Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/waseemofficial/blockchain_security

blockchain security
https://github.com/waseemofficial/blockchain_security

solidity

Last synced: 22 days ago
JSON representation

blockchain security

Host: GitHub
URL: https://github.com/waseemofficial/blockchain_security
Owner: waseemofficial
License: mit
Created: 2023-12-06T11:18:03.000Z (12 months ago)
Default Branch: main
Last Pushed: 2024-07-17T15:13:03.000Z (4 months ago)
Last Synced: 2024-10-11T03:05:54.913Z (about 1 month ago)
Topics: solidity
Language: Solidity
Homepage:
Size: 17 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

---

### Languages

![Solidity](https://img.shields.io/badge/-Solidity-000?&logo=Solidity)
![Bash](https://img.shields.io/badge/-Bash-000?&logo=gnu-bash&logoColor=white)
![Bash](https://img.shields.io/badge/-markdown-000?&logo=markdown)

### Technologies

![Linux](https://img.shields.io/badge/-Linux-000?&logo=Linux)
![GitHub](https://img.shields.io/badge/-GitHub-000?&logo=GitHub)
![Solidity](https://img.shields.io/badge/-Solidity-000?&logo=Solidity)
![Foundry](https://img.shields.io/badge/-Foundry-000?&logo=Foundry)
![GithubActions](https://img.shields.io/badge/-GithubActions-000?&logo=GithubActions)

---

# 🔐 Security Audits: Safeguarding Your Codebase 🛡️

Security Audit Steps

1. Initial Review
- Scoping
- Reconnaissance
- Vulnerability identification
- Reporting
2. Protocol fixes
- Fixes issues
- Retests and adds tests
3. Mitigation Rewiew
- Reconnaissance
- Vulnerability identification
- Reporting

first Audit Password Storage
Link:-`https://sepolia.etherscan.io/address/0x2ecf6ad327776bf966893c96efb24c9747f6694b#code`

First Step check For compiliance with __Rekt Test__
```
The Rekt Test Questions

1. Do you have all actors, roles, and privileges documented?
2. Do you keep documentation of all the external services, contracts, and oracles you rely on?
3. Do you have a written and tested incident response plan?
4. Do you document the best ways to attack your system?
5. Do you perform identity verification and background checks on all employees?
6. Do you have a team member with security defined in their role?
7. Do you require hardware security keys for production systems?
8. Does your key management system require multiple humans and physical steps?
9. Do you define key invariants for your system and test them on every commit?
10. Do you use the best automated tools to discover security issues in your code?
11. Do you undergo external audits and maintain a vulnerability disclosure or bug bounty program?
12. Have you considered and mitigated avenues for abusing users of your system?
```

## How to Evaluate Findings Impact on the protocol:

https://docs.codehawks.com/hawks-auditors/how-to-evaluate-a-finding-severity

```
High Impact:

1. Funds are directly or nearly directly at risk.

2. There's a severe disruption of protocol functionality or availability.

Medium Impact:

1. Funds are indirectly at risk.

2. There's some level of disruption to the protocol's functionality or availability.

Low Impact:

1. Funds are not at risk.

2. However, a function might be incorrect, state might not be handled appropriately, etc.

```

## Static Analysis tools:

- Slither
- `slither .`
- Aderyn
- `aderyn --root .`

-----

## 📚 Resources

- [Security Auditing Best Practices](docs/best-practices.md)
- [Vulnerability Management Guide](docs/vulnerability-management.md)
- [Secure Coding Guidelines](docs/secure-coding.md)

Let's work together to build secure and resilient applications! 🔒✨