AMM (Automatic Market Makers) Integration Tips](https://officercia.mirror.xyz/dUf_OxeK8KvAWfdWHNaikJxDTEkfPRypFqnETJiMic4)

- [Web3 Security Distilled 2.0](https://officercia.mirror.xyz/VmSJDoV3c8xKDMRjTOl4DQ7KPgBTlb8cVdcTlOJxj1g)

- [Auditor’s Notes: Semantic Grep & Solidity 2.0](https://officercia.mirror.xyz/ykm5D6Rq1I-A74fLcQdkj8oBFhDImzF5UijNp7TWm3k)

- [Auditor’s Notes: ERC20 Integration Tips](https://officercia.mirror.xyz/W6V7cWFfK8xuHvezjGL-kyen6c1aJwlvqtwtlpIS53A)

- [Auditor’s Advice: Math, Solidity & Gas Optimizations | Part 1/3](https://officercia.mirror.xyz/vtVVxbV35ETiBGxm-IpcFPcsK2_ZkL7vgiiGUkeSsP0)

- [Auditor’s Advice: Solidity Checklist & Reentrancy Attack | Part 2/3](https://officercia.mirror.xyz/AoRdvL3Lp5K5JHjlgpWaOHo_CehH-amZSAm9pxuFdwQ)

- [Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3](https://officercia.mirror.xyz/UDdVm2Nhc4obWJz9Sc-5MeYEZC4Lx04POy9M4v3cM34)

- [Auditor’s Notes: Initializing, Proxy, Oracles & Multi-Chain](https://officercia.mirror.xyz/y7pHWYwL6cQwsSToolCvg2EuMkHZK5dfDSiRtS0akX8)

- [Auditor’s Notes: Tokens, EIP-712 & Meta-Transactions](https://officercia.mirror.xyz/nlIR1RkT5xIv4sZFYiOXCPhF2BJyAaJtOeVr6zsULsA)

- [Remediate Web3: R.xyz](https://officercia.mirror.xyz/6hcUrIuAvO3OvICYK_MvcvGvximGxRIT8CpjSsggYro)

- [Arbitrary Calls & New Slitherin Detector Release](https://officercia.mirror.xyz/tgIGArMaNUSZiYpsSht5RdKj_hHEvMUhR9Cyw32dmZk)

## Awesome GitHub Lists

- [DeFi Developer Road Map](https://github.com/OffcierCia/DeFi-Developer-Road-Map)

- [Awesome On-Chain Forensic HandBook](https://github.com/OffcierCia/On-Chain-Investigations-Tools-List)

- [Ultimate DeFi & Blockchain Research Base](https://github.com/OffcierCia/ultimate-defi-research-base)

- [The Atypical OSINT Guide](https://github.com/OffcierCia/non-typical-OSINT-guide)

## Additional Resources

- [MVP for OpSec](https://docs.google.com/document/u/0/d/1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ/mobilebasic)

- [The ultimate framework to best secure your Dapp and optimize the money spent on security reviews.](https://www.beirao.xyz/blog/Security-framework)

- [Zk Proofs Explained](https://drive.google.com/file/d/12-e1g8Ad7q0avIOge-NELNBaDlpmk0TV/view)

- [On Bitcon Custody...](https://www.youtube.com/watch?v=LTMAEN6wR8o)

- [Join my TG folder!](https://t.me/addlist/uesom31GM1I4Yjgy)

- [The Ultimate Security Checklist](https://www.beirao.xyz/blog/Security-checklist)

- [Easy Quick Start Guide: Сrypto Data Analytics by 0xdatawolf](https://www.linkedin.com/pulse/easy-quick-start-guide-crypto-data-analytics-0xdatawolf--pzjlc)

- [All About Tenderly Sandbox](https://blog.tenderly.co/how-to-use-sandbox-as-smart-contract-playground/)

- [Vault Math - How much shares to mint? How much token to withdraw?](https://www.youtube.com/watch?v=k7WNibJOBXE)

- [Tools for Solidity Extension](https://x.com/bytes032/status/1755645440056238563)

- [Pen-Testing on Android and MacBook](https://medium.com/bugbountywriteup/effortless-android-pen-testing-on-macbook-m1-and-m2-2024-a1d199aba617)

- [In-line file import suggestions with Foundry remapping support](https://x.com/0xasp_/status/1757102924595974519)

- [Foundry Cheatsheet](https://github.com/dabit3/foundry-cheatsheet)

- [Yet Another Audit DB](https://auth.auditbase.com)

- [Template repository intended to ease fuzzing components of Solidity projects, especially libraries.](https://github.com/patrickd-/solidity-fuzzing-boilerplate)

- [An interactive Solidity shell with lightweight session recording and remote compiler support.](https://github.com/tintinweb/solidity-shell)

- [Gas Numbers Every Solidity Dev Should Know!](https://0xmacro.com/library/gas-nums)

- [This repository contains projects implementing both low-level and high-level concepts of Solidity in an incremental learning pattern!](https://github.com/tinotendajoe01/Solidity-Blockhain)

- [Learn how to build on Ethereum; the superpowers and the gotchas.](https://speedrunethereum.com/)

- [This is a course for hackers, programmers, and software engineers who learn by doing!](https://chill-tortoise-d94.notion.site/EVM-From-Scratch-fa3c9d605b714c4da27701789b0d11c5)

- [Smart Contracts Security by Ethereum.org](https://ethereum.org/ka/developers/docs/smart-contracts/security/)

- [Re-entrancy Attack Patterns List](https://github.com/uni-due-syssec/eth-reentrancy-attack-patterns)

- [This project aims to curate a comprehensive list of independently hosted bug bounty programs within the Web3 ecosystem that offer substantial rewards, with payouts ranging into six figures.](https://github.com/JeffCX/collection-web3-bug-bounty)

- [To learn common smart contract vulnerabilities using Foundry!](https://github.com//SunWeb3Sec/DeFiVulnLabs)

- [The difference between Auditor and Security Researcher](https://aitorzaldua.medium.com/the-difference-between-auditor-and-security-researcher-843caec1ee5d)

- [This Repository contains list of Common NFT Attack Vectors.](https://github.com/Quillhash/NFT-Attack-Vectors)

- [NFT Attacks List](https://0xvolodya.hashnode.dev/nft-attacks)

- [Single-command flamegraph profiling Tool](https://www.npmjs.com/package/0x)

- [High Severity Findings List](https://tom-sol.notion.site/f9d3a62122d34b479b52ea3e0583bd57?v=9c303b31cca845638e78c25da29fa5de)

- [An Ethers.js compatible signer that connects to AWS KMS.](https://www.npmjs.com/package/ethers-aws-kms-signer)

- [Ethereum EVM illustrated](https://takenobu-hs.github.io/downloads/ethereum_evm_illustrated.pdf)

- [Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.](https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook)

- [Smart Contract Security Verification Standard](https://github.com/ComposableSecurity/SCSVS)

- [Immunefi PoC Templates](https://medium.com/immunefi/immunefi-poc-templates-4345f098ac69)

- [Foundry Forge Coverage](https://www.rareskills.io/post/foundry-forge-coverage)

- [Audit Techniques & Tools 101](https://secureum.substack.com/p/audit-techniques-and-tools-101)

- [State of the art of detection evasion, for web3 malware.](https://github.com/apehex/web3-evasion-techniques)

- [EEA EthTrust Security Levels Specification v1](https://entethalliance.org/specs/ethtrust-sl/)

- [Flash Crash for Cash: Cyber Threats in Decentralized Finance](https://arxiv.org/pdf/2106.10740.pdf)

- [This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts](https://github.com/shanzson/Smart-Contract-Auditor-Tools-and-Techniques)

- [Robust, open-source contract verification for the EVM.](https://covecontracts.com/)

- [Roadmap for Web3/Smart Contract Hacking | 2022](https://sm4rty.medium.com/roadmap-for-web3-smart-contract-hacking-2022-229e4e1565f9)

- [Information about web3 security and programming tutorials/tools](https://github.com/immunefi-team/Web3-Security-Library)

- [What happens when you send 1 DAI](https://www.notonlyowner.com/learn/what-happens-when-you-send-one-dai/)

- [How to Read Smart Contracts](https://defieducation.substack.com/p/how-to-read-smart-contracts-part)

- [Bytes032 Blog](https://bytes032.xyz)

- [Pentacle Security List](https://pentacle.xyz/projects/security)

- [ list of FREE resources to make Web3 accessible to everyone.](https://github.com/FrancescoXX/100-days-of-Web3)

- [How to understand EVM byte code...](https://blog.trustlook.com/understand-evm-bytecode-part-1/)

- [Awesome Blogs](https://start.me/p/QRg5ad/officercia) & [Explanation](https://t.me/officer_cia/155)

- [How to access real-time smart contract data from Python code (using Lido contract as an example)](https://medium.com/@balakhonoff_47314/how-to-access-real-time-smart-contract-data-from-python-code-using-lido-as-an-example-38738ff077c5)

- [Wallet EIP-712 Injection Vulnerability](https://www.coinspect.com/wallet-EIP-712-injection-vulnerability/)

- [Vyper: A Security Comparison with Solidity Based on Common Vulnerabilities](https://arxiv.org/pdf/2003.07435.pdf)

- [Unprotected Swap() Function: A ERC777 Reentrancy Vulnerability](https://medium.com/@Heuss/unprotected-swap-function-a-erc777-reentrancy-vulnerability-81aaeaa75a2a)

- [Metamorphic Smart Contracts: Is EVM Code Truly Immutable?](https://mixbytes.io/blog/metamorphic-smart-contracts-is-evm-code-truly-immutable)

- [One more problem with ERC777](https://mixbytes.io/blog/one-more-problem-with-erc777)

- [Randomness List](https://alpine-agate-fa5.notion.site/Randomness-a0632b0800814de280e273b9cdb264bc)

### Front-end Security

- [Frontend Security, Web2 vs Web3 Bugs](https://www.theseus.fi/bitstream/handle/10024/170724/Aboualy_Mahmoud_bachelor_thesis.pdf)

- [Scroll Workshop Rust House](https://drive.google.com/file/d/12-e1g8Ad7q0avIOge-NELNBaDlpmk0TV/view)

- [DApp Frontend Security](https://blog.embarklabs.io/news/2020/01/30/dapp-frontend-security/index.html)

- [MVP for OpSec](https://docs.google.com/document/u/0/d/1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ/mobilebasic)

## Work...?

- [Web3 Security Distilled 2.0](https://officercia.mirror.xyz/VmSJDoV3c8xKDMRjTOl4DQ7KPgBTlb8cVdcTlOJxj1g)

- [Crypto Jobs List - Main](https://docs.google.com/spreadsheets/d/1AfCSrl98bNGE5_Iq-N6zYx5xmuCBpoEkiBCDQD5Keh4/edit#gid=0)

- [web3.smsunarto.com](https://web3.smsunarto.com)

- [hexens.io/careers](https://hexens.io/careers)

- [2023 Global Crypto Events & Hackathons](https://docs.google.com/spreadsheets/d/1uRB5lt67Eoxfattljko7IvuQvpqkLt66YpOev9XJ22o/edit?usp=sharing)

- [Check out](https://officercia.mirror.xyz/DD3t4MB6J6GsRZlkqc8FSdW_4ZDa7pj6CAADzcGJiXo) R.xyz ([link!](https://r.xyz/)) and apply for a closed beta ([here](https://r.xyz/))!

- [Crypto Telegram & Discord Channels & Chats](https://telegra.ph/Crypto-Telegram-Channels--Chats-04-19)

- [Jobsincrypto](https://twitter.com/jobsincrypto)

- [CryptoJobsList](https://twitter.com/CryptoJobsList)

- [Jobs TG Folder](https://t.me/addlist/Mz3-gOsjmh5lYmVi)

- [LobsterHR](https://t.me/lobsters_hr)

- [DeveloperDAO](https://twitter.com/developer_dao)

- [LidoGrants](https://twitter.com/LidoGrants)

- [GitCoin](https://twitter.com/gitcoin)

- [anonfriendly.com](http://anonfriendly.com)

- [Web3grants](https://twitter.com/web3grants)

- [hackathons.live](https://hackathons.live)

- [hackenproof.com](http://hackenproof.com)

- [bbscope](https://github.com/sw33tLie/bbscope)

- [immunefi.com](https://immunefi.com)

- [code4rena.com](https://code4rena.com)

- [sherlock.xyz](https://www.sherlock.xyz)

- [spearbit.com](https://spearbit.com)

- [Web3SecurityDAO](https://twitter.com/Web3SecurityDAO)

- [WHITE HAT DAO](https://twitter.com/White_Hat_DAO)

- [Hats.Finance](https://twitter.com/HatsFinance)

- [crypto-jobs-fyi.github.io](https://crypto-jobs-fyi.github.io/web/)

- [auditjobs.xyz](https://auditjobs.xyz/)

- [intropia.io/hire](https://intropia.io/hire)

- [solodit.xyz](https://solodit.xyz)

- [codehawks.com](https://www.codehawks.com)

- [www.jobstash.xyz](https://www.jobstash.xyz)

- [frontrunnrs.xyz](https://frontrunnrs.xyz)

- [www.jobprotocol.xyz](https://www.jobprotocol.xyz)

## Support Me:

The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:

- **[0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A](https://etherscan.io/address/0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A)** — ERC20 & ETH [officercia.eth](https://etherscan.io/enslookup-search?search=officercia.eth)

- **[17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU](https://blockchair.com/bitcoin/address/17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU)** - BTC

- **4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds** - Monero/XMR

- You can also support me by minting one of my [Mirror articles NFTs](https://officercia.mirror.xyz/)!

#

- [Check out my Telegram Channel](https://t.me/officer_cia)

- [Follow my Twitter](https://twitter.com/officer_cia)

- [Track all my activities](https://t.me/officer_cia/296)

- [All my Socials](https://t.me/officer_cia/296)

### **Thank you! Stay safe!**