Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/werew/awesome-blockchain-security

A curated list of awesome blockchain security resources
https://github.com/werew/awesome-blockchain-security

List: awesome-blockchain-security

Last synced: about 1 month ago
JSON representation

A curated list of awesome blockchain security resources

Awesome Lists containing this project

README 

        
# Awesome Blockchain Security [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)



> A curated list of blockchain security resources



## Contents



- [Lists](#lists)

- [Vulnerabilities](#vulnerabilities)

- [Incidents](#incidents)

- [Audits](#audits)

- [Security Testing](#security-testing)

- [Safe Frameworks](#safe-frameworks)

- [Bug Bounties](#bug-bounties)

- [Reverse Engineering](#reverse-engineering)



## Lists



- [Ethereum Smart Contract Security Best Practices by ConsenSys](https://consensys.github.io/smart-contract-best-practices/)

- [Awesome Blockchain Security by Chainflag](https://github.com/chainflag/awesome-blockchain-security)

- Coming soon: smart contract security knowledge base



## Vulnerabilities



- [SWC Registry](https://swcregistry.io/)

- [Solidity bugs](https://docs.soliditylang.org/en/develop/bugs.html)

- [Smart Contract Attack Vectors](https://github.com/KadenZipfel/smart-contract-attack-vectors)

- [Ethereum Smart Contract Security Best Practices](https://consensys.github.io/smart-contract-best-practices/)



## Incidents



- [Rekt.news](https://rekt.news/)

- [Blockchain graveyard](https://magoo.github.io/Blockchain-Graveyard/)

- [Blocksec incidents](https://github.com/m4xx101/blocksec-incidents)



## Audits



- [OpenZeppelin Audits](https://blog.openzeppelin.com/security-audits/)

- [Collection of 101 findings from audits](https://secureum.substack.com/p/audit-findings-101)



## Security Testing



- [Manticore](https://github.com/trailofbits/manticore)

- [hevm](https://github.com/dapphub/dapptools/tree/master/src/hevm)

- [MythX](https://mythx.io/)

- [Solidity coverage](https://github.com/sc-forks/solidity-coverage)

- [List of Static and Dynamic Analysis tools](https://consensys.github.io/smart-contract-best-practices/security-tools/static-and-dynamic-analysis/)



## Safe Frameworks



- [OpenZeppelin Contracts](https://github.com/OpenZeppelin/openzeppelin-contracts)



## CTF & Wargames



- [Chainflag](https://github.com/chainflag/ctf-blockchain-challenges)

- [The Ethernaut](https://ethernaut.openzeppelin.com/)

- [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz)

- [Paradigm CTF](https://ctf.paradigm.xyz/)

- [CTF-wiki list](https://ctf-wiki.org/blockchain/challenges/)



### Writeups



- [ETH Challenges for X-MASCTF2021](https://github.com/joswha/ethxmasctf2021)

- [Misc writeups by @hitcxy](https://github.com/hitcxy/blockchain-challenges)

- [34c3 CTF archive](https://archive.aachen.ccc.de/34c3ctf.ccc.ac/challenges/index.html)

- [Paradigm CTF 2021](https://github.com/paradigm-operations/paradigm-ctf-2021)



## Bug Bounties



- [Bug Bounties list](https://consensys.github.io/smart-contract-best-practices/bug-bounty-programs/)



## Reverse engineering



### Learn



- [Deconstructing a Solidity Contract](https://blog.openzeppelin.com/deconstructing-a-solidity-contract-part-i-introduction-832efd2d7737/)



### Tools



- [Ethereum Signature Database](https://www.4byte.directory/)

- [EVM Opcodes and Decompiler](https://ethervm.io/)

- [EVM GFG builder](https://github.com/crytic/evm_cfg_builder)

- [JEB decompiler](https://www.pnfsoftware.com/blog/ethereum-smart-contract-decompiler/)

- [Ethersplay: Binary Ninja plugin](https://github.com/crytic/ethersplay)

- [Ghidra EVM](https://github.com/adelapie/ghidra-evm)



## Contribute



Contributions welcome! Read the [contribution guidelines](contributing.md) first.