Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/slowmistio/BlockChain-Security-List
BlockChain-Security-List
https://github.com/slowmistio/BlockChain-Security-List
Last synced: 3 months ago
JSON representation
BlockChain-Security-List
- Host: GitHub
- URL: https://github.com/slowmistio/BlockChain-Security-List
- Owner: slowmistio
- Created: 2018-05-30T03:58:49.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2018-05-30T03:55:58.000Z (over 6 years ago)
- Last Synced: 2024-05-19T02:12:11.834Z (6 months ago)
- Size: 0 Bytes
- Stars: 97
- Watchers: 4
- Forks: 27
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **53**星 - Security-List (<a id="8c5a692b5d26527ef346687e047c5c21"></a>收集)
README
BlockChain-Security-List
About cryptocurrency security. (reverse, exploit, fuzz..)
欢迎加入!此List会跟踪最新情报实时更新。
 
## Tools
[mythril](https://github.com/ConsenSys/mythril) - Security analysis tool for Ethereum smart contracts
[manticore](https://github.com/trailofbits/manticore) - Symbolic execution tool
[Slither](https://trailofbits.wufoo.com/forms/m1qfujq31qyj9ee/) - Slither combines a set of proprietary static analyses on Solidity
[Porosity](https://github.com/comaeio/porosity) - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts
[Echidna](https://github.com/trailofbits/echidna) - Ethereum fuzz testing framework
[Oyente](https://github.com/melonproject/oyente) - An Analysis Tool for Smart Contracts
[Porosity](https://github.com/comaeio/porosity) - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts.
[Mythril](https://github.com/ConsenSys/mythril) - Security analysis tool for Ethereum smart contracts.
[MAIAN](https://github.com/MAIAN-tool/MAIAN) - Automatic tool for finding trace vulnerabilities in Ethereum smart contracts.
[Echidna](https://github.com/trailofbits/echidna) - Ethereum fuzz testing framework.
[Manticore](https://github.com/trailofbits/manticore) - Manticore uses symbolic execution to simulate complex multi-contract and multi-transaction attacks against EVM bytecode.
[Ethersplay](https://github.com/trailofbits/ethersplay) - A graphical EVM disassembler with advanced features. (Binja)
[Oyente](https://github.com/melonproject/oyente) - An automatic EVM code analyzer based on symbolic execution and Z3 SMT solver.
[IDA-EVM](https://github.com/trailofbits/ida-evm) - IDA Processor Module for the Ethereum Virtual Machine.
[Evmdis](https://github.com/arachnid/evmdis) - EVM disassembler.
[Securify](https://securify.ch/) - Formal Verification of Ethereum Smart Contracts.
[Rattle](https://trailofbits.wufoo.com/forms/m1qfujq31qyj9ee/) - Rattle is an EVM static analyzer that analyzes the EVM bytecode directly for vulnerabilities.
[Slither](https://trailofbits.wufoo.com/forms/m1qfujq31qyj9ee/) - Static analyses on Solidity.
[Diligence](https://consensys.net/diligence/) - Security Services, Tools and Best Practices for the Ethereum Ecosystem.
[fuildai](https://fluidai.co/) - Fluid is an AI that can automatically find and fix fatal security vulnerabilities in Smart Contracts.
## Blogs
[区块链安全专题智库](https://bcsec.org/)
[PeckShield Inc. - Blog](https://www.peckshield.com/blog.html)
[Security Archives - Ethereum Blog](https://blog.ethereum.org/category/security/)
[Blockchain-sec](https://blockchain-sec.com/)
[猎豹移动区块链中心](https://www.cmcmbc.com/zh-cn/blog/)
[隐形人真忙-区块链安全](https://blog.csdn.net/u011721501/article/category/7483965)
[Trailofbits-blockchain](https://blog.trailofbits.com/category/blockchain/)
[blackhat](https://cansecwest.com/slides/2018/Blackhat%20Ethereum%20%20Ryan%20Stortz%20and%20Jay%20Little,%20Trail%20of%20Bits,%20Inc.pdf) - Blackhat Ethereum.
[solidified](https://medium.com/solidified/parity-hack-how-it-happened-and-its-aftermath-9bffb2105c0) - Parity hack.
[arvanaghi 1](https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/) - Reversing ethereum smart contracts.
[arvanaghi 2](https://arvanaghi.com/blog/reversing-ethereum-smart-contracts-pt2/) - Reversing ethereum smart contracts 2.
[ret2](https://blog.ret2.io/2018/05/16/practical-eth-decompilation/) - Practical ETH decompilation.
[loom-network](https://medium.com/loom-network/how-to-secure-your-smart-contracts-6-solidity-vulnerabilities-and-how-to-avoid-them-part-1-c33048d4d17d) - 6 vulnerabilities and how to avoid them part 1.
[ETH assembly](https://medium.com/@xJonathan/reverse-engineering-ethereum-smart-contract-lets-talk-assembly-10c38b8e3c2) - Lets talk assembly.
[radare2](https://blog.positive.com/reversing-evm-bytecode-with-radare2-ab77247e5e53) - Reversing EVM bytecode with radare2.
[Etherum security tools](https://blog.trailofbits.com/2018/03/23/use-our-suite-of-ethereum-security-tools/) - Trailofbits Ethereum security tools.
[Hackernoon](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df) - Analyzing Ethereum smart contracts for vulnerabilities.
[nccgroup](https://www.nccgroup.trust/us/our-research/discovering-smart-contract-vulnerabilities-with-goatcasino/?style=Cyber+Security) - Discovering Smart Contract Vulnerabilities with GOATCasino.
[Arseny Reutov](https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620) - Predicting Random Numbers in Ethereum Smart Contracts.
[funfair](https://funfair.io/randomness-is-a-big-deal/) - Randomness is a big deal.
## Training
[Ethernaut](https://ethernaut.zeppelin.solutions/level/0x6545df87f57d21cb096a0bfcc53a70464d062512) - The ethernaut is a Web3/Solidity based wargame.
[GOATCasino](https://github.com/nccgroup/GOATCasino) - GOATCasino is a Truffle project which deploys a set of intentionally vulnerable smart contracts.
## Events
[Blockchain-Graveyard](https://magoo.github.io/Blockchain-Graveyard/)
[Coindesk](https://www.coindesk.com/?s=) //search keyword,like 'hack'、'attack'...
[36kr-tag-anquan](https://36kr.com/tags/anquan)
[cnn-bitcoin-crime](https://www.ccn.com/bitcoin-crime/)
[scmagazineuk-cryptocurrency](https://www.scmagazineuk.com/cryptocurrency/topic/48080/)
## Vulnerabilities
[DASP](http://www.dasp.co/)
[Smart Contract Best Practices](https://github.com/ConsenSys/smart-contract-best-practices)
[BitcoinWiki-Weaknesses](https://en.bitcoin.it/wiki/Weaknesses)
[BitcoinWiki-CVEs](https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures)
[Go-ethereum issue vuln](https://github.com/ethereum/go-ethereum/issues?utf8=%E2%9C%93&q=label%3Avuln)
[Examples of Solidity security issues ](https://github.com/trailofbits/not-so-smart-contracts)
[Scanning-ethereum-smart-contracts-for-vulnerabilities](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df)
[Smart Contract Security](https://blog.ethereum.org/2016/06/10/smart-contract-security/)
[Solidity Security Considerations](http://solidity.readthedocs.io/en/latest/security-considerations.html)
## MISC
[dasp](http://dasp.co/) - Decentralized Application Security Project (or DASP) Top 10 of 2018.
[Not so smart conracts](https://github.com/trailofbits/not-so-smart-contracts) - Examples of Solidity security issues.
[EVM opcodes](https://github.com/trailofbits/evm-opcodes) - Ethereum opcodes and instruction reference.
## Threats
[Go-ethereum issue bug](https://github.com/ethereum/go-ethereum/issues?q=is%3Aopen+is%3Aissue+label%3Abug)
[Solidity issue bug](https://github.com/ethereum/solidity/issues?utf8=%E2%9C%93&q=label%3Abug+)
[Reddit ethereum](https://www.reddit.com/r/ethereum/)
[Bitcointalk](https://bitcointalk.org/index.php?board=6.0)
[Stackexchange ethereum security](https://ethereum.stackexchange.com/questions/tagged/security)
[Stackexchange bitcoin security](https://bitcoin.stackexchange.com/questions/tagged/security)
## Paper
[区块链安全分析报告](https://bcsec.org/blockchainsecurity_v1.pdf)
[区块链安全生存指南](https://chaitin.cn/cn/download/blockchain_security_guide_20180507.pdf)
[Hacking Blockchain](https://www.rsaconference.com/writable/presentations/file_upload/fon4-t11_hacking_blockchain.pdf)
[BGP hijacking](https://en.wikipedia.org/wiki/BGP_hijacking)
[Safe-wallet-white-paper](https://www.cmcmbc.com/zh-cn/blog/research/2018-04-18/79.html)
[Blockchains-how-to-steal-millions-in-264-operations](https://research.kudelskisecurity.com/2018/01/16/blockchains-how-to-steal-millions-in-264-operations/)
[Quantum attacks on Bitcoin, and how to protect against them](https://arxiv.org/pdf/1710.10377.pdf)
[Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](http://cs-people.bu.edu/heilman/eclipse/)
[Smarter](https://eprint.iacr.org/2016/633.pdf) - Making Smart Contracts Smarter.
[Yellow Paper](https://ethereum.github.io/yellowpaper/paper.pdf) - Ethereum: a secure decentralised generalised transaction ledger.
## Reports
[New allowAnyone Bug Identified in Multiple ERC20 Smart Contracts](https://peckshield.com/2018/05/29/eosOOB/)
[Analyzing and Reproducing the EOS Out-of-Bound Write Vulnerability in nodeos](https://peckshield.com/2018/05/29/eosOOB/)
[Audit report of iohk’s etc wallet](https://research.kudelskisecurity.com/2018/01/26/audit-report-of-iohks-etc-wallet/)
[Audit report of the waves platform](https://research.kudelskisecurity.com/2017/10/10/audit-report-of-the-waves-platform/)
## Awesomes
[solidity-audit-checklist](https://github.com/miguelmota/solidity-audit-checklist)
[EOS bp nodes security checklist](https://github.com/slowmist/eos-bp-nodes-security-checklist)
[pentesting-ethereum-dapps](https://arvanaghi.com/blog/pentesting-ethereum-dapps/)
[awesome](https://github.com/sindresorhus/awesome)
[awesome ethereum](https://github.com/btomashvili/awesome-ethereum)
[awesome ethereum virtual machine](https://github.com/pirapira/awesome-ethereum-virtual-machine)
## Jobs
[Slowmist](https://www.slowmist.com/)
[Ethercasts](https://jobs.ethercasts.com/)
[Solidified](https://solidified.io/)
[codementor](https://www.codementor.io/solidity-developers)
[iosiro](https://www.iosiro.com/)
## The author
I'M ,
Thanks to all blockchain security researchers