├── README.md
└── Security Library
├── Access Control.md
├── Blockchain Node Security.md
├── Blockchain Security News.md
├── CDP lending borrowing.md
├── CTFs and Puzzles.md
├── DOS.md
├── DeFi.md
├── ERC-1155.md
├── ERC-20.md
├── ERC-4337.md
├── ERC-4626.md
├── ERC-721.md
├── ERC-777.md
├── EVM Internals Low level.md
├── Findings Search Utilities and Databases.md
├── Formal Verification Symbolic Execution.md
├── Fuzzing.md
├── Gas.md
├── General.md
├── Governance.md
├── L2 Bridges.md
├── LSD.md
├── List of Hacks and Exploits.md
├── MEV.md
├── Oracle Flashloans.md
├── Over Underflow.md
├── Reentrancy.md
├── Reversing.md
├── RoadMaps.md
├── Rounding Math.md
├── Security Checklists.md
├── Security Courses.md
├── Security Monitoring Protection.md
├── Signature vulnerabilities.md
├── Tools.md
├── Upgradability.md
├── Validation Logic errors.md
└── ZK.md
/README.md:
--------------------------------------------------------------------------------
1 | # Blockchain Security Library
2 | A library of blockchain security resources for various categories in blockchain.
3 |
4 |
Contributing
5 | Want to add something blockchain security related? Create a PR making sure that:
6 |
7 | 1. It is blockchain security related.
8 | 2. Link is in the correct section or can be made into a new section.
9 | 3. It stays in alphabetical order.
10 |
11 | Do you think something would better fit in another section? Create an issue about why you think so.
12 |
13 | Table of Contents
14 |
15 | - [Access Control](./Security%20Library/Access%20Control.md)
16 | - [Blockchain Node Security](./Security%20Library/Blockchain%20Node%20Security.md)
17 | - [Blockchain Security News](./Security%20Library/Blockchain%20Security%20News.md)
18 | - [CDP, Lending and Borrowing](./Security%20Library/CDP%20lending%20borrowing.md)
19 | - [CTFs and Puzzles](./Security%20Library/CTFs%20and%20Puzzles.md)
20 | - [DeFi](./Security%20Library/DeFi.md)
21 | - [DOS](./Security%20Library/DOS.md)
22 | - [ERC-20](./Security%20Library/ERC-20.md)
23 | - [ERC-721](./Security%20Library/ERC-721.md)
24 | - [ERC-777](./Security%20Library/ERC-777.md)
25 | - [ERC-1155](./Security%20Library/ERC-1155.md)
26 | - [ERC-4337](./Security%20Library/ERC-4337.md)
27 | - [ERC-4626](./Security%20Library/ERC-4626.md)
28 | - [EVM Internals and Low Level](./Security%20Library/EVM%20Internals%20Low%20level.md)
29 | - [Findings Search Utilities and Databases](./Security%20Library/Findings%20Search%20Utilities%20and%20Databases.md)
30 | - [Formal Verification and Symbolic Execution](./Security%20Library/Formal%20Verification%20Symbolic%20Execution.md)
31 | - [Fuzzing](./Security%20Library/Fuzzing.md)
32 | - [Gas](./Security%20Library/Gas.md)
33 | - [General](./Security%20Library/General.md)
34 | - [Governance](./Security%20Library/Governance.md)
35 | - [L2 and Bridges](./Security%20Library/L2%20Bridges.md)
36 | - [List of Hacks and Exploits](./Security%20Library/List%20of%20Hacks%20and%20Exploits.md)
37 | - [LSD](./Security%20Library/LSD.md)
38 | - [MEV](./Security%20Library/MEV.md)
39 | - [Oracle and Flashloans](./Security%20Library/Oracle%20Flashloans.md)
40 | - [Over/Underflow](./Security%20Library/Over%20Underflow.md)
41 | - [Reentrancy](./Security%20Library/Reentrancy.md)
42 | - [Reversing](./Security%20Library/Reversing.md)
43 | - [RoadMaps](./Security%20Library/RoadMaps.md)
44 | - [Rounding and Math](./Security%20Library/Rounding%20Math.md)
45 | - [Security Checklists](./Security%20Library/Security%20Checklists.md)
46 | - [Security Courses](./Security%20Library/Security%20Courses.md)
47 | - [Security Monitoring and Protection](./Security%20Library/Security%20Monitoring%20Protection.md)
48 | - [Signature Vulnerabilities](./Security%20Library/Signature%20vulnerabilities.md)
49 | - [Tools](./Security%20Library/Tools.md)
50 | - [Upgradability](./Security%20Library/Upgradability.md)
51 | - [Validation and Logic errors](./Security%20Library/Validation%20Logic%20errors.md)
52 | - [ZK](./Security%20Library/ZK.md)
--------------------------------------------------------------------------------
/Security Library/Access Control.md:
--------------------------------------------------------------------------------
1 | # Access Control
2 |
3 | - [Access Control Vulnerabilities in Solidity Smart Contracts](https://www.immunebytes.com/blog/access-control-vulnerabilities-in-solidity-smart-contracts/)
4 | - [Access Control Vulnerability in DeFi](https://quillaudits.medium.com/access-control-vulnerability-in-defi-quillaudits-909e7ed4582c)
5 | - [Admin Brick & Forced Revert](https://dacian.me/28k-bounty-admin-brick-forced-revert)
6 | - [Attack Vectors in Solidity #1: Inappropriate Access Control](https://medium.com/@natachigram/attack-vectors-in-solidity-1-inappropriate-access-control-55b700fcd973)
7 | - [CoW Swap Solver Exploit— Post mortem](https://blog.cow.fi/cow-swap-solver-exploit-post-mortem-07-02-2023-2faa9f918e29)
8 | - [Cryptoninja World NFT hack Analysis — Improper Access control](https://blog.solidityscan.com/cryptoninja-world-nft-hack-analysis-improper-access-control-6d22a95db51a)
9 | - [Degen Millionaires Club hack](https://medium.com/@degenmillionairesclub/dmc-exploit-5th-february-2023-465972b76e2f)
10 | - [Dungeon Swap and Launch Zone Exploit](https://medium.com/neptune-mutual/dungeon-swap-and-launch-zone-exploit-d9cb9c8b026)
11 | - [Enzyme Vulnerability Thread](https://twitter.com/enzymefinance/status/1643893025532178432)
12 | - [Land NFT Hack Thread](https://twitter.com/beosinalert/status/1658000784943124480)
13 | - [MetaPoint Hack Analysis](https://blog.solidityscan.com/metapoint-hack-analysis-public-asset-transfer-approval-a0bd611e7557)
14 | - [SAFEMOON - REKT](https://rekt.news/safemoon-rekt/)
15 | - [SafeMoon Exploit Explained](https://www.zellic.io/blog/safemoon-exploit-explained/)
16 | - [The Role of Access Control in Solidity Smart Contracts](https://composable-security.com/blog/the-role-of-access-control-in-solidity-smart-contracts/)
17 | - [Thunder Lands Hack Thread](https://twitter.com/AnciliaInc/status/1637881882737283073)
18 | - [Uncovering a High Severity Access Control Vulnerability](https://medium.com/@JohnnyTime/uncovering-a-high-severity-access-control-vulnerability-lessons-from-auditing-contests-81c7a10b4ca7)
19 | - [Understanding Local Traders Exploit](https://medium.com/neptune-mutual/understanding-local-traders-exploit-d5e1f373b10f)
20 | - [Unlock Protocol Hack Thread](https://twitter.com/AnciliaInc/status/1649270348716867586)
21 |
22 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Blockchain Node Security.md:
--------------------------------------------------------------------------------
1 | # Blockchain Node Security
2 |
3 | - [$150,000 Evmos Vulnerability Through Reading Documentation](https://medium.com/@jjordanjjordan/150-000-evmos-vulnerability-through-reading-documentation-d26328590a7a)
4 | - [Attacking an Ethereum L2 with Unbridled Optimism](https://www.saurik.com/optimism.html)
5 | - [awesome cosmos security](https://github.com/deliriusz/awesome-cosmos-security)
6 | - [Awesome Cosmos Security](https://github.com/deliriusz/awesome-cosmos-security)
7 | - [Cosmos SDK Security](https://www.youtube.com/watch?v=nccSqS1e-E8)
8 | - [DogeReaper is a critical vulnerability on Dogecoin](https://x.com/EfficiencyDOGE/status/1864357823163060316)
9 | - [Ethereum protocol attackathon academy](https://immunefi.com/academy/ethereum-protocol-attackathon/)
10 | - [Geth audits](https://github.com/ethereum/go-ethereum/tree/master/docs/audits)
11 | - [Geth Security/advisories](https://github.com/ethereum/go-ethereum/security/advisories?page=1&state=published)
12 | - [Geth vulnerabilities](https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities.json)
13 | - [Helping Secure BNB Chain Through Responsible Disclosure](https://jumpcrypto.com/writing/helping-secure-bnb-chain-through-responsible-disclosure/)
14 | - [Hyperledger Besu audits](https://lf-hyperledger.atlassian.net/wiki/spaces/SEC/pages/20283630/Security+Code+Audits)
15 | - [Killing Filecoin nodes](https://blog.trailofbits.com/2024/11/13/killing-filecoin-nodes/)
16 | - [pwning.eth, How did I Save 70000 ETH and Win 6 Million Bug Bounty](https://pwning.mirror.xyz/CB4XUkbJVwPo7CaRwRmCApaP2DMjPQccW-NOcCwQlAs)
17 | - [Reth - Ethereum code line-by-line](https://www.youtube.com/watch?v=gPQ-uXj03iQ)
18 | - [Reth audits](https://github.com/paradigmxyz/reth/tree/main/audit)
19 | - [Solana’s consensus explained](https://x.com/Neodyme/status/1868683825242607773)
20 | - [The Block Mined In January, 584942419325](https://samczsun.com/the-block-mined-in-january-584942419325/)
21 | - [Total NEAR Shutdown](https://neumo.hashnode.dev/total-near-shutdown)
22 | - [Usmannk Godwoken Bug Report](https://usmannkhan.com/bug%20reports/2024/06/03/godwoken-bug-report.html)
23 | - [Usmannk Sei Bug Report](https://usmannkhan.com/bug%20reports/2024/06/17/sei-bug-report.html)
24 | - [Web3 Ping of Death](https://www.zellic.io/blog/near-protocol-bug/)
25 |
26 | [Return](../README.md#blockchain-security-library)
27 |
--------------------------------------------------------------------------------
/Security Library/Blockchain Security News.md:
--------------------------------------------------------------------------------
1 | # Blockchain Security News
2 |
3 | - [Blockchain Threat Intelligence](https://newsletter.blockthreat.io/archive)
4 | - [HashingBits](https://quillaudits.substack.com/)
5 | - [Immunefi](https://immunefi.medium.com/)
6 | - [Security Pills (Mix of both web2 & web3)](https://newsletter.securitypills.news/)
7 | - [Web3 Security Watch](https://olympix.substack.com/)
8 | - [Web3Sec News](https://www.web3sec.news/)
9 | - [Week in Ethereum News](https://weekinethereumnews.com/)
10 |
11 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/CDP lending borrowing.md:
--------------------------------------------------------------------------------
1 | # CDP, Lending and Borrowing
2 |
3 | - [0xriptide Discussion on lending/borrowing bugs Thread](https://twitter.com/0xriptide/status/1694291589097542130)
4 | - [Aave Fork Checklist](https://gist.github.com/aviggiano/4c21d79fff3437f3799da1e44e425e06)
5 | - [Borrowing on Ethereum: Comparing Architecture Evolution of MakerDAO, Yield, Aave, Compound, & Euler](https://hackernoon.com/borrowing-on-ethereum-comparing-architecture-evolution-of-makerdao-yield-aave-compound-and-euler)
6 | - [CDP Checklist](https://github.com/Decurity/audit-checklists/blob/master/cdp.md)
7 | - [Compound v2 DeFi Integration: Specifications](https://blog.pessimistic.io/compound-v2-defi-integration-specifications-b13f74781b4f)
8 | - [Compound V2 in Depth](https://betterprogramming.pub/compound-v2-in-depth-6227c0528b5)
9 | - [Compound-v3 Book](https://www.rareskills.io/compound-v3-book)
10 | - [DeFi Lending Concepts Part 1: Lending and Borrowing](https://blog.smlxl.io/defi-lending-concepts-part-1-lending-and-borrowing-f646d6a08dd7)
11 | - [How (Not) to Create a DeFi CDP or Lending Protocol](https://www.zellic.io/blog/how-not-to-create-a-cdp-or-lending-protocol/)
12 | - [Issues in Certain Forks of Gains Network](https://www.zellic.io/blog/issues-in-forks-of-gains/)
13 | - [Lending/Borrowing DeFi Attacks](https://dacian.me/lending-borrowing-defi-attacks)
14 | - [Radiant Capital Hack Analysis](https://blog.solidityscan.com/radiant-capital-hack-analysis-b300ebdeee29)
15 | - [Typical vulnerabilities in lending and CDP protocols](https://blog.decurity.io/typical-vulnerabilities-in-lending-and-cdp-protocols-e778e540e215)
16 | - [Understanding Compound’s Liquidation](https://zengo.com/understanding-compounds-liquidation)
17 | - [Vulnerable Spots of Lending Protocols](https://mixbytes.io/blog/vulnerable-spots-of-lending-protocols)
18 |
19 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/CTFs and Puzzles.md:
--------------------------------------------------------------------------------
1 | # CTFs and Puzzles
2 |
3 | - [A-MAZE-X: A Smart Contract Security Capture the Flag Workshop](https://github.com/secureum/secureum-a-maze-x-challenges)
4 | - [Blocksec CTFs](https://github.com/blockthreat/blocksec-ctfs)
5 | - [Breaking Down the Puzzles in ZK Hack V](https://www.zellic.io/blog/zellic-wins-two-puzzles-in-zkhack-v/)
6 | - [Code is Law 2](https://github.com/orenyomtov/code-is-law-2)
7 | - [CTF Blockchain](https://github.com/minaminao/ctf-blockchain)
8 | - [CTF Challenge by Egis Security](https://github.com/Egis-Security/CTF_Challenge)
9 | - [CTF Lending](https://github.com/MrToph/ctf-lending)
10 | - [CTF Protocol](https://www.ctfprotocol.com/)
11 | - [Curta Archive](https://github.com/0xsomnus/curta-archive)
12 | - [Curta Golf](https://github.com/waterfall-mkt/curta-golf)
13 | - [Curta Write Ups](https://github.com/waterfall-mkt/curta-write-ups)
14 | - [Damn Vulnerable DeFi](https://github.com/tinchoabbate/damn-vulnerable-defi)
15 | - [Decently Safe DeFi](https://github.com/AshiqAmien/decently-safe-defi)
16 | - [Decipher EVM Puzzles](https://github.com/zaryab2000/decipher_EVM_Puzzles)
17 | - [DownUnderCTF Blockchain CTF](https://github.com/DownUnderCTF/Challenges_2022_Public#blockchain)
18 | - [Ethernaut CTF 2024](https://github.com/OpenZeppelin/ctf-2024)
19 | - [Ethernaut](https://ethernaut.openzeppelin.com/)
20 | - [EVM Puzzles](https://github.com/fvictorio/evm-puzzles)
21 | - [EVM through CTFs](https://www.evmthroughctfs.com/)
22 | - [Gas Puzzles](https://github.com/RareSkills/gas-puzzles)
23 | - [Grey Cat The Flag](https://ctfd.nusgreyhats.org/)
24 | - [HalbornSecurity CTFs](https://github.com/HalbornSecurity/CTFs)
25 | - [Hats Finance Games](https://github.com/hats-finance/games)
26 | - [Hats Finance vault-game](https://github.com/hats-finance/vault-game)
27 | - [More EVM Puzzles](https://github.com/daltyboy11/more-evm-puzzles)
28 | - [Mr Steal Yo Crypto](https://mrstealyocrypto.xyz/)
29 | - [Offensive Vyper](https://github.com/jtriley-eth/offensive_vyper)
30 | - [Paradigm CTF 2021](https://github.com/paradigmxyz/paradigm-ctf-2021)
31 | - [Paradigm CTF 2022 teaser](https://github.com/paradigmxyz/paradigm-ctf-2022-teaser)
32 | - [Paradigm CTF 2022](https://github.com/paradigmxyz/paradigm-ctf-2022)
33 | - [Protocol CTF](https://github.com/lightclient/protocol-ctf)
34 | - [Secureum A-MAZE-X Maison de la Chimie](https://github.com/secureum/AMAZEX-DSS-PARIS)
35 | - [Secureum A-MAZE-X Stanford](https://github.com/secureum/DeFi-Security-Summit-Stanford)
36 | - [Sherlock x Secureum CTF](https://github.com/sherlock-protocol/sherlock-ctf-0x0)
37 | - [SkidsDAO CTF](https://github.com/SkidsDAO/skidsdao-ctf-22-jul-22)
38 | - [Smart Contract Hacker Playground](https://github.com/thec00n/Smart-Contract-Hacker-Playground)
39 | - [Sol Challenge](https://github.com/massun-onibakuchi/sol-challenge)
40 | - [Solana CTF](https://github.com/neodyme-labs/solana-ctf)
41 | - [Solidity Challenges](https://github.com/beskay/solidity-challenges)
42 | - [Solidity Riddles](https://github.com/RareSkills/solidity-riddles)
43 | - [Solidity Trivias](https://github.com/ajsantander/trivias)
44 | - [Solidity Underhanded Contest](https://github.com/ethereum/solidity-underhanded-contest)
45 | - [Sussy Huff CTF](https://github.com/Philogy/sussy-huff-ctf)
46 | - [Tardis](https://github.com/fiveoutofnine/tardis)
47 | - [UnhackedCTF](https://github.com/unhackedctf)
48 | - [VyperPunk](https://github.com/SupremacyTeam/VyperPunk)
49 | - [Yet Another EVM Puzzle](https://github.com/mattaereal/yet-another-evm-puzzle)
50 | - [Zero Knowledge Puzzles](https://github.com/RareSkills/zero-knowledge-puzzles)
51 |
52 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/DOS.md:
--------------------------------------------------------------------------------
1 | # DOS
2 |
3 | - [0xkarmacoma A Study of Return Bombing Thread](https://twitter.com/0xkarmacoma/status/1763746082537017725)
4 | - [Charged Particles Griefing Bugfix Review](https://medium.com/immunefi/charged-particles-griefing-bug-fix-postmortem-d2791e49a66b)
5 | - [Intro to Smart Contract Security Audit: DOS](https://slowmist.medium.com/intro-to-smart-contract-security-audit-dos-e23e9e901e26)
6 | - [Mass-Disclosure of Griefing Vulnerabilities](https://medium.com/dedaub/mass-disclosure-of-griefing-vulnerabilities-afe787864a52)
7 | - [Permission denied](https://www.trust-security.xyz/post/permission-denied)
8 | - [Solidity Smart Contract Unbounded Loops DOS Attack Vulnerability Explained with REAL Example](https://medium.com/@JohnnyTime/solidity-smart-contract-unbounded-loops-dos-attack-vulnerability-explained-with-real-example-f4b4aca27c08)
9 | - [Stacks DoS Bugfix Review](https://medium.com/immunefi/stacks-dos-bugfix-review-dc0f2a75b276)
10 | - [Threshold tBTC Vulnerabilities Disclosed](https://blog.threshold.network/a-tale-of-two-bugs/)
11 |
12 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/DeFi.md:
--------------------------------------------------------------------------------
1 | # DeFi
2 |
3 | - [A Deep Dive Into The Uniswap-v2 Protocol](https://betterprogramming.pub/uniswap-v2-in-depth-98075c826254)
4 | - [Aave Unleashed](https://calnix.gitbook.io/aave-unleashed)
5 | - [Aave V3 DeFi Integration Tips](https://blog.pessimistic.io/aave-v3-defi-integration-tips-54089749cd4a)
6 | - [akshaysrivastv First Deposit Bug in Compound-v2 Thread](https://twitter.com/akshaysrivastv/status/1623949274894700545)
7 | - [All About DeFi and Future of Finance - Full Course in 4 playlists](https://twitter.com/I_S_Valkov/status/1692269130554949857?t=58avFInFzm3ouu7F3O5dxg)
8 | - [AMM Checklist](https://github.com/Decurity/audit-checklists/blob/master/amm.md)
9 | - [AMM Market Manipulation](https://community.thecreed.xyz/c/warez/amm-market-manipulation)
10 | - [Attacks on Dynamic DeFi Interest Rate Curves](https://arxiv.org/abs/2307.13139)
11 | - [Auditor’s Digest : Incorrect TWAP implementations](https://medium.com/@chinmayf/auditors-digest-incorrect-twap-implementations-05285636f21e)
12 | - [Awesome Uniswap Hooks](https://github.com/fewwwww/awesome-uniswap-hooks)
13 | - [Balancer-v1 Integration Tips](https://blog.pessimistic.io/balancerv1-integration-tips-594067785e8b)
14 | - [Bitpaid Hack Thread](https://twitter.com/BlockSecTeam/status/1657411284076478465)
15 | - [bytes032 Liquidations Thread](https://twitter.com/bytes032/status/1702692496160280613)
16 | - [bytes032 Reward Based Protocols Thread](https://twitter.com/bytes032/status/1673707323355799552)
17 | - [Concentrated Liquidity Manager Vulnerabilities](https://dacian.me/concentrated-liquidity-manager-vulnerabilities)
18 | - [Convex Finance DeFi Integration Tips](https://blog.pessimistic.io/convex-finance-defi-integration-tips-1bacfe73d3ce)
19 | - [Curve-v1 Integration Tips](https://blog.pessimistic.io/curvev1-integration-tips-a49af7b4b46a)
20 | - [Decentralized Finance (DeFi) Attacks](https://arxiv.org/abs/2208.13035)
21 | - [Decentralized Finance Threat Matrix](https://github.com/manifoldfinance/defi-threat)
22 | - [DeFi Attack Vectors](https://github.com/Quillhash/DeFi-Attack-Vectors)
23 | - [DeFi Design Takeaways from DeFi Risk Modelling](https://blog.yacademy.dev/2024-05-03-merging-economics-and-security/)
24 | - [Defi fork bugs](https://github.com/YAcademy-Residents/defi-fork-bugs)
25 | - [DeFi Liquidation Vulnerabilities](https://dacian.me/defi-liquidation-vulnerabilities)
26 | - [DeFi Risk Modelling Awesome](https://github.com/engn33r/DeFi-Risk-Modelling-Awesome)
27 | - [DeFi Slippage Attacks](https://dacian.me/defi-slippage-attacks)
28 | - [Euler Finance Incident Post-Mortem](https://medium.com/@omniscia.io/euler-finance-incident-post-mortem-1ce077c28454)
29 | - [Floki Inu hack Thread](https://twitter.com/AnciliaInc/status/1655971355790286849)
30 | - [How Concentrated Liquidity in Uniswap V3 Works](https://www.rareskills.io/post/uniswap-v3-concentrated-liquidity)
31 | - [How Was ASKACR Token Exploited?](https://medium.com/neptune-mutual/how-was-askacr-token-exploited-60afcdbfe77d)
32 | - [How Was LunaFi Exploited?](https://medium.com/neptune-mutual/how-was-lunafi-exploited-80d661e3a08a)
33 | - [KyberSwap Elastic bug](https://100proof.org/kyberswap-post-mortem.html)
34 | - [Level Finance Hack Analysis](https://blog.solidityscan.com/level-finance-hack-analysis-16fda3996ecb)
35 | - [Manipulating $GPT Token's Fee Mechanism Thread](https://twitter.com/Phalcon_xyz/status/1661424685320634368)
36 | - [Modern DEXes, how they're made: Uniswap V4](https://mixbytes.io/blog/modern-dex-es-how-they-re-made-uniswap-v4#rec815409097)
37 | - [Numerical Analysis](https://paragraph.xyz/@spearbit/numerical-analysis)
38 | - [Overview of the Inflation Attack](https://mixbytes.io/blog/overview-of-the-inflation-attack)
39 | - [Para.Space Hack](https://medium.com/@Ancilia/thunderstorm-come-to-para-space-68f1dd6995b9)
40 | - [Precision Loss Errors](https://dacian.me/precision-loss-errors)
41 | - [Price & Reward Manipulation Attacks Distilled](https://blog.pessimistic.io/price-reward-manipulation-attacks-distilled-cfec2aa8feeb)
42 | - [Retrospecting Unhealthy Order Allowance Vulnerability in Perpetual Protocol](https://medium.com/chainlight/retrospecting-unhealthy-order-allowance-vulnerability-in-perpetual-protocol-49b3c07230dc)
43 | - [Snooker Token Hack Analysis](https://blog.solidityscan.com/snooker-token-hack-analysis-acd89cce6311)
44 | - [So you want to use TWAP?](https://medium.com/@chinmayf/so-you-want-to-use-twap-1f992f9d3819)
45 | - [StErMi Aave-v3 Bug Bounty Parts 1 - 3](https://stermi.medium.com/aave-v3-bug-bounty-part-1-security-concerns-and-improvements-about-the-executeflashloan-function-47a91fd4c067)
46 | - [Thorns in the Rose: Exploring Security Risks in Uniswap v4’s Novel Hook Mechanism](https://blocksecteam.medium.com/thorns-in-the-rose-exploring-security-risks-in-uniswap-v4s-novel-hook-mechanism-270f22158087)
47 | - [TradFi, Meet DeFi](https://www.zellic.io/blog/breaking-down-the-economics-of-defi-hacks/)
48 | - [Typical Vulnerabilities in AMM Protocols](https://blog.decurity.io/typical-vulnerabilities-in-amm-protocols-9006f7986ba0)
49 | - [Uniswap V4 Swap: Deep Dive Into Execution and Accounting](https://www.cyfrin.io/blog/uniswap-v4-swap-deep-dive-into-execution-and-accounting)
50 | - [Uniswap-v3 Book](https://uniswapv3book.com/)
51 | - [Uniswap-v3 Ticks - Dive Into Concentrated Liquidity](https://mixbytes.io/blog/uniswap-v3-ticks-dive-into-concentrated-liquidity)
52 | - [Uniswap-v4 - Q64.96 Explained](https://medium.com/@bloqarl/uniswaps-q64-96-explained-essential-security-tips-for-hook-developers-4bfc4afad2f7)
53 | - [Uniswap-v4 - Threat Modeling For Secure Integration](https://composable-security.com/blog/uniswap-v-4-threat-modeling-for-secure-integration/)
54 | - [wh01s7 Uniswap-v4 Hooks Thread](https://twitter.com/wh01s7/status/1729812462571012144)
55 | - [When bug-fixes go wrong: RAI debt auctions bug](https://mirror.xyz/vnmrtz.eth/WXm4QJFInoB992czPniFbQyAkGUkdoaSd5zEjK5uRIo)
56 |
57 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/ERC-1155.md:
--------------------------------------------------------------------------------
1 | # ERC-1155
2 |
3 | - [ERC-721/ERC-1155 Contract Development and ecurity](https://medium.com/@sharkteam/erc721-erc1155-contract-development-and-security-a086abbb84f5)
4 | - [Security Analysis of the ERC 1155 NFT Smart Contract](https://blog.quillaudits.com/2023/02/20/security-analysis-of-the-erc-1155-nft-smart-contract/)
5 | - [Your Guide to ERC-1155](https://www.alchemy.com/blog/comparing-erc-721-to-erc-1155)
6 |
7 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/ERC-20.md:
--------------------------------------------------------------------------------
1 | # ERC-20
2 |
3 | - [12 ERC20 Edge Cases Video](https://www.youtube.com/watch?v=Tx0f8A2Yd3k)
4 | - [Another Attack Due To Deflationary Token Compatibility Issues](https://slowmist.medium.com/another-attack-due-to-deflationary-token-compatibility-issues-214f9f0a55df)
5 | - [Auditor’s Notes: ERC20 Integration Tips](https://officercia.mirror.xyz/W6V7cWFfK8xuHvezjGL-kyen6c1aJwlvqtwtlpIS53A)
6 | - [Awesome Buggy ERC20 Tokens](https://github.com/sec-bit/awesome-buggy-erc20-tokens)
7 | - [bZx’s Hack Analysis](https://immunebytes.medium.com/bzxs-security-focused-relaunch-followed-by-a-hack-how-immunebytes-9e1974d31211)
8 | - [Contract Development and contract Security For ERC20 Related Business](https://medium.com/@sharkteam/contract-development-and-contract-security-for-erc20-related-business-c7e1551ddaf8)
9 | - [danielvf Rebasing Tokens Thread](https://twitter.com/danielvf/status/1632801806588731394)
10 | - [ERC-20 Standard – Security Department Statement](https://callisto.network/erc-20-standard-security-department-statement/)
11 | - [ERC20 Standard Main Issue](https://callisto.network/erc20-standard-main-issue/)
12 | - [ERC20 Weirdness & Attacks Part 1](https://33audits.hashnode.dev/erc20-weirdness-attacks-part-1)
13 | - [How to Avoid Issues Related to Deflationary Tokens](https://medium.com/@Beosin_com/how-to-avoid-issues-related-to-deflationary-tokens-2fb3c5d5e6b3)
14 | - [How to Ensure Web3 Users Are Safe from Zero Transfer Attacks](https://blog.openzeppelin.com/how-to-ensure-web3-users-are-safe-from-zero-transfer-attacks)
15 | - [Kaoya Swap Hack](https://immunebytes.medium.com/kaoya-swap-hack-aug-24-2022-deep-analysis-immunebytes-b94e995939d7)
16 | - [Known Problems of ERC-20 Token Standard](https://dexaran820.medium.com/known-problems-of-erc20-token-standard-e98887b9532c)
17 | - [Navigating The Pitfalls of Securely Interacting With ERC20 Tokens](https://soliditydeveloper.com/safe-erc20)
18 | - [Public Transfer Vulnerability of The Tether Gold Smart Contract](https://blocksecteam.medium.com/public-transfer-vulnerability-of-the-tether-gold-smart-contract-662694607d35)
19 | - [Smart Contract Security Guidelines #1](https://blog.openzeppelin.com/workshop-recap-secure-development-workshop-1)
20 | - [The Importance of Secure ERC20 Tokens: Ensuring Trust in The World of Decentralized Finance](https://www.truscova.com/blog_article_16.php)
21 | - [Token Interaction Checklist](https://consensys.io/diligence/blog/2020/11/token-interaction-checklist/)
22 | - [Token Tester](https://github.com/bEsPoKeN-tOkEns/token-tester)
23 | - [Tradeoff Between Convenience and Security](https://blocksecteam.medium.com/unlimited-approval-in-erc20-convenience-or-security-1c8dce421ed7)
24 | - [Weird ERC20](https://github.com/d-xo/weird-erc20)
25 | - [Why you should ALWAYS use SafeERC20](https://medium.com/@JohnnyTime/why-you-should-always-use-safeerc20-94f44aa852d8)
26 |
27 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/ERC-4337.md:
--------------------------------------------------------------------------------
1 | # ERC-4337
2 |
3 | - [A Deep dive Into The Main Components of ERC-4337](https://medium.com/oak-security/a-deep-dive-into-the-main-components-of-erc-4337-account-abstraction-using-alt-mempool-part-1-3a1ed1bd3a9b)
4 | - [Account Abstraction Security Guide](https://medium.com/chainlight/patch-thursday-account-abstraction-security-guide-c348cc5e36ee)
5 | - [Account Abstraction: A Comprehensive Guide](https://www.halborn.com/blog/post/account-abstraction-a-comprehensive-guide)
6 | - [Account Abstraction: Security for Auditors](https://33audits.hashnode.dev/account-abstraction-security-for-auditors)
7 | - [Account Abstraction: Use Cases, Technical Overview, and Security Considerations](https://www.arbitraryexecution.com/blog/account-abstraction-overview)
8 | - [Account Abstraction's Impact on Security and User Experience](https://blog.openzeppelin.com/account-abstractions-impact-on-security-and-user-experience)
9 | - [Account Abstraction](https://mixbytes.io/blog/account-abstraction)
10 | - [EIP-4337 – Ethereum Account Abstraction Incremental Audit](https://blog.openzeppelin.com/eip-4337-ethereum-account-abstraction-incremental-audit)
11 | - [ERC-4337 Audit Checklist](https://github.com/aviggiano/security/blob/main/audit-checklists/ERC-4337.md)
12 | - [ERC-4337 Primer](https://www.zellic.io/blog/erc-4337-primer/)
13 | - [ERC-4337 Sample VerifyingPaymaster Signature Replay attack](https://taekdev.notion.site/ERC4337-Sample-VerifyingPaymaster-Signature-Replay-attack-56335dc2cd3b45caa3fb5e96b82db7af)
14 | - [ERC-4337 UserOperation Packing Vulnerability](https://www.alchemy.com/blog/erc-4337-useroperation-packing-vulnerability)
15 | - [leekt216 EIP-4337 Manager Selfdestruct Vulnerability Thread](https://twitter.com/leekt216/status/1625147853890023426)
16 | - [mattyTokenomics EIP-4337: Account Abstraction Thread](https://twitter.com/mattyTokenomics/status/1679808097009946624?t=H2vhOycpYLkAUJeswH2TVg)
17 | - [MEV Exploration: From the Perspective of ERC-4377](https://defihacklabs.substack.com/p/mev-exploration-from-the-perspective)
18 | - [Security Audit Checklist for Account Abstraction Wallets](https://slowmist.medium.com/slowmist-security-audit-checklist-for-account-abstraction-wallets-ed48fc10cdbc)
19 | - [Security Checkpoints for EIP-4337 Based Account Abstraction Implementation](https://medium.com/coinmonks/security-checkpoints-for-eip-4337-based-account-abstraction-implementation-6ed2f2134ecc)
20 | - [Smart Contract Audit of Sock’s ERC-4337 Compliant Self-Custodial Trading Platform](https://hacken.io/case-studies/auditing-sock-erc-4337/)
21 | - [Smashing ERC-4337 Wallets For Fun and Profit](https://bountyhunt3r.xyz/smashing-erc4337-wallets-for-fun-and-profit-intro)
22 | - [Understanding ERC-4337 User Operation Packing Vulnerability](https://blog.quillaudits.com/2023/04/24/understanding-erc-4337-user-operation-packing-vulnerability/)
23 |
24 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/ERC-4626.md:
--------------------------------------------------------------------------------
1 | # ERC-4626
2 |
3 | - [A Novel Defense Against ERC-4626 Inflation Attacks](https://blog.openzeppelin.com/a-novel-defense-against-erc4626-inflation-attacks)
4 | - [ERC-4626 Token Standard And Its Security Concerns Explained](https://blog.quillaudits.com/2023/09/08/erc-4626-token-standard-and-its-security-concerns-explained/)
5 | - [ERC4626 Interface Explained](https://www.rareskills.io/post/erc4626)
6 | - [Exchange Rate Manipulation in ERC4626 Vaults](https://www.euler.finance/blog/exchange-rate-manipulation-in-erc4626-vaults)
7 | - [Exploring ERC-4626: A Security Primer](https://www.zellic.io/blog/exploring-erc-4626/)
8 | - [Is my ERC-4626 vault token up to the standard?](https://runtimeverification.com/blog/is-my-erc-4626-vault-token-up-to-the-standard)
9 | - [Shared Vulnerabilities Between ERC-4626 Vaults and Vault-Like Contracts](https://www.arbitraryexecution.com/blog/shared-vulnerabilities-between-erc-4626-vaults-and-vault-like-contracts-deep-dive-part-1)
10 |
11 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/ERC-721.md:
--------------------------------------------------------------------------------
1 | # ERC-721
2 |
3 | - [A Comprehensive Guide To The ERC721 Standard and Related Security Issues](https://www.rareskills.io/post/erc721)
4 | - [A Research Into NFT Whitelist Bypass Vulnerability (1/2)](https://medium.com/@Beosin_com/a-research-into-nft-whitelist-bypass-vulnerability-1-926d8147b8e3)
5 | - [An Analysis of the Attack on the OmniX NFT Platform](https://slowmist.medium.com/slowmist-an-analysis-of-the-attack-on-the-omnix-nft-platform-51f89a6042ca)
6 | - [Are NFTs Safe?](https://hacken.io/discover/are-nfts-safe-how-to-ensure-security-of-your-nfts/)
7 | - [Audita’s Vulnerability Highlights: Part 1](https://medium.com/@audita/auditas-vulnerability-highlights-part-1-750e16ea25af)
8 | - [Auditing Tips for NFT Projects](https://officercia.mirror.xyz/YlW24vuFe7Ao0WWAxip1JgDXnyzX9B4cT_AoPFhD-Ww)
9 | - [Beosin: 10 Ways to Teach You How to Guard the NFT Assets](https://medium.com/coinmonks/beosin-10-ways-to-teach-you-how-to-guard-the-nft-assets-99e320b509e4)
10 | - [Best Practices for Secure NFT Development](https://blaize.tech/article-type/web3-security/best-practices-for-secure-nft-development/)
11 | - [Critical NFT Bridge Vulnerability](https://medium.com/@Heuss/critical-nft-bridge-vulnerability-potential-theft-of-deposited-nfts-f5b26a7776eb)
12 | - [Deciphering ERC721 Token Standard & Fungibility of assets from a Developer’s perspective](https://www.zaryabs.com/deciphering-erc721-token-standard-fungibility-of-assets-from-a-developers-perspective/)
13 | - [How Hackers Can Become “Lucky” in NFT Minting](https://inspexco.medium.com/how-hackers-can-become-lucky-in-nft-minting-822f48d4b917)
14 | - [How to Ensure the Security of NFT Under the Web 3.0 Boom?](https://medium.com/coinmonks/how-to-ensure-the-security-of-nft-under-the-web-3-0-boom-beosin-vaas-has-provided-with-a-solution-50697ccd4f56)
15 | - [How to hack into NFT marketplace](https://hackenproof.com/blog/for-hackers/how-to-hack-into-nft-marketplace)
16 | - [Insight Into NFT Token Standards And Best Security Practices](https://blog.quillaudits.com/2022/08/09/insight-into-nft-token-standards-and-best-security-practices/)
17 | - [NFT Attack Vectors](https://github.com/Quillhash/NFT-Attack-Vectors)
18 | - [NFT Attacks](https://0xvolodya.hashnode.dev/nft-attacks)
19 | - [NFT Best Practices](https://composable-security.com/blog/nft-best-practices-build-safe/)
20 | - [NFT Marketplace Smart Contract Audit Guidelines](https://blog.quillaudits.com/2023/03/07/nft-marketplace-smart-contract-audit-guidelines/)
21 | - [NFT Security: Tips and Best Practices](https://www.numencyber.com/nft-security/)
22 | - [NFT Smart Contract Audit](https://hacken.io/discover/security-audit-for-nft-guide-for-founders-and-managers/)
23 | - [Recreating Kubz NFT Hack and understanding what went wrong](https://medium.com/buildbear/recreating-kubz-nft-contract-hack-8eef73ff0878)
24 | - [Royalty Fee Limit of NFT Marketplace Bypass Via EIP-2981](https://www.kalos.xyz/blog/royalty-fee-limit-of-nft-marketplace-bypass-via-eip-2981)
25 | - [Security Risks of NFT Games](https://www.halborn.com/blog/post/security-risks-of-nft-games)
26 | - [Top 10 Ways Your NFTs Can Be Hacked](https://www.halborn.com/blog/post/top-10-ways-your-nf-ts-can-be-hacked)
27 | - [Unforgettable NFT Smart Contracts Exploits](https://blog.quillaudits.com/2021/08/11/nft-smart-contract-exploits-that-made-headlines-in-the-past/)
28 |
29 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/ERC-777.md:
--------------------------------------------------------------------------------
1 | # ERC-777
2 |
3 | - [Deciphering Token Standards in Ethereum Part-IV — The Failure of ERC-777](https://www.zaryabs.com/the-faliure-of-erc777/)
4 | - [Exploring ERC-777 Tokens: Vulnerabilities and Potential DOS Attacks on Smart Contracts](https://medium.com/@JohnnyTime/exploring-erc777-tokens-vulnerabilities-and-potential-dos-attacks-on-smart-contracts-507d44604281)
5 | - [Latent Bugs in Billion-Plus Dollar Code](https://medium.com/dedaub/latent-bugs-in-billion-plus-dollar-code-c2e67a25b689)
6 | - [One More Problem With ERC-777](https://mixbytes.io/blog/one-more-problem-with-erc777)
7 | - [SlowMist: Detailed Explanation of Uniswap’s ERC-777 Re-entry Risk](https://blog.blockmagnates.com/detailed-explanation-of-uniswaps-erc777-re-entry-risk-8fa5b3738e08)
8 | - [The Potential Impact Of ERC-777 Tokens On DeFi Protocols](https://medium.com/immunefi/the-potential-impact-of-erc-777-tokens-on-defi-protocols-51cdb07be733)
9 |
10 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/EVM Internals Low level.md:
--------------------------------------------------------------------------------
1 | # EVM Internals and Low Level
2 |
3 | - [A call, A Precompile and A Compiler walk Into A Bar](https://blog.theredguild.org/a-call-a-precompile-and-a-compiler-walk-into-a-bar/)
4 | - [A Low-Level Guide To Solidity's Storage Management](https://degatchi.com/articles/low_level_guide_to_soliditys_storage_management/)
5 | - [A Playdate with the EVM part 1](https://femboy.capital/evm-pt1)
6 | - [A Playdate With The EVM](https://hackmd.io/@cupidhack/Hk6SKZGCu)
7 | - [Basic Bit Manipulation](https://hackmd.io/@fiveoutofnine/Skl9eRbX9)
8 | - [Building an EVM from scratch](https://karmacoma.notion.site/Building-an-EVM-from-scratch-part-1-the-execution-context-c28ebb4200c94f6fb75948a5feffc686)
9 | - [Building reliable EVM disassemblers](https://karmacoma.notion.site/Building-reliable-EVM-disassemblers-ecf689d965cc4ffc9c3b2e34f4227b46)
10 | - [Data Representation in Solidity](https://ethdebug.github.io/solidity-data-representation/)
11 | - [Dissecting EVM using go-ethereum ETH client implementation. Parts 1-3](https://medium.com/@deliriusz/dissecting-evm-using-go-ethereum-eth-client-implementation-part-i-transaction-execution-flow-960a1533e994)
12 | - [Ethereum Data Structures](https://arxiv.org/pdf/2108.05513.pdf)
13 | - [Ethereum EVM illustrated](https://github.com/takenobu-hs/ethereum-evm-illustrated)
14 | - [Ethereum Virtual Machine Language Design](https://jtriley.substack.com/p/ethereum-virtual-machine-language)
15 | - [Ethereum Yellow Paper Course Videos](https://www.youtube.com/watch?v=e84V1MxRlYs)
16 | - [Ethereum Yellow Paper](https://github.com/ethereum/yellowpaper)
17 | - [Ethereum: A Secure Decentralised Generalised Transaction Ledger](https://gavwood.com/paper.pdf)
18 | - [Ethereum](https://ethereum.org/en/)
19 | - [EVM Book](https://github.com/0xKitsune/EVM-Book)
20 | - [EVM Chad](https://github.com/mektigboy/evm-chad)
21 | - [EVM From Scratch](https://evm-from-scratch.xyz/content/01_intro.html)
22 | - [EVM From Scratch](https://github.com/w1nt3r-eth/evm-from-scratch)
23 | - [EVM Limitations & Assembly Auditing Tips](https://officercia.mirror.xyz/UDdVm2Nhc4obWJz9Sc-5MeYEZC4Lx04POy9M4v3cM34)
24 | - [EVM Mastery](https://github.com/Quillhash/EVM-Mastery)
25 | - [EVM: Degen Bit Masking](https://mirror.xyz/vnmrtz.eth/AoLcp1c_-gxxvGQyIjnvWouXRyIqt8Q9JULv4Mz7Jsk)
26 | - [evm.codes](https://www.evm.codes/)
27 | - [From bytecode to bugs Video](https://www.youtube.com/watch?v=TDCbLoDtsv0)
28 | - [How I Almost Cheesed the EVM](https://zefram.xyz/posts/how-i-almost-cheesed-the-evm/)
29 | - [Huff](https://docs.huff.sh/get-started/installing/)
30 | - [Inline Assembly](https://docs.soliditylang.org/en/latest/assembly.html)
31 | - [Learn YUL](https://github.com/andreitoma8/learn-yul)
32 | - [Learning Solidity : Tutorial 12 Functional Assembly Video](https://www.youtube.com/watch?v=nkGN6GwkMzU)
33 | - [Learning Solidity : Tutorial 13 Instructional Assembly Video](https://www.youtube.com/watch?v=axZJ2NFMH5Q)
34 | - [Low Level Vulnerabilities & POCs](https://github.com/AmadiMichael/LowLevelVulnerabilities)
35 | - [Mastering Ethereum](https://github.com/ethereumbook/ethereumbook)
36 | - [Mastering EVM: Calldata, Assembly Returns, and More with Ret2Basic.eth](https://www.youtube.com/watch?v=PySIywgGH0Y)
37 | - [Memware: Generalised Frontrunners](https://degatchi.com/articles/memware)
38 | - [noxx EVM Deep Dives Parts 1-6](https://substack.com/home/post/p-49404796)
39 | - [Pointers in Solidity](https://blog.theredguild.org/memory-pointers-in-solidity/)
40 | - [Programming Tutorial: Getting Started with YUL+](https://hackernoon.com/programming-tutorial-getting-started-with-yul)
41 | - [Smart Contract Obfuscation Techniques](https://degatchi.com/articles/smart-contract-obfuscation)
42 | - [Solidity and EVM: Bit Shifting and Masking in Assembly(YUL)](https://medium.com/@mweiss.eth/solidity-and-evm-bit-shifting-and-masking-in-assembly-yul-942f4b4ebb6a)
43 | - [Solidity Bugs in YUL](https://github.com/Mikerah/solidity-bugs-and-vulns-in-yul)
44 | - [Solidity Compilers: Memory Safety](https://osec.io/blog/2023-07-28-solidity-compilers-memory-safety)
45 | - [Solidity Inline Assembly & Yul Video](https://www.youtube.com/watch?v=K18LzGharGM)
46 | - [Solidity Inline Assembly Vulnerabilities](https://dacian.me/solidity-inline-assembly-vulnerabilities)
47 | - [Solidity Tutorial: All About Assembly](https://jeancvllr.medium.com/solidity-tutorial-all-about-assembly-5acdfefde05c)
48 | - [solvm](https://github.com/brockelmore/solvm)
49 | - [Storage Slots in Solidity](https://www.rareskills.io/post/evm-solidity-storage-layout)
50 | - [Technical Exploration of Inline Assembly in Solidity](https://medium.com/@ac1d_eth/technical-exploration-of-inline-assembly-in-solidity-b7d2b0b2bda8)
51 | - [The Bytecode #35 - Hari - Solidity Compiler Video](https://www.youtube.com/watch?v=_ReLzN3I1uY)
52 | - [The Dark Arts of Yul, Explained](https://smitrajput.notion.site/smitrajput/The-Dark-Arts-of-Yul-Explained-e0b2c178bc52437da1d101f4f96abbe4)
53 | - [The EVM and Smart Contract Internals Video](https://www.youtube.com/watch?v=O8pImV1eRTE)
54 | - [The EVM Handbook](https://noxx3xxon.notion.site/noxx3xxon/The-EVM-Handbook-bb38e175cc404111a391907c4975426d)
55 | - [Understand EVM bytecode](https://blog.trustlook.com/understand-evm-bytecode-part-1/)
56 | - [Understanding The Ethereum Yellow Paper](https://medium.com/coinmonks/understanding-the-ethereum-yellow-paper-f280800df590)
57 | - [What Is a Precompiled Contract Vulnerability?](https://medium.com/@Beosin_com/security-audit-series-what-is-a-precompiled-contract-vulnerability-5174e20e24e9)
58 | - [Where can the EVM read and write data?](https://www.cyfrin.io/blog/fixing-data-location-must-be-memory-or-calldata)
59 | - [YUL & Memory Intro | YUL Exploit! Video](https://www.youtube.com/watch?v=9qLUvtL5uKQ)
60 | - [YUL By Example](https://github.com/Perelyn-sama/yul_by_example)
61 | - [Yul Calldata Corruption - 1inch Postmortem](https://blog.decurity.io/yul-calldata-corruption-1inch-postmortem-a7ea7a53bfd9)
62 | - [YUL Docs](https://docs.soliditylang.org/en/latest/yul.html)
63 | - [Yul Puzzles by RareSkills](https://github.com/RareSkills/yul-puzzles)
64 | - [YUL Solidity Fridays Video](https://www.youtube.com/watch?v=UrtuosfzmGU)
65 | - [YUL(and Some Solidity) Optimizations and Tricks](https://hackmd.io/@gn56kcRBQc6mOi7LCgbv1g/rJez8O8st)
66 |
67 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Findings Search Utilities and Databases.md:
--------------------------------------------------------------------------------
1 | # Findings Search Utilities and Databases
2 |
3 | - [Audit Hero](https://audit-hero.com/finding)
4 | - [ConsenSys Blockchain SecurityDB](https://consensys.github.io/blockchainSecurityDB/)
5 | - [Masamune](https://masamune.app/?#)
6 | - [Public Audit Reports Data](https://github.com/nikitastupin/public-audit-reports-data)
7 | - [Solodit](https://solodit.xyz)
8 | - [tintinweb smart-contract-vulndb](https://github.com/tintinweb/smart-contract-vulndb)
9 | - [Tomo's Findings Database](https://twitter.com/tom_eth_dev/status/1606832631282565122)
10 |
11 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Formal Verification Symbolic Execution.md:
--------------------------------------------------------------------------------
1 | # Formal Verification & Symbolic Execution
2 |
3 | - [0xkarmacoma Formal verification to the people Thread](https://twitter.com/0xkarmacoma/status/1732811851736781241)
4 | - [3 Myths of Formal Verification](https://www.certora.com/blog/formal-verification-using-cvl)
5 | - [5 Myths about Formally Verifying Smart Contracts](https://www.certora.com/blog/5myths)
6 | - [A Guide To formal Verification of Smart contracts](https://www.halborn.com/blog/post/a-guide-to-formal-verification-of-smart-contracts)
7 | - [Awesome Halmos](https://github.com/redtrama/awesome-halmos)
8 | - [Awesome Symbolic Execution](https://github.com/ksluckow/awesome-symbolic-execution)
9 | - [Certora Documentation](https://github.com/Certora/Documentation)
10 | - [Certora Tutorials](https://github.com/Certora/Tutorials)
11 | - [daejunpark halmos usage Thread](https://twitter.com/daejunpark/status/1744788041078829432)
12 | - [Decompiling Vyper Programs for Formal Verification](https://medium.com/certora/decompiling-vyper-programs-for-formal-verification-a315cb675d0a)
13 | - [Enhancing Smart Contract Security with Certora’s Formal Verification](https://medium.com/@JohnnyTime/enhancing-smart-contract-security-with-certoras-formal-verification-34d2f15ccc83)
14 | - [ERC20-K: Formal Executable Specification of ERC20](https://runtimeverification.com/blog/erc20-k-formal-executable-specification-of-erc20)
15 | - [ERC777-K: Formal Executable Specification of ERC777](https://runtimeverification.com/blog/erc777-k-formal-executable-specification-of-erc777)
16 | - [Ethereum Formal Verification](https://github.com/leonardoalt/ethereum_formal_verification_overview)
17 | - [Everything You Wanted to Know About Symbolic Execution for Ethereum Smart Contracts](https://hackmd.io/@SaferMaker/EVM-Sym-Exec)
18 | - [EVM Symbolic Execution](https://github.com/williamberman/evm-symbolic-execution/blob/master/EVM%20Symbolic%20Execution.ipynb)
19 | - [Finding Bugs in Formal Specifications](https://medium.com/certora/finding-bugs-in-formal-specifications-536ee3141e57)
20 | - [Formal Methods for DeFi Developers](https://github.com/WilfredTA/formal-methods-curriculum)
21 | - [Formal Verification Basics: The Science of Ensuring System Integrity](https://www.truscova.com/blog_article_21.php)
22 | - [Formal Verification Made Easy with SMTChecker](https://www.truscova.com/blog_article_5.php)
23 | - [Formal Verification of ERC20 Contracts](https://runtimeverification.com/blog/erc-20-verification)
24 | - [Formal Verification of Smart Contracts: Equivalence Checking of Uniswap Library](https://www.truscova.com/blog_article_2.php)
25 | - [Formally Verifying Finality in Gasper:](https://runtimeverification.com/blog/formally-verifying-finality-in-gasper-the-core-of-the-beacon-chain)
26 | - [Formally Verifying Loops: Part 1 & 2](https://runtimeverification.com/blog/formally-verifying-loops-part-1)
27 | - [Formally Verifying WETH](https://www.zellic.io/blog/formal-verification-weth/)
28 | - [Gambit: A Solidity Mutation Testing Tool for Formal Verification](https://www.certora.com/blog/gambit)
29 | - [Guide To Formal Verification Video](https://www.youtube.com/watch?v=imSy7Ll9ftg)
30 | - [How Formal Verification of Smart Contracts Works](https://runtimeverification.com/blog/how-formal-verification-of-smart-contracts-works)
31 | - [Implementing stateful invariant testing with Halmos](https://a16zcrypto.com/posts/article/implementing-stateful-invariant-testing-with-halmos/)
32 | - [k-uniswap-v2](https://github.com/dapp-org/k-uniswap-v2)
33 | - [MIT Symbolic Execution Video](https://www.youtube.com/watch?v=yRVZPvHYHzw)
34 | - [Morpho Certora Tutorials](https://github.com/morpho-labs/morpho-certora-tutorials)
35 | - [patrickalphac Formal Verification & Symbolic Execution Thread](https://twitter.com/patrickalphac/status/1651024851212050433)
36 | - [Preventing reentrancy bugs — another use case for formal verification](https://medium.com/certora/preventing-reentrancy-bugs-another-use-case-for-formal-verification-34794d69b790)
37 | - [Preventing reentrancy bugs — another use case for formal verification](https://medium.com/certora/preventing-reentrancy-bugs-another-use-case-for-formal-verification-34794d69b790)
38 | - [Quint - A modern and executable specification language](https://quint-lang.org/)
39 | - [Quint - Protocol Specifications Made Executable](https://youtu.be/c4BQ7v-CQfk?si=RMx-XHDKq6CoZrfx)
40 | - [Quint presentation at Gateway to Cosmos](https://youtu.be/OZIX8rs-kOA?si=xbLfCJrHP-K1_81f)
41 | - [Quint specification examples](https://github.com/informalsystems/quint/tree/main/examples)
42 | - [Scaling Formal Verification to Find Bugs in Complex Smart Contract Systems Video](https://www.youtube.com/watch?v=kKVL3Fn6ZTk)
43 | - [Shift Left: Formal Verification First, Not Last!](https://medium.com/certora/shift-left-formal-verification-first-not-last-7d9529f65dc1)
44 | - [Smart Contract Formal Verification](https://hacken.io/discover/formal-verification/)
45 | - [Smashing bugs using Certora Prover](https://mirror.xyz/shanzson.eth/0dp_DiM2oIulng_Ts6wjLWLSqdM39slbn5Cl5yz8eXo)
46 | - [SMTChecker and SMT Solvers: Exploring Formal Verification One Step at a Time](https://www.truscova.com/blog_article_7.php)
47 | - [SMTChecker: The Game Changer in Smart Contracts Verification and Security](https://www.truscova.com/blog_article_15.php)
48 | - [Solana Formal Verification: A Case Study](https://osec.io/blog/2023-01-26-formally-verifying-solana-programs)
49 | - [Solana Verification Part 1: Formal Verification of Solana Smart Contracts](https://www.certora.com/blog/sol-token1)
50 | - [Specification and model checking of BFT consensus by Matter Labs](https://protocols-made-fun.com/consensus/matterlabs/quint/specification/modelchecking/2024/07/29/chonkybft.html)
51 | - [Specification and Model-checking of the ZKsync Governance Protocol](https://protocols-made-fun.com/zksync/matterlabs/quint/specification/modelchecking/2024/09/12/zksync-governance.html)
52 | - [Stopping DeFi Bugs at Scale](https://medium.com/certora/stopping-defi-bugs-at-scale-6e3fba22dd3d)
53 | - [Symbolic testing with Halmos](https://a16zcrypto.com/posts/article/symbolic-testing-with-halmos-leveraging-existing-tests-for-formal-verification/)
54 | - [Testing and Formal Verification for Web3 Smart Contract Security](https://blog.quillaudits.com/2023/02/16/testing-and-formal-verification/)
55 | - [The Easy Way To Quit (Concrete) Testing](https://hackmd.io/@SaferMaker/EVM-Sym-Test)
56 | - [Using Formal Verification on ZK Systems](https://medium.com/veridise/using-formal-verification-on-zk-systems-our-cto-jon-stephens-in-conversation-with-anna-rose-2aa7acba66ef)
57 | - [Verification of Remco's full 256x256 bit multiplication](https://github.com/Philogy/remco-mul-verification)
58 | - [Warning: Code Can Be Explosive](https://runtimeverification.com/blog/warning-code-can-be-explosive)
59 | - [Z3 Docs](https://theory.stanford.edu/~nikolaj/programmingz3.html)
60 | - [zachobront Solady FixedPointMathLib testing Thread](https://twitter.com/zachobront/status/1633906650514898947)
61 |
62 | [Return](../README.md#blockchain-security-library)
63 |
--------------------------------------------------------------------------------
/Security Library/Fuzzing.md:
--------------------------------------------------------------------------------
1 | # Fuzzing
2 |
3 | - [(Re-) Introducing Diligence Fuzzing](https://consensys.io/diligence/blog/2023/04/re-introducing-diligence-fuzzing/)
4 | - [A Deep Insights on Smart Contract Fuzzing](https://blog.quillaudits.com/2021/09/01/a-deep-insights-on-smart-contract-fuzzing/)
5 | - [A Guide to Crafting Robust Invariants](https://allthingsfuzzy.substack.com/p/a-guide-to-crafting-robust-invariants)
6 | - [Advanced Fuzzing Techniques: An eBTC Case Study](https://www.youtube.com/watch?v=ELY_zjIAKuE)
7 | - [Arbiter Reimagined: Blazing-fast Fuzzing - Now Made even Faster](https://www.youtube.com/watch?v=xop523K5OEo)
8 | - [awesome directed fuzzing](https://github.com/strongcourage/awesome-directed-fuzzing)
9 | - [Benchmarking Smart-Contract Fuzzers](https://consensys.io/diligence/blog/2023/04/benchmarking-smart-contract-fuzzers/)
10 | - [Breaking the Tree: Violating Invariants in Semaphore](https://medium.com/veridise/breaking-the-tree-violating-invariants-in-semaphore-4be73be3858d)
11 | - [Building a smart contracts fuzzer for fun and profit](https://medium.com/@jat9292/building-a-smart-contracts-fuzzer-for-fun-and-profit-1f73323c2b4d)
12 | - [Crytic Properties](https://github.com/crytic/properties)
13 | - [Detecting Reentrancy Issues in Smart Contracts Using Fuzzing](https://consensys.io/diligence/blog/2019/04/detecting-reentrancy-issues-in-smart-contracts-using-fuzzing/)
14 | - [DevDacian 10 Steps To Easily Use 3 Fuzzers Thread](https://twitter.com/DevDacian/status/1733009929508917499)
15 | - [DevDacian Fuzz Test Coverage Tips Thread](https://twitter.com/DevDacian/status/1732645103867773236)
16 | - [Differential Fuzzing On Solidity Fixed-Point Libraries](https://ventral.digital/posts/2023/6/28/differential-fuzzing-on-solidity-fixed-point-libraries)
17 | - [echidna spearbit demo](https://github.com/spearbit/echidna-spearbit-demo)
18 | - [Echidna Streaming Workshop](https://github.com/crytic/echidna-streaming-series)
19 | - [Echidna: Invariant Tests for AMM Contracts](https://allthingsfuzzy.substack.com/p/echidna-invariant-tests-for-amm-contracts)
20 | - [EVM Fuzzing Resources](https://github.com/perimetersec/evm-fuzzing-resources)
21 | - [Exploiting Precision Loss via Fuzz Testing](https://dacian.me/exploiting-precision-loss-via-fuzz-testing)
22 | - [Finding Denial of Service Bugs At Scale With Invariant Tests](https://allthingsfuzzy.substack.com/p/finding-denial-of-service-bugs-at)
23 | - [Finding mispriced opcodes with fuzzing](https://blog.trailofbits.com/2024/06/17/finding-mispriced-opcodes-with-fuzzing/)
24 | - [Fuzz on the Beach: Fuzzing Solana Smart Contracts](https://arxiv.org/abs/2309.03006)
25 | - [Fuzzing and Heuristics interview with @devdacian Video](https://www.youtube.com/watch?v=IZTvXfC14Ig)
26 | - [Fuzzing Complex Projects With Echidna: Sushi's BentoBox](https://ventral.digital/posts/2021/12/21/fuzzing-complex-projects-with-echidna-sushi-bentobox/)
27 | - [Fuzzing ERC20 contracts with Diligence Fuzzing](https://consensys.io/diligence/blog/2021/09/fuzzing-erc20-contracts-with-diligence-fuzzing/)
28 | - [Fuzzing Ethereum Smart Contract using Echidna Video](https://www.youtube.com/watch?v=EA8_9x4D3Vk)
29 | - [Fuzzing For L1 Protocols And Smart Contracts: Detecting Vulnerabilities](https://hacken.io/discover/fuzzing-for-blockchain/)
30 | - [Fuzzing For Memory Bugs In Solidity](https://ventral.digital/posts/2022/4/28/fuzzing-for-memory-bugs-in-solidity/)
31 | - [Fuzzing on-chain contracts with Echidna](https://blog.trailofbits.com/2023/07/21/fuzzing-on-chain-contracts-with-echidna/)
32 | - [Fuzzing Smart Contracts Using Input Prediction](https://consensys.io/diligence/blog/2018/12/fuzzing-smart-contracts-using-input-prediction/)
33 | - [Fuzzing Smart Contracts Using Multiple Transactions](https://consensys.io/diligence/blog/2019/01/fuzzing-smart-contracts-using-multiple-transactions/)
34 | - [Fuzzing Smart Contracts Yields this Research Team $100K+ in Bounties](https://medium.com/@david.azad.merian/fuzzing-smart-contracts-yields-this-research-team-100k-in-bounties-ef7891c424f4)
35 | - [Fuzzing smart-contracts practical aspects](https://mixbytes.io/blog/fuzzing-smart-contracts-practical-aspects-echidna)
36 | - [Fuzzing Solidity Smart Contracts with Echidna](https://officercia.mirror.xyz/4A39GO-YRE8JTe_M0CsMpig4tXOHb1-vg1Mcjz9Vd4M)
37 | - [Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge Video](https://www.youtube.com/watch?v=2bTmB3cwhxs)
38 | - [Fuzzing Tools Series: Certora Prover Video](https://www.youtube.com/watch?v=9Gal-on-06E)
39 | - [Fuzzing Tools Series: Echidna Video](https://www.youtube.com/watch?v=kAfknRlvAt0)
40 | - [Fuzzing Tutorial: How to get started testing your smart contracts](https://consensys.io/diligence/blog/2023/04/fuzzing-tutorial-how-to-get-started-testing-your-smart-contracts/)
41 | - [Fuzzing Vyper Contracts Using Foundry](https://ventral.digital/posts/2023/4/29/fuzzing-vyper-contracts-using-foundry)
42 | - [Fuzzing with Echidna](https://0xmacro.com/blog/fuzzing-with-echidna/)
43 | - [How fuzzers work, concolic fuzzing, breaking smart-contracts like a degen with @Jat9292 Video](https://www.youtube.com/watch?v=phy18o4Fi9k)
44 | - [Increasing Code Coverage Using Fuzzing Lessons](https://consensys.io/diligence/blog/2022/10/increasing-code-coverage-using-fuzzing-lessons/)
45 | - [Introducing Scribble Generator](https://consensys.io/diligence/blog/2021/07/introducing-scribble-generator/)
46 | - [Introducing Trdelnik: Fuzz Testing Framework for Solana and Anchor](https://ackeeblockchain.com/blog/introducing-trdelnik-fuzz-testing-framework-for-solana-and-anchor/)
47 | - [Introduction to Fuzzing and Foundry Video](https://www.youtube.com/watch?v=xLGTd5OH8xU)
48 | - [Introduction to Fuzzing](https://fuzzy.fyi/blog/introduction-to-fuzzing)
49 | - [Invariant Testing WETH With Foundry](https://mirror.xyz/horsefacts.eth/Jex2YVaO65dda6zEyfM_-DXlXhOWCAoSpOx5PLocYgw)
50 | - [Josselin Feist - Building secure contracts: Fuzzing like a pro Video](https://www.youtube.com/watch?v=JLxDtYTFFEc&list=PLUt355rCCNrTliK_38XZpLzt1JGrKr2Dq&index=42)
51 | - [Learnings from 6 weeks of fuzzing Badger DAO's eBTC protocol](https://fuzzy.fyi/blog/learnings-from-6-weeks-of-fuzzing-badger-daos-ebtc-protocol)
52 | - [Lesson 8: Exploiting Precision Loss via Fuzz Testing](https://defihacklabs.substack.com/p/solidity-security-lesson-8-exploiting)
53 | - [Mastering Fuzzing](https://github.com/Elpacos/mastering-fuzzing)
54 | - [Next level smart contract security with Diligence Fuzzing Video](https://www.youtube.com/watch?v=PmRLTXpvmMI)
55 | - [OffensiveCon22 - Patrick Ventuzelo - Beaconfuzz Video](https://www.youtube.com/watch?v=nERNZ5mL46Q)
56 | - [Proxy1967 Function-level invariant Thread](https://twitter.com/Proxy1967/status/1643619157626200065)
57 | - [Reproducing the DeusDao exploit with Diligence Fuzzing](https://consensys.io/diligence/blog/2023/08/reproducing-the-deusdao-exploit-with-diligence-fuzzing/)
58 | - [Saving Millions in 2023 with Specification-Guided Fuzzing](https://medium.com/veridise/saving-millions-in-2023-with-specification-guided-fuzzing-25adee67560f)
59 | - [Secureum Diligence Bootcamp](https://github.com/Consensys/secureum-diligence-bootcamp)
60 | - [Security system starts with the testing: how to properly battle test your smart contracts](https://medium.com/rektoff/a-security-system-starts-with-the-testing-how-to-properly-battle-test-your-smart-contracts-4dd3a7538959)
61 | - [Smart Contracts Testing using Fuzzing: Introduction to Echidna](https://www.truscova.com/blog_article_10.php)
62 | - [State of the Art of Ethereum Smart Contract](https://fuzzinglabs.com/ethereum-smart-contact-fuzzing-2022/)
63 | - [Targeted fuzzing using static lookahead analysis](https://consensys.io/diligence/blog/2020/03/targeted-fuzzing-using-static-lookahead-analysis-how-to-guide-fuzzers-using-online-static-analysis/)
64 | - [The Fuzzing Book](https://www.fuzzingbook.org/)
65 | - [Thomas Roth , Solana - JIT - Lessons from fuzzing a smart contract compiler Video](https://www.youtube.com/watch?v=8E7XOHQiRPE)
66 | - [TOB fuzzing blog posts](https://blog.trailofbits.com/category/fuzzing/)
67 | - [Top 5 Best Fuzzing & Vulnerability Research TIPS/ADVICE](https://fuzzinglabs.com/top-advice-fuzzing-vulnerability-research/)
68 | - [WHAT IS FUZZ TESTING (FUZZING)?](https://www.halborn.com/blog/post/what-is-fuzz-testing-fuzzing)
69 | - [What is Fuzz Testing and How Does it Work?](https://www.truscova.com/blog_article_24.php)
70 |
71 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Gas.md:
--------------------------------------------------------------------------------
1 | # Gas
2 |
3 | - [A Collection of Gas Optimisation Tricks](https://forum.openzeppelin.com/t/a-collection-of-gas-optimisation-tricks/19966)
4 | - [A Dive into Storage Packing](https://dittoeth.com/blog/packing)
5 | - [A Guide to Ethereum Gas Fees and Ways to Reduce Them](https://medium.com/neptune-mutual/a-guide-to-ethereum-gas-fees-and-ways-to-reduce-them-3b0472008233)
6 | - [Auditor’s Advice: Math, Solidity & Gas Optimizations](https://officercia.mirror.xyz/vtVVxbV35ETiBGxm-IpcFPcsK2_ZkL7vgiiGUkeSsP0)
7 | - [Awesome Solidity Gas-Optimization](https://github.com/0xisk/awesome-solidity-gas-optimization)
8 | - [EVM Gas optimization tricks](https://github.com/harendra-shakya/solidity-gas-optimization)
9 | - [EVM Gas Optimizations](https://github.com/0xKitsune/EVM-Gas-Optimizations)
10 | - [Gas Numbers Every Solidity Dev Should Know](https://0xmacro.com/library/gas-nums)
11 | - [Gas Optimization in Ethereum Smart Contracts](https://certik.medium.com/gas-optimization-in-ethereum-smart-contracts-10-best-practices-cbd57548bdf0)
12 | - [Gas Optimizations / Gas Golfing using Huff , Yul](https://github.com/0xKitetsu-smdk/Learning-EVM-using-Yul-Huff)
13 | - [Gas Optimizations for the Rest of Us](https://miguel.mirror.xyz/d0gBiaUn48Odg8G2rhs3xLIjaL8MfrWReFkjg8TmDoM)
14 | - [Gas optimizations](https://github.com/kadenzipfel/gas-optimizations)
15 | - [Golf Course](https://github.com/Rari-Capital/golf-course)
16 | - [How to optimize your gas consumption without getting REKT](https://medium.com/certora/how-to-optimize-your-gas-consumption-without-getting-rekt-695ece5354ca)
17 | - [hrkrshnn Gas optimizes](https://gist.github.com/hrkrshnn/ee8fabd532058307229d65dcd5836ddc)
18 | - [Jeyffre Gas Optimization Resources Thread](https://twitter.com/Jeyffre/status/1687469053303218176)
19 | - [Regolf Course](https://github.com/ZeroEkkusu/re-golf-course)
20 | - [Solidity Gas optimization](https://hacken.io/discover/solidity-gas-optimization/)
21 | - [Solidity Gas Optimizations 101](https://www.0xichigo.xyz/posts/solidity-gas-optimizations-101)
22 | - [Solidity Gas Optimizations Cheat Sheet](https://0xmacro.com/blog/solidity-gas-optimizations-cheat-sheet/)
23 | - [Structs in Solidity: Best Practices for Gas Efficiency by 0xLazard](https://coinsbench.com/structs-in-solidity-best-practices-for-gas-efficiency-by-0xlazard-4e984a7485cf)
24 | - [The RareSkills Book of Solidity Gas Optimization: 80+ Tips](https://www.rareskills.io/post/gas-optimization)
25 | - [The Ultimate Guide to NFT Gas Optimization](https://medium.com/@WallStFam/the-ultimate-guide-to-nft-gas-optimization-7e9289e2d88f)
26 | - [Yul (and Some Solidity) Optimizations and Tricks](https://github.com/ControlCplusControlV/Yul-Optimization-Tips)
27 |
28 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/General.md:
--------------------------------------------------------------------------------
1 | # General
2 |
3 | - [(Not So) Smart Contracts](https://github.com/crytic/not-so-smart-contracts)
4 | - [9 MOST COMMON SMART CONTRACT VULNERABILITIES](https://blaize.tech/article-type/web3-security/9-most-common-smart-contract-vulnerabilities-found-by-blaize/)
5 | - [A hitchhikers guide to solana program security](https://www.helius.dev/blog/a-hitchhikers-guide-to-solana-program-security)
6 | - [Academic Smart Contract Papers](https://github.com/hzysvilla/Academic_Smart_Contract_Papers)
7 | - [All about Smart Contract & DApp Auditing Video](https://www.youtube.com/watch?v=-fT1WuP_3vQ)
8 | - [All known smart contract-side and user-side attacks and vulnerabilities in Web3.0, DeFi, NFT and Metaverse + Bonus](https://telegra.ph/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31)
9 | - [Architectural Design for Secure Smart Contract Development](https://arxiv.org/abs/2401.01891)
10 | - [Art Of Auditing](https://web3-sec.gitbook.io/art-of-auditing)
11 | - [Awesome Ethereum Security](https://github.com/crytic/awesome-ethereum-security)
12 | - [Awesome On-Chain Investigations HandBook](https://github.com/OffcierCia/On-Chain-Investigations-Tools-List)
13 | - [Awesome Tezos Security](https://github.com/Sm4rty-1/awesome-tezos-security)
14 | - [awesome-cryptoeconomics](https://github.com/jpantunes/awesome-cryptoeconomics)
15 | - [Beginners Guide to Smart Contract Auditing](https://blog.quillaudits.com/2022/01/19/beginners-guide-to-smart-contract-auditing-part-1/)
16 | - [blockchain auditing](https://github.com/go-outside-labs/blockchains-auditing)
17 | - [Blockchain Security](https://github.com/bunturx/Awesome-Blockchain-Security)
18 | - [BlockSec Academy](https://github.com/blocksecteam/blocksec_academy)
19 | - [Bounties Exploit Bugs](https://github.com/ArsenSecurity/Bounties-Exploit-Bugs)
20 | - [Bug Patterns in Solidity and Smart Contract Auditing Video](https://www.youtube.com/watch?v=00W06SHEFx4)
21 | - [Building Secure Smart Contracts](https://secure-contracts.com/#building-secure-smart-contracts)
22 | - [Coinbase Solidity Style Guide](https://github.com/coinbase/solidity-style-guide)
23 | - [Composable Security security guide](https://drive.google.com/file/d/1RpMEHJVWpvFxpcezTqG0enDd_7A-cQVI/view)
24 | - [CryptoVulhub](https://github.com/Rivaill/CryptoVulhub)
25 | - [Deep Dive into Ethereum 7702 Smart Accounts](https://www.youtube.com/watch?v=ZFN2bYt9gNE)
26 | - [DeFi Security Lecture](https://medium.com/beaver-smartcontract-security/defi-security-lecture-1-reentrancy-attack-182396e41710)
27 | - [Defi Vulnerabilities](https://github.com/0xRajkumar/DefiVuln)
28 | - [Demystifying Exploitable Bugs in Smart Contracts](https://github.com/ZhangZhuoSJTU/Web3Bugs)
29 | - [ethereum-security](https://github.com/fergarrui/ethereum-security)
30 | - [Hitchhiker's Guide to Security Thread](https://twitter.com/emilianobonassi/status/1635692405495324673)
31 | - [HolyTips](https://github.com/HolyBugx/HolyTips)
32 | - [Immunefi Bug Finder](https://github.com/csanuragjain/ImmunefiBugFinder)
33 | - [Immunefi Proof of Concepts Repository](https://github.com/immunefi-team/bugfix-reviews-pocs)
34 | - [Immunefi-bug-bounty-writeups-list](https://github.com/sayan011/Immunefi-bug-bounty-writeups-list)
35 | - [Learn EVM Attacks](https://github.com/coinspect/learn-evm-attacks)
36 | - [Most Common Smart Contract Attacks](https://hacken.io/discover/most-common-smart-contract-attacks/)
37 | - [Move Audit Resources](https://github.com/0xriazaka/Move-Audit-Resources)
38 | - [opensensepw Videos](https://www.youtube.com/@opensensepw/videos)
39 | - [OriginProtocol security](https://github.com/OriginProtocol/security)
40 | - [OSWAR](https://www.oswar.org/)
41 | - [OWASP Smart Contract Security](https://4n0nx.medium.com/list/f729e63e3339)
42 | - [Path Quest - The Attacker Mindset](https://joranhonig.nl/%E2%9A%94%EF%B8%8F-Quests/Path-Quest---The-Attacker-Mindset)
43 | - [Revival attacks on Solana programs](https://fuzzinglabs.com/revival-attacks-solana-programs/)
44 | - [SC Exploits Minimized](https://github.com/Cyfrin/sc-exploits-minimized)
45 | - [SCSVS v2](https://github.com/ComposableSecurity/SCSVS)
46 | - [SCSVS](https://github.com/securing/SCSVS)
47 | - [SCV-List](https://github.com/sirhashalot/SCV-List)
48 | - [Sealevel Attacks](https://github.com/coral-xyz/sealevel-attacks)
49 | - [Secure Smart Contract Design Principles](https://github.com/0xsomnus/secure-smart-contract-design-principles)
50 | - [SecureumFindings](https://github.com/andyfeili/SecureumFindings)
51 | - [Security Audit | What Are the Common Characteristics of Recent Web3 Attacks, and How Can Projects Avoid These Issues?](https://medium.com/@Beosin_com/security-audit-what-are-the-common-characteristics-of-recent-web3-attacks-and-how-can-projects-7ed80daf61c7)
52 | - [Security Review Readiness Guide](https://spearbit.mirror.xyz/QQ-pNZm7T4N0eV3RFI1qYxABvWI14CS8bG6u_twT_Zs)
53 | - [Smart Contract Attack Vectors](https://github.com/Quillhash/Solidity-Attack-Vectors)
54 | - [Smart Contract Security Best Practices](https://github.com/Consensys/smart-contract-best-practices)
55 | - [Smart Contract Security](https://www.rareskills.io/post/smart-contract-security)
56 | - [Smart Contract Vulnerabilities](https://github.com/kadenzipfel/smart-contract-vulnerabilities)
57 | - [Solana Auditing and Security Resources](https://github.com/0xsanny/solsec)
58 | - [Solana Data RPC Guide](https://read.cryptodatabytes.com/p/solana-data-rpc-guide-blocks-tokens)
59 | - [Solana Token-2022 Security Vulnerabilities](https://x.com/0xcastle_chain/status/1855206890256400443)
60 | - [Solana's Account Model](https://x.com/0xcastle_chain/status/1863917026277744768)
61 | - [Solidity DevSecOps Standard](https://github.com/0xsomnus/Solidity-DevSecOps-Standard)
62 | - [Solidity Notes](https://github.com/chinmay-farkya/solidity-notes)
63 | - [Solidity Patterns](https://github.com/fravoll/solidity-patterns)
64 | - [Solidity Security: Comprehensive list of known attack vectors and common anti-patterns](https://blog.sigmaprime.io/solidity-security.html)
65 | - [solidity-security-by-example](https://github.com/serial-coder/solidity-security-by-example)
66 | - [Spearbit Armory](https://github.com/spearbit/armory)
67 | - [SWC Registry](https://swcregistry.io/)
68 | - [The 4 External Call Attacks Video](https://www.youtube.com/watch?v=VF1HYD50eus)
69 | - [The Compendium](https://github.com/obheda12/Solidity-Security-Compendium)
70 | - [The Complete Guide to Securing Smart Contracts](https://github.com/optimumsec/complete-guide-to-securing-smart-contracts)
71 | - [The Encyclopedia of Smart Contract Attacks and Vulnerabilities](https://medium.com/@0xkaden/the-encyclopedia-of-smart-contract-attacks-vulnerabilities-dfc1129fdaac)
72 | - [The Secure Smart Contract Development Roadmap](https://github.com/OpenZeppelin/secure-development-cookbook)
73 | - [The Top 10 Most Common Vulnerabilities In Web3](https://medium.com/immunefi/the-top-10-most-common-vulnerabilities-in-web3-bf7a921d489f)
74 | - [Tincho’s audit process](https://mirror.xyz/patrickalphac.eth/KSls5PVxzzvrtcR9dxNguXqgyUh7T3V74dBPt77m8Zk)
75 | - [Token-2022 Security Best Practices](https://blog.offside.io/p/token-2022-security-best-practices-part-1)
76 | - [Top 10 blockchain hacking techniques of 2023](https://blog.openzeppelin.com/top-10-blockchain-hacking-techniques-of-2023)
77 | - [TOP 10 real-life exploits Thread](https://twitter.com/bytes032/status/1614897103154675713)
78 | - [Top Ten “Awesome” Security Incidents in 2023](https://blocksecteam.medium.com/top-ten-awesome-security-incidents-in-2023-5e3f55d674a4)
79 | - [ultimate defi research base](https://github.com/OffcierCia/ultimate-defi-research-base)
80 | - [Ultimate List of Common DeFi Component Types](https://community.thecreed.xyz/c/warez/ultimate-list-of-common-defi-component-types)
81 | - [Understanding Smart Contract Vulnerabilities](https://medium.com/neptune-mutual/understanding-smart-contract-vulnerabilities-e93baab8d164)
82 | - [Vulnerabilities every beginner Smart Contract Security Researcher should find](https://tsvetanovv.hashnode.dev/easy-to-spot-vulnerabilities-first-part)
83 | - [Web 3 audit dump](https://tropical-comb-1dc.notion.site/b7df825e3f0f4278bb297b1eda576494?v=01376a29af164585a380840b02bb9dd3)
84 | - [Web3 Audits, Bug-Bounties, CTFs: Introduction](https://officercia.mirror.xyz/VmSJDoV3c8xKDMRjTOl4DQ7KPgBTlb8cVdcTlOJxj1g)
85 | - [Web3 Resources](https://github.com/nullity00/web3-resources)
86 | - [web3 Security DAO](https://www.web3securitydao.xyz/collaborating/resources)
87 | - [Web3 Security Library](https://github.com/immunefi-team/Web3-Security-Library)
88 | - [wiki.r.security](https://wiki.r.security/wiki/Main_Page)
89 |
90 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Governance.md:
--------------------------------------------------------------------------------
1 | # Governance
2 |
3 | - [AquaDAO hack](https://twitter.com/Airdrops_one/status/1629298588390916097)
4 | - [Common Vulnerabilities: Protocol Governance and DAOs](https://blog.sigmaprime.io/governance-dao.html)
5 | - [DAO Governance DeFi Attacks](https://dacian.me/dao-governance-defi-attacks)
6 | - [Election Fraud? Double Voting in Celer’s State Guardian Network](https://jumpcrypto.com/writing/election-fraud-double-voting-in-celers-state-guardian-network/)
7 | - [Exploiting governance with metamorphic proposals](https://www.coinbase.com/blog/exploiting-governance-with-metamorphic-proposals)
8 | - [Issue in Optimism Governor & Approval](https://x.com/zenith256/status/1887579022181138436)
9 | - [Multi-block MEV and Compound Governor](https://ease.org/most-governance-contracts-have-an-upcoming-vulnerability-we-should-all-pay-attention-to/)
10 | - [Swerve Finance Hack](https://twitter.com/FrankResearcher/status/1639371292502548485)
11 | - [The Hidden Shortcomings of DAOs](https://arxiv.org/abs/2302.12125)
12 | - [The Vulnerable Nature of Decentralized Governance in DeFi](https://arxiv.org/abs/2308.04267)
13 | - [Tornado Cash governance exploit](https://github.com/coinspect/learn-evm-attacks/tree/master/test/Business_Logic/TornadoCash_Governance)
14 |
15 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/L2 Bridges.md:
--------------------------------------------------------------------------------
1 | # L2 and Bridges
2 |
3 | - [6 security sins of Web3 bridges](https://composable-security.com/blog/6-security-sins-of-web-3-bridges/)
4 | - [A COMPREHENSIVE GUIDE TO ARBITRUM AND ITS SECURITY FEATURES](https://www.halborn.com/blog/post/a-comprehensive-guide-to-arbitrum-and-its-security-features)
5 | - [Aave V2 upgrade compatible issues Thread](https://twitter.com/BlockSecTeam/status/1659601021432365056)
6 | - [Analysis & Remediation of the Precompile Attack on the Hedera Network](https://hedera.com/blog/analysis-remediation-of-the-precompile-attack-on-the-hedera-network)
7 | - [Binance Bridge Hack in Layman’s Terms](https://www.zellic.io/blog/binance-bridge-hack-in-laymans-terms/)
8 | - [Bounty Program Helps Fix Contract Vulnerability](https://blog.threshold.network/retro-l2-wormholegateway-crit/)
9 | - [Bridge Bug Tracker](https://github.com/0xDatapunk/Bridge-Bug-Tracker#bridge-bug-tracker)
10 | - [Bridge Bugs Overview](https://mixbytes.io/blog/bridge-bugs-overview)
11 | - [bridge hacks](https://gist.github.com/cwhinfrey/9fd1bbc31bbcff08fca242b90c7f875d)
12 | - [Common Cross-Chain Bridge Vulnerabilities](https://medium.com/immunefi/common-cross-chain-bridge-vulnerabilities-d8c161ffaf8f)
13 | - [Critical vulnerability in the Optimism](https://x.com/arsen_bt/status/1873651532069224676)
14 | - [Cross-Chain Security with LayerZero Labs](https://spearbit.mirror.xyz/MjMLQf5cTfKtxHj8GWG7DZjaUrswrcKpU4vJ45fgQW0)
15 | - [ERC 20 Bridge Security Video](https://www.youtube.com/watch?v=hGDH6CNuMM0)
16 | - [Ethereum Log Confusion in Polygon's Heimdall](https://www.asymmetric.re/blog/polygon-log-confusion)
17 | - [evmdiff](https://www.evmdiff.com/)
18 | - [Finding a Critical Vulnerability in Astar](https://www.zellic.io/blog/finding-a-critical-vulnerability-in-astar/)
19 | - [Fuel Blockchain Critical Vulnerability](https://github.com/minato7namikazi/Fuel-Blockchain-Critical-Vulnerability)
20 | - [Heimdall Security Bug Fix Review](https://forum.polygon.technology/t/heimdall-security-bug-fix-review/13537)
21 | - [l2 security framework](https://github.com/quantstamp/l2-security-framework)
22 | - [L2 Security Video](https://www.youtube.com/watch?v=tR6avMeIMhw)
23 | - [Layer 2 Security: Unique Challenges and Safeguards in Rollups and Sidechains](https://olympixai.medium.com/layer-2-security-unique-challenges-and-safeguards-in-rollups-and-sidechains-dcbd463a1873)
24 | - [LayerZero trusted-party vulnerabilities](https://prestwich.substack.com/p/zero-validation)
25 | - [Moonbeam, Astar, And Acala Library Truncation Bugfix Review](https://medium.com/immunefi/moonbeam-astar-and-acala-library-truncation-bugfix-review-1m-payout-41a862877a5b)
26 | - [Multichain Auditor](https://github.com/0xJuancito/multichain-auditor)
27 | - [rollup.codes](https://www.rollup.codes/)
28 | - [Secure integration with LayerZero](https://composable-security.com/blog/secure-integration-with-layer-zero/)
29 | - [Security disclosure from Offchain Labs to OP Labs](https://medium.com/offchainlabs/security-disclosure-289a4ad50709)
30 | - [The Dark Side of DeFi: Cross-Chain Bridge Hacks](https://quantstamp.com/blog/the-dark-side-of-defi-cross-chain-bridge-hacks)
31 | - [You Could Have Found the Nomad Hack](https://www.zellic.io/blog/audit-drift/)
32 |
33 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/LSD.md:
--------------------------------------------------------------------------------
1 | # LSD
2 |
3 | - [Liquid Restaking Protocols - Smart Contracts](https://blog.sigmaprime.io/liquid-restaking.html)
4 | - [LSD Checklist](https://github.com/Decurity/audit-checklists/blob/master/lsd.md)
5 | - [LSD. Integration pitfalls](https://mixbytes.io/blog/liquid)
6 | - [Typical vulnerabilities in LSD protocols](https://blog.decurity.io/typical-vulnerabilities-in-lsd-protocols-e52ffe4ee175)
7 |
8 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/List of Hacks and Exploits.md:
--------------------------------------------------------------------------------
1 | # Comprehensive List of Hacks and Exploits
2 |
3 | - [Coinspect's Learn EVM Attacks](https://github.com/coinspect/learn-evm-attacks)
4 | - [Cryptosec DeFi Hacks](https://cryptosec.info/defi-hacks/)
5 | - [DeFi Fork Bugs](https://github.com/YAcademy-Residents/defi-fork-bugs)
6 | - [Defi Hack Analysis](https://github.com/abdulsamijay/Defi-Hack-Analysis-POC)
7 | - [DeFiHackLabs](https://github.com/SunWeb3Sec/DeFiHackLabs)
8 | - [DeFi POC](https://github.com/blocksecteam/defi_poc)
9 | - [DefiLlama](https://defillama.com/hacks)
10 | - [Hack Analysis POCs](https://github.com/immunefi-team/hack-analysis-pocs)
11 | - [OpenZeppelin Post Mortems](https://forum.openzeppelin.com/t/list-of-ethereum-smart-contracts-post-mortems/1191)
12 | - [Phalcon Security Incidents](https://phalcon.blocksec.com/explorer/security-incidents)
13 | - [QuillAudit's Hackerboard](https://www.quillaudits.com/tools/hackerboard)
14 | - [Rekt Leaderboard](https://rekt.news/leaderboard/)
15 | - [SlowMist Hacked](https://hacked.slowmist.io/en/)
16 | - [Smart Contract Hack POC](https://github.com/numencyber/SmartContractHack_PoC)
17 |
18 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/MEV.md:
--------------------------------------------------------------------------------
1 | # MEV
2 |
3 | - [0xBentoshi MEV resources](https://github.com/0xBentoshi/mev-resources/blob/main/main.md)
4 | - [AMM MEV BACKRUNNING Video](https://www.youtube.com/watch?v=355g8u0we5Q)
5 | - [Anatomy of a Baiting Attack on MEV Arbitrage Bots](https://eigenphi.substack.com/p/anatomy-of-baiting-attack-on-mev-arb-bots)
6 | - [Awesome MEV Resources](https://github.com/0xalpharush/awesome-MEV-resources)
7 | - [awesome-mev-boost](https://github.com/thegostep/awesome-mev-boost)
8 | - [Awesome-MEV](https://github.com/0xemperor/Awesome-MEV)
9 | - [Dogetoshi MEV](https://github.com/Dogetoshi/MEV)
10 | - [Eigenphi](https://eigenphi.io/)
11 | - [Flashbots Video](https://www.youtube.com/channel/UCclbTgsnYUy3vmrptIqCmqQ)
12 | - [Flashbots](https://github.com/flashbots/pm)
13 | - [Front-Running In Blockchain: Real-Life Examples & Prevention](https://hacken.io/discover/front-running/)
14 | - [Front-Running Randomness: Manipulating Pyth Entropy Outcomes](https://yogev.io/posts/pyth-entropy-bug/)
15 | - [How To Reproduce A Simple MEV Attack](https://medium.com/immunefi/how-to-reproduce-a-simple-mev-attack-b38151616cb4)
16 | - [How To Reproduce A Simple MEV Attack](https://medium.com/immunefi/how-to-reproduce-a-simple-mev-attack-b38151616cb4)
17 | - [Intro to Smart Contract Security Audit — Front Running](https://slowmist.medium.com/introduction-to-smart-contract-security-auditing-front-running-79eb1f0f41a1)
18 | - [MEV bot exploit](https://rekt.news/ripmevbot2/)
19 | - [MEV Countermeasures: Theory and Practice](https://arxiv.org/abs/2212.05111)
20 | - [MEV Related Threads](https://twitter.com/bertcmiller/status/1402665992422047747)
21 | - [MEV Research](https://github.com/flashbots/mev-research/blob/main/resources.md)
22 | - [MEV Synthetix](https://bertcmiller.com/2021/09/05/mev-synthetix.html)
23 | - [MEV zero to hero Thread](https://twitter.com/Smacaud1/status/1718319791021162779)
24 | - [MEV_Research_Group](https://github.com/0xJepsen/MEV_Research_Group)
25 | - [NO BULLSHIT: GUIDE TO MEV](https://github.com/xCaptainFortune/NO-BULLSHIT-GUIDE-TO-MEV-By-CaptainFortune)
26 | - [Reversing a MEV Bot Example Thread](https://twitter.com/bertcmiller/status/1732530082558931119)
27 | - [The 0 to 1 Guide for MEV](https://calblockchain.mirror.xyz/c56CHOu-Wow_50qPp2Wlg0rhUvdz1HLbGSUWlB_KX9o)
28 | - [The Mev Book](https://github.com/0xOsiris/Mev_Book)
29 | - [Towards Stronger Blockchains: Security Against Front-Running Attacks](https://arxiv.org/abs/2311.10253)
30 | - [Your Sandwich Is My Lunch: How to Drain MEV Contracts V2](https://www.zellic.io/blog/your-sandwich-is-my-lunch-how-to-drain-mev-contracts-v2/)
31 |
32 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Oracle Flashloans.md:
--------------------------------------------------------------------------------
1 | # Oracle and Flashloans
2 |
3 | - [0x0 Audits Hack Thread](https://twitter.com/pcaversaccio/status/1647370508751577089)
4 | - [520 Token hack Thread](https://twitter.com/BeosinAlert/status/1614970065992179712)
5 | - [Allbridge Hack Analysis](https://blog.solidityscan.com/allbridge-hack-analysis-improper-business-logic-564fbadf38b2)
6 | - [Anji Eco Hack Analysis](https://blog.solidityscan.com/anji-eco-hack-analysis-improper-upgrades-2cf6922d47d7)
7 | - [Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit](https://arxiv.org/abs/2003.03810)
8 | - [awesome-oracle-manipulation](https://github.com/0xcacti/awesome-oracle-manipulation)
9 | - [babydoge exploit Thread](https://twitter.com/pennysplayer/status/1662737500870414341)
10 | - [BentoBox v1 hack Thread](https://twitter.com/AnciliaInc/status/1623808892731023360)
11 | - [Block Forest Thread](https://twitter.com/AnciliaInc/status/1654906431534153728)
12 | - [Blockchain Oracle Design Patterns](https://arxiv.org/abs/2106.09349)
13 | - [Blockchain Oracles: Their Importance, Types, And Vulnerabilities](https://hacken.io/discover/blockchain-oracles/)
14 | - [BONQDAO hack](https://rekt.news/bonq-rekt/)
15 | - [Cellframe Hack](https://slowmist.medium.com/a-brief-analysis-on-the-cellframe-hack-b74b72b8e2e6)
16 | - [Chainlink Oracle DeFi Attacks](https://dacian.me/chainlink-oracle-defi-attacks)
17 | - [Chainlink Oracle Security Considerations](https://medium.com/cyfrin/chainlink-oracle-defi-attacks-93b6cb6541bf)
18 | - [Chainlink security docs](https://docs.chain.link/vrf/v2/security)
19 | - [chainlink-interaction-security](https://www.saxenism.com/blog/chainlink-interaction-security)
20 | - [CS token Hack Thread](https://twitter.com/BeosinAlert/status/1661202338290487296)
21 | - [Curve price oracle usage Thread](https://twitter.com/CurveFinance/status/1730111238653288450)
22 | - [DD Coin Hack Thread](https://twitter.com/PeckShieldAlert/status/1664167119091810304)
23 | - [Decoding Ovix Protocol’s $2 Million Exploit](https://quillaudits.medium.com/decoding-ovix-protocols-2-million-exploit-quillaudits-92befc250e7c)
24 | - [Decoding ROE Finance’s Flash Loan Exploit](https://quillaudits.medium.com/decoding-roe-finances-flash-loan-exploit-quillaudits-df8494e2090f)
25 | - [DoughFina Hack Analysis](https://blog.solidityscan.com/doughfina-hack-analysis-685ed56adb19)
26 | - [EDE Finance hack](https://medium.com/numen-cyber-labs/a-detailed-analysis-on-ede-finances-520k-hack-1187a5f274db)
27 | - [El Dorado Exchange exploit](https://lunaray.medium.com/analysis-of-the-ede-finance-attack-event-8edb5d5cfc50)
28 | - [Elastic BNB Hack Thread](https://twitter.com/BeosinAlert/status/1648970953307877377)
29 | - [Euler Finance Exploit Analysis](https://www.zellic.io/blog/euler-finance-exploit-analysis/)
30 | - [FilDA Exploit Statement](https://fildafinance.medium.com/filda-exploit-statement-49ec69e34c53)
31 | - [Flash Loan Attacks: Risks & Prevention](https://hacken.io/discover/flash-loan-attacks/)
32 | - [Flash Loans and how to hack them: a walk through of ERC 3156](https://www.rareskills.io/post/erc-3156)
33 | - [ForTube Hack Thread](https://twitter.com/AnciliaInc/status/1651984219990810624)
34 | - [How Was NeverFall Project Exploited?](https://medium.com/neptune-mutual/how-was-neverfall-project-exploited-fc5240160427)
35 | - [Hundred Finance Hack](https://www.numencyber.com/hundred-finance-exploit-7-million/)
36 | - [Jimbos Protocol Hack](https://medium.com/numen-cyber-labs/a-detailed-analysis-of-arbitrum-based-jimbos-protocol-7-5-million-hack-36af84faee2)
37 | - [LW Token Hack Thread](https://twitter.com/PeckShieldAlert/status/1656850634312925184)
38 | - [Market Manipulation vs. Oracle Exploits](https://chain.link/education-hub/market-manipulation-vs-oracle-exploits)
39 | - [NXUSD Market Manipulation](https://medium.com/nereus-protocol/post-mortem-flash-loan-exploit-in-single-nxusd-market-343fa32f0c6)
40 | - [Ocean Life token hack analysis](https://blog.solidityscan.com/ocean-life-token-hack-analysis-flash-loan-attack-ded51d0ee574)
41 | - [Post Mortem on SUSHI and YFI Incident](https://dydx.exchange/blog/sushi-yfi-incident)
42 | - [Rodeo Finance exploit](https://medium.com/@Rodeo_Finance/rodeo-post-mortem-overview-f35635c14101)
43 | - [SushiSwap Hack Thread](https://twitter.com/AnciliaInc/status/1634046776050348033)
44 | - [Synopsis Hack Thread](https://twitter.com/Alchemyst0x/status/1656034647808065538)
45 | - [Tender Finance exploit](https://tenderfi.medium.com/march-7-postmortem-170373e93cd1)
46 | - [Tender Finance Postmortem](https://tenderfi.medium.com/march-7-postmortem-170373e93cd1)
47 | - [Themis Hack Thread](https://twitter.com/BlockSecTeam/status/1673897088617426946)
48 | - [TWAP Oracles For Auditors](https://33audits.hashnode.dev/twap-oracles-for-auditors)
49 | - [UNMS Hack Thread](https://twitter.com/BeosinAlert/status/1641018602878042113)
50 | - [UwuLend hack writeup Daniel Von Fange Thread](https://x.com/danielvf/status/1800556249924440211)
51 | - [WOOFi Exploit](https://www.cyfrin.io/blog/hack-analysis-into-woofi-exploit)
52 |
53 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Over Underflow.md:
--------------------------------------------------------------------------------
1 | # Over/Underflow
2 |
3 | - [BEC Smart Contract Unlimited Token Transfer Vulnerability Analysis](https://slowmist.medium.com/slowmist-bec-smart-contract-unlimited-token-transfer-vulnerability-analysis-and-warning-114796a5c905)
4 | - [Sigp_io Hidden Overflow Thread](https://x.com/sigp_io/status/1813773082789855554)
5 | - [Learn attack vectors and explore H/M severity issues. Over/Underflow](https://medium.com/coinmonks/learn-attack-vectors-and-explore-h-m-severity-issues-over-underflow-e331aa41d97b)
6 | - [Poolz Finance Attacked](https://medium.com/@numencyberlabs/poolz-finance-attacked-for-665-000-56084cacae53)
7 | - [Solidity Integer Overflow & Underflow](https://medium.com/neptune-mutual/solidity-integer-overflow-underflow-5614650e390a)
8 | - [Velocore Incident Post-Mortem](https://velocorexyz.medium.com/velocore-incident-post-mortem-6197020ec3e9)
9 |
10 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Reentrancy.md:
--------------------------------------------------------------------------------
1 | # Reentrancy
2 |
3 | - [0xCygaar read-only reentrancy Thread](https://twitter.com/0xCygaar/status/1668350595374415872?t=ZSr8Ll-y_q2bBfEUGfOocQ)
4 | - [A Historical Collection of Reentrancy Attacks](https://github.com/pcaversaccio/reentrancy-attacks)
5 | - [A Vulnerability Perspective Analysis of Move Language Security — — Reentrancy Attacks and Permission Vulnerabilities](https://medium.com/@sharkteam/a-vulnerability-perspective-analysis-of-move-language-security-reentrancy-attacks-and-884e1cd31f3d)
6 | - [All things reentrancy](https://github.com/jcsec-security/all-things-reentrancy)
7 | - [An analysis of Paraluni’s Exploit](https://medium.com/@Beosin_com/attacked-40-times-and-lost-around-1-7-million-an-analysis-of-paralunis-exploit-2a6b773c4fc)
8 | - [An Insight into the DAO Attack](https://immunebytes.medium.com/an-insight-into-the-dao-attack-immunebytes-822441e48429)
9 | - [Analysis of OrionProtocol Reentrancy Attack](https://www.numencyber.com/analysis-of-orionprotocol-reentrancy-attack-with-poc/)
10 | - [Another Day, Another Reentrancy Attack](https://slowmist.medium.com/another-day-another-reentrancy-attack-5cde10bbb2b4)
11 | - [Another Re-entrancy Attack](https://www.zaryabs.com/another-re-entrancy-attack-whats-stopping-us-from-being-a-better-smart-contract-developer/)
12 | - [Arcadia Finance $460k exploit](https://arcadiafinance.medium.com/post-mortem-72e9d24a79b0)
13 | - [bytes032 Read-only reentrancyexplainer Thread](https://twitter.com/bytes032/status/1616357019522400256)
14 | - [Callback-Function Reentrancy Attacks in Solidity](https://r4bbit.vercel.app/blog/solidity-callback-function-reentrancy)
15 | - [Cauldron V4 Post Mortem](https://mirror.xyz/0x5744b051845B62D6f5B6Db095cc428bCbBBAc6F9/47LK6nUpMrVsYzfCYBTyZsc_7t5Sh5onxO8sSEotNMY)
16 | - [Conic Finance exploit Thread](https://twitter.com/ConicFinance/status/1682385596700844032)
17 | - [Conic Finance post mortem](https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d)
18 | - [Conic Finance-Detailed Hack Analysis](https://immunebytes.medium.com/conic-finance-detailed-hack-analysis-july-21-immunebytes-923a8d6fc107)
19 | - [Cosmos IBC Reentrancy Infinite Mint](https://www.asymmetric.re/blog/cosmos-ibc-reentrancy-infinite-mint)
20 | - [Cronos critical Thread](https://twitter.com/0xDjangoOnChain/status/1771220313205825917)
21 | - [Cross-chain re-entrancy](https://medium.com/@mateocesaroni_11308/cross-chain-re-entrancy-54ec2e924e9c)
22 | - [Cross-Contract Reentrancy Attack](https://github.com/InspexCo/cross-contract-reentrancy)
23 | - [Cross-Contract Reentrancy Attack](https://inspexco.medium.com/cross-contract-reentrancy-attack-402d27a02a15)
24 | - [Cross-Contract Reentrancy explained Thread](https://twitter.com/0xpsuedopandit/status/1637051757573414918)
25 | - [Curve Finance Liquidity Pools Hack Explained](https://hacken.io/discover/curve-finance-liquidity-pools-hack-explained/)
26 | - [Curve Hack - Fuzzing Reproduction](https://github.com/rappie/echidna-curve-reentrancy-hack)
27 | - [Decoding Earning Farm’s $528k Exploit](https://blog.quillaudits.com/2023/08/10/decoding-earning-farms-528k-exploit/)
28 | - [Decoding Sentiment Protocol’s $1 Million Exploit](https://quillaudits.medium.com/decoding-sentiment-protocols-1-million-exploit-quillaudits-f36bee77d376)
29 | - [Details of Lendf.Me Reentrancy Attack](https://slowmist.medium.com/slowmist-details-of-lendf-me-reentrancy-attack-3e168ab5f2b1)
30 | - [dForce exploit Thread](https://twitter.com/BlockSecTeam/status/1623901011680333824)
31 | - [DFORCE NETWORK](https://rekt.news/dforce-network-rekt/)
32 | - [DFX Finance Hack-Nov 10, 2022](https://immunebytes.medium.com/dfx-finance-hack-nov-10-2022-detailed-analysis-immunebytes-442813a60b9a)
33 | - [Dynamic Finance Hack Analysis](https://blog.solidityscan.com/dynamic-finance-hack-analysis-incorrect-deposit-logic-359f2ca1e777)
34 | - [EarningFarm Hack Analysis](https://blog.solidityscan.com/earningfarm-hack-analysis-f5eba2a1e080)
35 | - [EraLend exploit](https://rekt.news/eralend-rekt/)
36 | - [Essential Auditing Knowledge | What is the Difficult-to-Guard “Read-Only Reentrancy Attack”?](https://medium.com/@Beosin_com/essential-auditing-knowledge-what-is-the-difficult-to-guard-read-only-reentrancy-attack-a76af5f2fc27)
37 | - [Exploiting Uniswap: from reentrancy to actual profit](https://blog.openzeppelin.com/exploiting-uniswap-from-reentrancy-to-actual-profit)
38 | - [Finding a viper in the curved lawn](https://medium.com/@kupiasec/finding-a-viper-in-the-curved-lawn-e43401997cce)
39 | - [Flash Loan & Reentrancy Attack: Analysis of Hundred and Agave Hack](https://medium.com/@sharkteam/flash-loan-reentrancy-attack-analysis-of-hundred-and-agave-hack-455c38d076cb)
40 | - [Flashloan + reentrance attacks, technical analysis about why OUSE lost $ 7 million](https://slowmist.medium.com/flashloan-reentrance-attacks-technical-analysis-about-why-ouse-lost-7-million-f7d090d853a8)
41 | - [Hack Analysis: Omni Protocol, July 2022](https://medium.com/immunefi/hack-analysis-omni-protocol-july-2022-2d35091a0109)
42 | - [Hoshiyari finds critical in ERC-4626 vault Thread](https://twitter.com/hoshiyari420/status/1770819387433377940)
43 | - [How to Escape Smart Contracts from The Clutch of Reentrancy Attacks?](https://blog.quillaudits.com/2022/10/03/how-to-escape-smart-contracts-from-the-clutch-of-reentrancy-attacks/)
44 | - [https://blog.solidityscan.com/starsarena-hack-analysis-e71d78704e85](https://blog.solidityscan.com/starsarena-hack-analysis-e71d78704e85)
45 | - [Intro to Smart Contract Security Audits | Reentrancy Attack](https://slowmist.medium.com/introduction-to-smart-contract-vulnerabilities-reentrancy-attack-2893ec8390a)
46 | - [Jarvis Network Flash Loan and Re-Entrancy Attack Analysis](https://medium.com/@numencyberlabs/jarvis-network-flash-loan-and-re-entrancy-attack-analysis-a649748f90bb)
47 | - [Jarvis Network Flash Loan and Re-Entrancy Attack Analysis](https://www.numencyber.com/jarvis-network-flash-loan-and-re-entrancy-attack-analysis/)
48 | - [Jarvis Polygon Pool Hack Analysis](https://blog.solidityscan.com/jarvis-polygon-pool-hack-analysis-read-only-re-entrancy-af0607e4585a)
49 | - [JAY Token Exploit](https://blog.solidityscan.com/jay-token-exploit-reentrancy-attack-d7a4923b6333)
50 | - [JPEG’d Hack Analysis](https://blog.solidityscan.com/jpegd-hack-analysis-a5a3dc89fa4)
51 | - [Libertify exploit Thread](https://twitter.com/peckshield/status/1678688731908411393)
52 | - [Loss Exceeds $80M Due to Reentrancy Vulnerability in Contract: Beosin’s Analysis of the FeiProtocol Exploit](https://medium.com/coinmonks/loss-exceeds-80m-due-to-reentrancy-vulnerability-in-contract-beosins-analysis-of-the-882742f5f248)
53 | - [Mainnet Re-Entrancy Flaw Exploited](https://typefully.com/cleanunicorn/mainnet-re-entrancy-flaw-exploited-uFOx8JV)
54 | - [Minterest Post-Mortem](https://minterest.com/blog/minterest-security-incident-post-mortem-report/)
55 | - [Multiple Projects Attacked Due to Vyper Reentrancy Vulnerability](https://medium.com/@Beosin_com/are-your-funds-safe-deb07459acba)
56 | - [NFT contracts also have reentrancy risks: Analysis of Revest Finance hack](https://medium.com/@sharkteam/nft-contracts-also-have-reentrancy-risks-analysis-of-revest-finance-hack-5ec2fdb8b01e)
57 | - [OpenZeppelin Reentrancy Bugfix Review](https://medium.com/immunefi/openzeppelin-bug-fix-postmortem-66d8c89ed166)
58 | - [Orion Protocol exploit Thread](https://twitter.com/BlockSecTeam/status/1621263393054420992)
59 | - [Orion Protocol Hack Analysis](https://blog.solidityscan.com/orion-protocol-hack-analysis-missing-reentrancy-protection-f9af6995acb3)
60 | - [ORION PROTOCOL hack](https://rekt.news/orion-protocol-rekt/)
61 | - [Paribus exploit Thread](https://twitter.com/peckshield/status/1645742296904929280)
62 | - [Platypus Stablecoin USP Hack Analysis](https://blog.solidityscan.com/platypus-stablecoin-usp-hack-analysis-withdraw-funds-without-paying-the-debt-9fa3ef06eddc)
63 | - [Rari-Capital Re-entrancy Vulnerability Analysis](https://blog.solidityscan.com/rari-capital-re-entrancy-vulnerability-analysis-25df2bbfc803)
64 | - [Re-Entrancy Attacks](https://dacian.me/re-entrancy-attacks)
65 | - [Re-Entrancy](https://solidity-by-example.org/hacks/re-entrancy/)
66 | - [Read-only reentrancy attacks: understanding the threat to your smart contracts](https://medium.com/@zokyo.io/read-only-reentrancy-attacks-understanding-the-threat-to-your-smart-contracts-99444c0a7334)
67 | - [Read-only Reentrancy: In-Depth](https://blog.pessimistic.io/read-only-reentrancy-in-depth-6ea7e9d78e85)
68 | - [Read-only Reentrancy: In-Depth](https://officercia.mirror.xyz/DBzFiDuxmDOTQEbfXhvLdK0DXVpKu1Nkurk0Cqk3QKc)
69 | - [Reentrancy After Istanbul](https://blog.openzeppelin.com/reentrancy-after-istanbul)
70 | - [Reentrancy Attack on Cream Finance](https://inspexco.medium.com/reentrancy-attack-on-cream-finance-incident-analysis-1c629686b6f5)
71 | - [Reentrancy Attack: Analysis of Visor Finance’s Uniswap V3 Liquidity Protocol Hack](https://medium.com/@sharkteam/reentrancy-attack-analysis-of-visor-finances-uniswap-v3-liquidity-protocol-hack-55d3b29201c8)
72 | - [Reentrancy Attack](https://hacken.io/discover/reentrancy-attacks/)
73 | - [Reentrancy Attack](https://olympixai.medium.com/reentrancy-attack-c08b69fca987)
74 | - [Reentrancy Attacks on Smart Contracts Distilled](https://officercia.mirror.xyz/RoWpSjah4hvKvCyrCgqtdyWX657e3-qUeShBZ2VtkUs)
75 | - [Reentrancy](https://lab.guardianaudits.com/encyclopedia-of-solidity-attack-vectors/reentrancy)
76 | - [Revest Finance Vulnerabilities](https://blocksecteam.medium.com/revest-finance-vulnerabilities-more-than-re-entrancy-1609957b742f)
77 | - [Safeguarding Against Re-Entrancy Attacks](https://medium.com/@JohnnyTime/safeguarding-against-re-entrancy-attacks-f82ee33496b9)
78 | - [Secure Smart Contract Development — Code Reentrancy in NFT Contracts](https://blocksecteam.medium.com/secure-smart-contract-development-code-reentrancy-in-nft-contracts-fa6799a3966c)
79 | - [Sentiment Hack Analysis](https://blog.solidityscan.com/sentiment-hack-analysis-reentrancy-attack-8d1b2b6a1691)
80 | - [Sentiment Hack Thread](https://twitter.com/peckshieldalert/status/1643423875064270848)
81 | - [SharkTeam: Analysis of Vyper Vulnerability Leading to Attacks on Projects like Curve and JPEG’d](https://medium.com/@sharkteam/sharkteam-analysis-of-vyper-vulnerability-leading-to-attacks-on-projects-like-curve-and-jpegd-70a3ac12ba3c)
82 | - [Single-Function Reentrancy Attacks in Solidity](https://r4bbit.vercel.app/blog/solidity-reentrancy-guide)
83 | - [SlowMist: A brief analysis of the Akropolis attack](https://slowmist.medium.com/a-brief-analysis-of-the-akropolis-attack-7e979bd23831)
84 | - [SlowMist: Restore the truth about the Lendf.Me hacking incident](https://slowmist.medium.com/slowmist-restore-the-truth-about-the-lendf-me-hacking-incident-4a801e569d5d)
85 | - [Solidity Security By Example #05: Cross-Contract Reentrancy](https://medium.com/valixconsulting/solidity-smart-contract-security-by-example-05-cross-contract-reentrancy-30f29e2a01b9)
86 | - [Sturdy Finance exploit](https://rekt.news/sturdy-rekt/)
87 |
88 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Reversing.md:
--------------------------------------------------------------------------------
1 | # Reversing
2 |
3 | - [Deconstructing a Solidity Contract —Part I: Introduction](https://blog.openzeppelin.com/deconstructing-a-solidity-contract-part-i-introduction-832efd2d7737)
4 | - [DeGatchi on Reverse Engineering and MEV Video](https://www.youtube.com/watch?v=ZqolZvfs2h8)
5 | - [Disassembling EVM Bytecode](https://whileydave.com/2023/01/04/disassembling-evm-bytecode-the-basics/)
6 | - [Diving Into Smart Contract Decompilation](https://jbecker.dev/research/diving-into-decompilation)
7 | - [EthTx Transaction Decoder](https://ethtx.info/)
8 | - [evm.storage](https://evm.storage/)
9 | - [DeGatchi Jon Becker Interview On Reverse Engineering Thread](https://twitter.com/DeGatchi/status/1714930689416548401)
10 | - [Online Solidity Decompiler](https://ethervm.io/decompile)
11 | - [REVERSE ENGINEERING A CONTRACT](https://ethereum.org/en/developers/tutorials/reverse-engineering-a-contract/)
12 | - [Reversing and debugging EVM Smart contracts](https://trustchain.medium.com/reversing-and-debugging-evm-smart-contracts-392fdadef32d)
13 | - [Reversing The EVM: Raw Calldata](https://degatchi.com/articles/reading-raw-evm-calldata)
14 |
15 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/RoadMaps.md:
--------------------------------------------------------------------------------
1 | # RoadMaps
2 |
3 | - [Becoming a web 3 security researcher](https://www.joranhonig.nl/becoming-a-web-3-security-researcher-balancing-foundations-and-the-attacker-mindset/)
4 | - [Bug Bounty Beginner's Roadmap](https://github.com/bittentech/Bug-Bounty-Beginner-Roadmap)
5 | - [Contractcops Auditor Roadmap](https://github.com/contractcops/auditingroadmap)
6 | - [DeFi Developer Road Map](https://github.com/OffcierCia/DeFi-Developer-Road-Map)
7 | - [How to become a smart contract auditor](https://cmichel.io/how-to-become-a-smart-contract-auditor/)
8 | - [How to become the Number 1 Auditor in Web3](https://patrickalphac.medium.com/how-to-become-the-number-1-auditor-in-web3-169fee9b1b63)
9 | - [Mattaereal’s Ethereum security road-map](https://mattaereal.notion.site/matta-s-Ethereum-security-road-map-cf7d7f2e48ea4aa0a8f4a2eff86342a7)
10 | - [Not so awesome Web3 Security Researcher roadmap](https://github.com/tpiliposian/not-awesome-web3-security-roadmap)
11 | - [Razzorsec AuditorsRoadmap](https://github.com/razzorsec/AuditorsRoadmap)
12 | - [Secureum mind map](https://github.com/x676f64/secureum-mind_map)
13 | - [SlowMist-Learning-Roadmap-for-Becoming-a-Smart-Contract-Auditor](https://github.com/slowmist/SlowMist-Learning-Roadmap-for-Becoming-a-Smart-Contract-Auditor)
14 | - [Why are you not an Elite Smart Contract Security Researcher?](https://www.gmhacker.com/why-are-you-not-an-elite-smart-contract-security-researcher/)
15 |
16 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Rounding Math.md:
--------------------------------------------------------------------------------
1 | # Rounding and Math
2 |
3 | - [Balancer rounding error bugfix review](https://medium.com/immunefi/balancer-rounding-error-bugfix-review-cbf69482ee3d)
4 | - [Kankodu donation attack Thread](https://twitter.com/kankodu/status/1771229163942474096)
5 | - [Kankodu MIM_Spell attack Thread](https://twitter.com/kankodu/status/1752581744803680680)
6 | - [LayerZero integration truncation issue](https://x.com/windhustler/status/1889269333160812807)
7 | - [Rate manipulation in Balancer Boosted Pools](https://medium.com/balancer-protocol/rate-manipulation-in-balancer-boosted-pools-technical-postmortem-53db4b642492)
8 | - [Rounding Errors For Auditors](https://33audits.hashnode.dev/rounding-errors-for-auditors)
9 | - [SwaposV2Pair Hack Thread](https://twitter.com/beosinalert/status/1647552192243728385)
10 | - [Wise lending hack analysis](https://blog.solidityscan.com/wise-lending-hack-analysis-f652f389e397)
11 |
12 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Security Checklists.md:
--------------------------------------------------------------------------------
1 | # Security Checklists
2 |
3 | - [20 Common Solidity Beginner Mistakes](https://www.rareskills.io/post/solidity-beginner-mistakes)
4 | - [Checklist for Auditing TON Smart Contracts](https://github.com/PositiveSecurity/ton-audit-guide)
5 | - [Checks While Hacks](https://github.com/0xprinc/checks-while-hacks)
6 | - [DeFi-anti-hack-checklist](https://github.com/Quillhash/DeFi-anti-hack-checklist)
7 | - [Ethereum smart contracts security recommendations and best practices](https://github.com/guylando/KnowledgeLists/blob/master/EthereumSmartContracts.md)
8 | - [Morpho Security Checklists](https://github.com/morpho-org/morpho-security)
9 | - [Rust smart contract security guide in Solana](https://exvul.com/rust-smart-contract-security-guide-in-solana/)
10 | - [Security Checklist](https://audit-quality.github.io/security-checklist/)
11 | - [Security Roadmap for Solana applications](https://github.com/Rektoff/Security-Roadmap-for-Solana-applications)
12 | - [Simple Security Toolkit](https://github.com/nascentxyz/simple-security-toolkit)
13 | - [SlowMist: Web3 Project Security Practice Requirements](https://slowmist.medium.com/slowmist-web3-project-security-practice-requirements-2f1b38f48804)
14 | - [Smart Contract Auditing Heuristics](https://github.com/OpenCoreCH/smart-contract-auditing-heuristics)
15 | - [SmartContracts Audit Checklist](https://github.com/tamjid0x01/SmartContracts-audit-checklist)
16 | - [Solana smart contract security best practices](https://github.com/slowmist/solana-smart-contract-security-best-practices)
17 | - [Solcurity](https://github.com/transmissions11/solcurity)
18 | - [Solidity Checklist & Reentrancy Attack](https://officercia.mirror.xyz/AoRdvL3Lp5K5JHjlgpWaOHo_CehH-amZSAm9pxuFdwQ)
19 | - [Solodit's Audit Checklist](https://github.com/Cyfrin/audit-checklist)
20 | - [The Ultimate 100+ Point Checklist Before Sending Your Smart Contract for Audit](https://betterprogramming.pub/the-ultimate-100-point-checklist-before-sending-your-smart-contract-for-audit-af9a5b5d95d0)
21 | - [The ultimate security checklist](https://www.beirao.xyz/blog/Security-checklist)
22 | - [Trail of Bits Rekt Test](https://blog.trailofbits.com/2023/08/14/can-you-pass-the-rekt-test/)
23 |
24 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Security Courses.md:
--------------------------------------------------------------------------------
1 | # Security Courses
2 |
3 | - [Blockchain Security Course Video](https://www.youtube.com/playlist?list=PLgAorDu9_-dPGPkVWFceDNjlHyvvrx8Y0)
4 | - [Cyfrin Updraft](https://updraft.cyfrin.io/courses/security)
5 | - [DeFi Hacks Reproduce & Academy](https://github.com/SunWeb3Sec/DeFiHackLabs)
6 | - [DeFiHackLabs Ethereum and Web3 Security Bootcamp](https://github.com/DeFiHackLabs/DeFiHackLabs-Ethereum-Web3-Security-BootCamp)
7 | - [DeFiVulnLabs](https://github.com/SunWeb3Sec/DeFiVulnLabs)
8 | - [Gateway Free Web3 Security Course](https://guardianaudits.notion.site/guardianaudits/Gateway-Free-Web3-Security-Course-574f4d819c144d7895cda6d61ba26503)
9 | - [LearnEVM](https://learnevm.com/)
10 | - [Node Guardians](https://nodeguardians.io/)
11 | - [Peter's Solidity Recruitment Test Video](https://www.youtube.com/watch?v=80fA7foSi7c)
12 | - [Rareskills Test](https://www.rareskills.io/test-yourself)
13 | - [Secureum](https://secureum.substack.com/)
14 | - [Security and Auditing Full Course-s23](https://github.com/Cyfrin/security-and-auditing-full-course-s23)
15 | - [Smart Contracts and Hacking 101](https://github.com/jcsec-security/smart-contracts-and-hacking-101)
16 | - [Solana Security Workshop](https://github.com/neodyme-labs/neodyme-breakpoint-workshop)
17 |
18 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Security Monitoring Protection.md:
--------------------------------------------------------------------------------
1 | # Security Monitoring and Protection
2 |
3 | - [A Case for the Defense](https://www.trust-security.xyz/post/case-for-the-defense)
4 | - [A Novel Collaborative Learning Framework to Detect Attacks in Transactions and Smart Contracts](https://arxiv.org/abs/2308.15804)
5 | - [Crisis Handbook - Smart Contract Hack](https://docs.google.com/document/d/1DaAiuGFkMEMMiIuvqhePL5aDFGHJ9Ya6D04rdaldqC0/edit#heading=h.c4h2beeflqpo)
6 | - [DeDotFi Preventative Security Tactics Thread](https://twitter.com/DeDotFi/status/1696553086322659400)
7 | - [DeFi-anti-hack-checklist](https://github.com/Quillhash/DeFi-anti-hack-checklist)
8 | - [Establishing On-Chain Communication After an Incident](https://slowmist.medium.com/navigating-on-chain-communication-after-a-crypto-hack-74a4fd8b1791)
9 | - [Evaluating blockchain security maturity](https://blog.trailofbits.com/2023/07/14/evaluating-blockchain-security-maturity/)
10 | - [Francisco Giordano - Incident response at OpenZeppelin Contracts and how to be in the loop Video](https://www.youtube.com/watch?v=mB3bcUtoQvE&list=PLqL60kqgLPBAM-gy8Dop9tTREOuq1q2QV&index=50)
11 | - [Gal Sagie - You got Hacked, now What? Video](https://www.youtube.com/watch?v=Fc08cFnOeOE&list=PLhM7rBgpVV-KN8mM17IRSFIGsL0EaGA_m&index=38)
12 | - [How to create a web3 security incident response plan](https://www.halborn.com/blog/post/how-to-create-a-web3-security-incident-response-plan)
13 | - [How to Defend Your Castle | Innovative Trio in Smart Contract Security: Monitoring, Prevention, Defense](https://blog.pessimistic.io/how-to-defend-your-castle-innovative-trio-in-smart-contract-security-monitoring-prevention-c8885304035a)
14 | - [How to not get hacked and other security lessons learned Video](https://www.youtube.com/watch?v=UkiGrLfk58Y)
15 | - [How to Set Up Your Own Forta/Erigon Node](https://mixbytes.io/blog/how-to-set-up-your-own-forta-erigon-node)
16 | - [Monitoring & Incident Response Video](https://www.youtube.com/watch?v=oZP3MGddaMg)
17 | - [Monitoring and Mitigation of Economic Risk Video](https://www.youtube.com/watch?v=A50JUVVdCic)
18 | - [Morpho Security](https://github.com/morpho-org/morpho-security)
19 | - [Securing Web3 Through Proactive Threat Prevention](https://blocksecteam.medium.com/securing-web3-through-proactive-threat-prevention-e9c6e0319531)
20 | - [Security Defense For Smart Contracts](https://arxiv.org/abs/2302.07347)
21 | - [Threat Modeling for Smart Contracts: Best Step-by-Step Guide](https://composable-security.com/blog/threat-modeling-for-smart-contracts-best-step-by-step-guide/)
22 | - [What does a project need to do to stay secure? Video](https://www.youtube.com/watch?v=RrlFnMNsSqQ)
23 |
24 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Signature vulnerabilities.md:
--------------------------------------------------------------------------------
1 | # Signature Vulnerabilities
2 |
3 | - [0xOwenThurm Signature Malleability Thread](https://twitter.com/0xOwenThurm/status/1619151598877577216)
4 | - [After Ethereum merge, beware of replay attacks](https://medium.com/@sharkteam/after-ethereum-merge-beware-of-replay-attacks-analysis-of-the-attack-on-omnis-cross-chain-bridge-3d36d8045755)
5 | - [Auditor’s Digest : The risks of EIP712](https://medium.com/@chinmayf/auditors-digest-the-risks-of-eip712-5a0fc57e3837)
6 | - [Avalanche Protocol Signature Exploit: Part One](https://librechain.org/avalanche-protocol-signature-exploit-part-one)
7 | - [B002: Solidity EC Signature Pitfalls](https://0xsomeone.medium.com/b002-solidity-ec-signature-pitfalls-b24a0f91aef4)
8 | - [Compact Signature malleability](https://github.com/pcaversaccio/malleable-signatures#readme)
9 | - [Decoding Azuki DAO Hack](https://blog.quillaudits.com/2023/07/04/decoding-azuki-dao-hack/)
10 | - [Don’t overextend your Oblivious Transfer](https://blog.trailofbits.com/2023/09/20/dont-overextend-your-oblivious-transfer/)
11 | - [ECDSA signature vulnerabilities](https://github.com/0xbok/ecdsa-vuln-poc#ecdsa-signature-vulnerabilities)
12 | - [Exploiting Signature Verification Vulnerabilities in Smart Contracts](https://medium.com/@Heuss/exploiting-signature-verification-vulnerabilities-in-smart-contracts-f4eb64cd3b23)
13 | - [Frequent security risks on NFT trading platforms — Analysis of OpenSea & X2Y2 security incidents](https://medium.com/@sharkteam/frequent-security-risks-on-nft-trading-platforms-analysis-of-opensea-x2y2-security-incidents-2efd201f8587)
14 | - [How to Steal User’s Signature in NFT Phishing Attacks](https://medium.com/@Beosin_com/how-to-steal-users-signature-in-nft-phishing-attacks-13d7e7580dc5)
15 | - [How to verify a signature in a wrong way](https://blocksecteam.medium.com/how-to-verify-a-signature-in-a-wrong-way-the-associationnft-case-5a913e9b8a1d)
16 | - [How was Multichain Exploited?](https://neptunemutual.com/blog/how-was-multichain-exploited/)
17 | - [Intro to Smart Contract Security Audit — Signature Replay](https://slowmist.medium.com/intro-to-smart-contract-security-audit-signature-replay-b71c23910629)
18 | - [Malleable Signatures](https://github.com/pcaversaccio/malleable-signatures)
19 | - [MetaSleuth Azuki DAO exploit Thread](https://twitter.com/MetaSleuth/status/1675783739174166528)
20 | - [NFT liquidity market security issues frequently occur— — Analysis of the hack of NFT trading platform Quixotic](https://medium.com/@sharkteam/nft-liquidity-market-security-issues-frequently-occur-analysis-of-the-hack-of-nft-trading-8f3c8a683605)
21 | - [Polynonce: A Tale of A Novel ECDSA Attack and Bitcoin Tears](https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/)
22 | - [Preventing replay attacks post ethereum merge](https://quantstamp.com/blog/preventing-replay-attacks-post-ethereum-merge)
23 | - [Reveal the “Message’’ Replay Attacks on EthereumPoW](https://blocksecteam.medium.com/reveal-the-message-replay-attacks-on-ethereumpow-64e4feee991c)
24 | - [SharkTeam: Analysis of the AzukiDAO Attack Incident](https://medium.com/@sharkteam/sharkteam-analysis-of-the-azukidao-attack-incident-30871b69ae54)
25 | - [SharkTeam: Move Language Security Analysis and Contract Audit Essentials — — The Replay Attack](https://medium.com/@sharkteam/sharkteam-move-language-security-analysis-and-contract-audit-essentials-the-replay-attack-73579b2b5977)
26 | - [Signature Replay Attacks](https://dacian.me/signature-replay-attacks)
27 | - [Signature replay vulneribility](https://blogs.web3sec.news/posts/signature-replay-vulneribility/)
28 | - [Signature Replay](https://olympixai.medium.com/signature-replay-f2f405749f61)
29 | - [Signature Replay](https://solidity-by-example.org/hacks/signature-replay/)
30 | - [SlowMist: Ethereum Smart Contracts Replay Attack Details Analysis](https://slowmist.medium.com/slowmist-ethereum-smart-contracts-replay-attack-details-analysis-3380d292f981)
31 | - [SlowMist: Key to the Theft of 20 Million OP Tokens](https://slowmist.medium.com/slowmist-key-to-the-theft-of-20-million-op-tokens-transaction-replay-490baaf45f26)
32 | - [Top-10 Vulnerabilities in Substrate-based Blockchains Using Rust](https://medium.com/rektoff/top-10-vulnerabilities-in-substrate-based-blockchains-using-rust-d454279521ff)
33 | - [Transaction Replay + Management Vulnerability](https://medium.com/@sharkteam/transaction-replay-management-vulnerability-analysis-of-20-million-op-stolen-incident-30191b47e689)
34 | - [Understanding Signature Replay Attack](https://medium.com/neptune-mutual/understanding-signature-replay-attack-cbb70a7f46d8)
35 |
36 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Tools.md:
--------------------------------------------------------------------------------
1 | # Tools
2 |
3 | - [4naly3er](https://github.com/Picodes/4naly3er)
4 | - [Audit wizard](https://www.auditwizard.io/blog/audit-wizard-beta-launch)
5 | - [Auditor toolbox](https://hackmd.io/@Deivitto/The-Auditor-Toolbox)
6 | - [Awesome Advanced Smart Contracts Testing and Verification](https://github.com/GianfrancoBazzani/awesome-advanced-smart-contracts-testing-and-verification)
7 | - [Awesome smart contract analysis tools](https://github.com/LouisTsai-Csie/awesome-smart-contract-analysis-tools)
8 | - [Caracal](https://github.com/crytic/caracal)
9 | - [Certora Prover](https://github.com/Certora/CertoraProver)
10 | - [Certora prover](https://www.certora.com/prover)
11 | - [Chain Walker](https://github.com/0xsha/ChainWalker)
12 | - [Circomscribe](https://www.zksecurity.xyz/blog/posts/circomscribe/)
13 | - [Circomspect](https://github.com/trailofbits/circomspect)
14 | - [Contender](https://github.com/flashbots/contender)
15 | - [Contract Diff Tool](https://github.com/x48115/contract-diff-tool)
16 | - [Contract_grabber](https://github.com/brockelmore/contract_grabber)
17 | - [Decompile Bytecode](https://library.dedaub.com/decompile)
18 | - [DeFi Detective](https://github.com/plotchy/defi-detective)
19 | - [Diffusc](https://github.com/crytic/diffusc)
20 | - [Diffyscan](https://github.com/lidofinance/diffyscan)
21 | - [Echidna](https://github.com/crytic/echidna)
22 | - [Erever](https://github.com/minaminao/erever)
23 | - [Etheno](https://github.com/crytic/etheno)
24 | - [EtherSolve](https://github.com/SeUniVr/EtherSolve)
25 | - [EVM hound rs](https://github.com/g00dv1n/evm-hound-rs)
26 | - [EVM Toolkit](https://github.com/quilt/etk)
27 | - [EVM-SMT solver](https://github.com/EVM-SMT/solver)
28 | - [Forge-gas-metering](https://github.com/emo-eth/forge-gas-metering)
29 | - [Forta Bot Templates](https://github.com/arbitraryexecution/forta-bot-templates)
30 | - [Forta Starter Kit Bot Details](https://docs.forta.network/en/latest/starter-kit-bot-details/#alert-combiner)
31 | - [Forta-agents](https://github.com/kovart/forta-agents/tree/main)
32 | - [Forta-bot-examples](https://github.com/forta-network/forta-bot-examples)
33 | - [Foundry Gas Diff](https://github.com/Rubilmax/foundry-gas-diff)
34 | - [Foundry Multibuild](https://github.com/PaulRBerg/foundry-multibuild)
35 | - [Fuzz introspector](https://github.com/ossf/fuzz-introspector)
36 | - [Fuzzlib](https://github.com/perimetersec/fuzzlib/tree/main)
37 | - [Gambit](https://github.com/Certora/gambit)
38 | - [Generate Foundry Fork Test from Attack Transaction](https://github.com/fuzzland/girlfriend)
39 | - [Halmos](https://github.com/a16z/halmos)
40 | - [Heimdall-rs](https://github.com/Jon-Becker/heimdall-rs)
41 | - [Ityfuzz](https://github.com/fuzzland/ityfuzz)
42 | - [Kontrol](https://github.com/runtimeverification/kontrol)
43 | - [MadMax](https://github.com/nevillegrech/MadMax)
44 | - [Manticore](https://github.com/trailofbits/manticore)
45 | - [Masamune](https://github.com/Zellic/Masamune)
46 | - [Medusa](https://github.com/crytic/medusa)
47 | - [MEV inspect-py](https://github.com/flashbots/mev-inspect-py)
48 | - [MEV Toolkit](https://github.com/go-outside-labs/mev-toolkit)
49 | - [Napalm](https://github.com/ConsensysDiligence/napalm)
50 | - [Necessist](https://github.com/trailofbits/necessist)
51 | - [Online ABI Encoder](https://abi.hashex.org/)
52 | - [Optik](https://github.com/crytic/optik)
53 | - [Pakala](https://github.com/palkeo/pakala)
54 | - [Preventing Web3 Hacks with Mutation Testing](https://www.youtube.com/watch?v=Ch1PgFw1hHI)
55 | - [ProMutator](https://github.com/csienslab/ProMutator)
56 | - [Pyrometer](https://github.com/nascentxyz/pyrometer)
57 | - [Rattle](https://github.com/crytic/rattle)
58 | - [ReSuMo](https://github.com/MorenaBarboni/ReSuMo)
59 | - [ScrapyFi](https://github.com/pratraut/scrapyFi)
60 | - [Scribble](https://github.com/Consensys/scribble)
61 | - [Semgrep rules for Compound](https://github.com/Decurity/compound-semgrep-rules)
62 | - [Semgrep rules for smart contracts](https://github.com/Decurity/semgrep-smart-contracts)
63 | - [Sleuthing Toolbox](https://community.thecreed.xyz/c/warez/sleuthing-toolbox-everything-you-need-to-reverse-engineer-web3-hacks)
64 | - [Slither](https://github.com/crytic/slither)
65 | - [Slitherin](https://github.com/pessimistic-io/slitherin)
66 | - [Smart Contract Auditor Tools and Techniques](https://github.com/shanzson/Smart-Contract-Auditor-Tools-and-Techniques)
67 | - [Smart Contract Storage HexViewer](https://github.com/tintinweb/smart-contract-storage-viewer)
68 | - [SmartCheck](https://github.com/smartdec/smartcheck)
69 | - [Smartian](https://github.com/SoftSec-KAIST/Smartian)
70 | - [Solhunt](https://github.com/iFrostizz/solhunt)
71 | - [Solidity Mutation Testing](https://www.rareskills.io/post/solidity-mutation-testing)
72 | - [Solstat](https://github.com/0xKitsune/solstat)
73 | - [SuMo-SOlidity-MUtator](https://github.com/MorenaBarboni/SuMo-SOlidity-MUtator)
74 | - [Tayt](https://github.com/crytic/tayt)
75 | - [Theo](https://github.com/cleanunicorn/theo)
76 | - [Thread about The Secureum Kontrol workshop](https://twitter.com/nisedo_/status/1781001894585934159)
77 | - [Transaction Tracer](https://openchain.xyz/trace)
78 | - [TX coverage](https://github.com/Decurity/tx-coverage)
79 | - [Universalmutator](https://github.com/agroce/universalmutator)
80 | - [Vertigo-rs](https://github.com/RareSkills/vertigo-rs)
81 | - [Vyper Halmos](https://github.com/zobront/vyper-halmos)
82 | - [Vyper Interface Scanner](https://github.com/YAcademy-Residents/vyper-interface-scanner)
83 | - [WhatsABI](https://github.com/shazow/whatsabi)
84 | - [Whitehacks Kit](https://github.com/emilianobonassi/whitehacks-kit)
85 | - [Yools](https://github.com/leonardoalt/yools)
86 |
87 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Upgradability.md:
--------------------------------------------------------------------------------
1 | # Upgradability
2 |
3 | - [0xngmi Foundation NFT contracts vulnerability disclosed Thread](https://twitter.com/0xngmi/status/1671344096441499648)
4 | - [A Comprehensive Survey of Upgradeable Smart Contract Patterns](https://arxiv.org/abs/2304.03405)
5 | - [Astaria vulnerability disclosed Thread](https://twitter.com/AstariaXYZ/status/1671215491069927429)
6 | - [Awesome Diamonds](https://github.com/mudgen/awesome-diamonds)
7 | - [Critical Bug Identified in 88mph](https://www.iosiro.com/blog/88mph-bug-bounty-post-mortem)
8 | - [diamond storage walkthrough by banteg](https://gist.github.com/banteg/0cee21909f7c1baedfa6c3d96ffe94f2)
9 | - [pashovkrum Upgradeability deep-dive Thread](https://twitter.com/pashovkrum/status/1699407698750578765)
10 | - [Security Guide to Proxies](https://proxies.yacademy.dev/pages/security-guide)
11 | - [Upgradeable proxy contract from scratch](https://jeiwan.net/posts/upgradeable-proxy-from-scratch/)
12 | - [Upgradeable Smart Contracts (USCs): Exploring The Concept And Security Risks](https://hacken.io/discover/upgradeable-smart-contracts/)
13 |
14 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/Validation Logic errors.md:
--------------------------------------------------------------------------------
1 | # Validation and Logic errors
2 |
3 | - [All your staking rewards are belong to us](https://blog.decurity.io/all-your-staking-rewards-are-belong-to-us-f53d5bd60989)
4 | - [Analysis of hacking incidents of NFT lending protocol XCarnival](https://medium.com/@sharkteam/nft-liquidity-protocols-security-dilemma-analysis-of-hacking-incidents-of-nft-lending-887621ed5d5f)
5 | - [Analysis of the Hedgey Finance Exploit](https://neptunemutual.com/blog/analysis-of-the-hedgey-finance-exploit/)
6 | - [Astrid Finance exploit Thread](https://twitter.com/MetaSec_xyz/status/1718229037460730260)
7 | - [Aurora rainbow bridge withdrawal logic bug Video](https://www.youtube.com/watch?v=RZuWwQA4xJU)
8 | - [Balancer Logic Error Bugfix Review](https://medium.com/immunefi/balancer-logic-error-bugfix-review-74f5edca8b1a)
9 | - [Beanstalk Insufficient Input Validation Bugfix Review](https://medium.com/immunefi/beanstalk-insufficient-input-validation-bugfix-review-fc3fdbaab15b)
10 | - [Beanstalk Logic Error Bugfix Review](https://medium.com/immunefi/beanstalk-logic-error-bugfix-review-4fea17478716)
11 | - [Beosin’s Analysis of the Arbitrum-based TreasureDAO exploit](https://medium.com/@Beosin_com/beosins-analysis-of-the-arbitrum-based-treasuredao-exploit-almost-all-hacked-nfts-have-been-d25d3b2f8462)
12 | - [Blur NFT platform bug allows old bids to be accepted](https://web3isgoinggreat.com/single/blur-nft-platform-bug-allows-old-bids-to-be-accepted)
13 | - [BRA Token Hack Analysis](https://blog.solidityscan.com/bra-token-hack-analysis-double-the-reward-e82ca060405e)
14 | - [Decoding Deus DAO $6.5 Million Exploit](https://quillaudits.medium.com/decoding-deus-dao-6-5-million-exploit-quillaudits-588bbecec61f)
15 | - [DEXIBLE hack](https://rekt.news/dexible-rekt/)
16 | - [Exactly Protocol exploit Thread](https://twitter.com/BlockSecTeam/status/1692533280971936059)
17 | - [Feed Every Gorilla hack Thread](https://twitter.com/AnciliaInc/status/1628840426890473472)
18 | - [Flash Loan Attack on TINU Token](https://www.numencyber.com/flashloan-attack-on-tinu-token/)
19 | - [From the vulnerability incident of APE airdrop, what is the security situation of NFT?](https://medium.com/@sharkteam/from-the-vulnerability-incident-of-ape-airdrop-what-is-the-security-situation-of-nft-e2346c6e8fac)
20 | - [Jump Satoshi Token Backdoor](https://medium.com/@Beosin_com/the-jump-satoshi-token-jst-has-a-backdoor-users-are-urged-to-withdraw-the-funds-asap-1364a340b2a9)
21 | - [LendingHub hack Thread](https://twitter.com/SlowMist_Team/status/1613906590574198784)
22 | - [LI.FI arbitrary call hack](https://li.fi/knowledge-hub/incident-report-16th-july/)
23 | - [Logic Error Bug Fix Review](https://medium.com/balancer-protocol/logic-error-bug-fix-review-da37f0cc9a08)
24 | - [Million Dollar Bugs And Where to Find Them](https://mirror.xyz/0x38F1416B9Ed3a5DA9C12c56cb4F74D9564844728/iv9_q74rSlK7gbvbJAECuDIbzfUtrSCO6mSWIHPskKI)
25 | - [NFTCloud Hack Thread](https://twitter.com/BlockSecTeam/status/1629097425771319296)
26 | - [ODOS Signature Validation Hack Deep Analysis](https://coinsbench.com/odos-siganture-validation-hack-deep-analysis-906dd158db93)
27 | - [OMNI Real Estate Token Exploit](https://medium.com/neptune-mutual/omni-real-estate-token-exploit-56643524fd70)
28 | - [Phantom Functions and the Billion-Dollar No-op](https://medium.com/dedaub/phantom-functions-and-the-billion-dollar-no-op-c56f062ae49f)
29 | - [phyProxy Hack Thread](https://twitter.com/BlockSecTeam/status/1619157445754101760)
30 | - [Pike USDC Withdrawal Vulnerability](https://mirror.xyz/pikefinance.eth/M1ToE42vwEHuE6xlz0dVRQwPT0xpaRtpIIw2arOdBAM)
31 | - [Platypus Finance Incident Post-Mortem](https://medium.com/@omniscia.io/platypus-finance-incident-post-mortem-7b71a0a47a5e)
32 | - [PrismaRisk Post Mortem](https://hackmd.io/@PrismaRisk/PostMortem0328)
33 | - [Quaternion Hack Thread](https://twitter.com/BlockSecTeam/status/1615625897671004161)
34 | - [Retrospecting Arbitrary Position Cancellation Vulnerability in Perpetual Protocol](https://medium.com/chainlight/retrospecting-arbitrary-position-cancellation-vulnerability-in-perpetual-protocol-68d529d755a5)
35 | - [Revert Finance Hack Thread](https://twitter.com/revertfinance/status/1626939407126376448)
36 | - [Sewer Pass Flash Claim Vulnerability](https://medium.com/@BendDAO/sewer-pass-flash-claim-vulnerability-9d2b0b1e09ef)
37 | - [Shata Capital Exploit Thread](https://twitter.com/BeosinAlert/status/1630884733671579653)
38 | - [SushiSwap's MISO contract issue](https://x.com/zenith256/status/1892640789169103073)
39 | - [The bug that codearena missed, twice](https://zzykxx.com/2023/02/02/the-bug-that-codearena-missed-,-twice/)
40 | - [Thoreum Finance Smart Contract Vulnerability](https://medium.com/neptune-mutual/thoreum-finance-smart-contract-vulnerability-1fc18068d18c)
41 | - [Trust The Trident Hack](https://twitter.com/BlockSecTeam/status/1657715018908180480)
42 | - [UF DAO hack Thread](https://twitter.com/BlockSecTeam/status/1613507804412940289)
43 | - [Unibot router Exploit](https://rekt.news/unibot-rekt/)
44 | - [Uniswap's SwapRouter doesn't refund unspent ETH in partial swaps](https://jeiwan.net/posts/public-bug-report-uniswap-swaprouter/)
45 | - [Upswing hack Thread](https://twitter.com/BlockSecTeam/status/1615521051487932418)
46 | - [USDs Feb 3 Exploit Report](https://medium.com/sperax/usds-feb-3-exploit-report-from-engineering-team-9f0fd3cef00c)
47 | - [Vulnerability in Virtuals](https://x.com/lj1nu/status/1875021257210736870)
48 | - [XCarnival NFT lending protocol vulnerability analysis](https://slowmist.medium.com/xcarnival-nft-lending-protocol-vulnerability-analysis-583474cede61)
49 |
50 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------
/Security Library/ZK.md:
--------------------------------------------------------------------------------
1 | # ZK
2 |
3 | - [0xiczc Vulnerability in the 0xPolygon zkEVM Thread](https://twitter.com/0xiczc/status/1662090451493740545)
4 | - [10 Must-Read Papers That Shaped Modern Zero-Knowledge Proofs](https://www.zksecurity.xyz/blog/posts/ten-zk-papers/)
5 | - [A Technical Dive into Jolt: The RISC-V zkVM](https://www.zksecurity.xyz/blog/posts/how-jolt-works/)
6 | - [a16z zkDocs](https://github.com/a16z/zkdocs)
7 | - [Algebraic Attacks on ZK-Friendly Hash Functions](https://www.zellic.io/blog/algebraic-attacks-on-zk-hash-functions/)
8 | - [Awesome zero knowledge proofs](https://github.com/matter-labs/awesome-zero-knowledge-proofs)
9 | - [Awesome Zero Knowledge](https://github.com/ventali/awesome-zk)
10 | - [Awesome zkEVM](https://github.com/LuozhuZhang/awesome-zkevm)
11 | - [Awesome ZKP Security](https://github.com/StefanosChaliasos/Awesome-ZKP-Security)
12 | - [Awesome zkVM](https://github.com/rkdud007/awesome-zkvm)
13 | - [awesome-starknet: security](https://github.com/keep-starknet-strange/awesome-starknet#security)
14 | - [Aztec Connect Claim Proof Bug](https://hackmd.io/@aztec-network/claim-proof-bug)
15 | - [Cairo and StarkNet Security](https://ctrlc03.github.io/post/cairo-security/)
16 | - [Circom-pairing library vulnerability](https://medium.com/veridise/circom-pairing-a-million-dollar-zk-bug-caught-early-c5624b278f25)
17 | - [Circuit Audit: Are Redundant Constraints Really Redundant?](https://medium.com/@Beosin_com/a-must-read-for-zkp-projects-circuit-audit-are-redundant-constraints-really-redundant-d0b091f0bf3)
18 | - [Common Zero-Knowledge Proof Vulnerabilities Video](https://www.youtube.com/watch?v=1RQSwj8h8rM)
19 | - [Exploring Cairo: A Security Primer](https://www.zellic.io/blog/cairo-security-primer/)
20 | - [Exploring Leo: A Primer on Aleo Program Security](https://www.zksecurity.xyz/blog/posts/aleo-program-security/)
21 | - [Exploring Tornado Cash In-Depth to Reveal Malleability Attacks in ZKP Projects](https://medium.com/@Beosin_com/exploring-tornado-cash-in-depth-to-reveal-malleability-attacks-in-zkp-projects-f7321922f82d)
22 | - [Ingopedia](https://github.com/ingonyama-zk/ingopedia)
23 | - [Noir's Circuit Backend](https://x.com/jtriley_eth/status/1871210040989720936)
24 | - [Nova Attack](https://www.zksecurity.xyz/blog/posts/nova-attack/)
25 | - [Practical Security Analysis of Zero-Knowledge Proof Circuits](https://eprint.iacr.org/2023/190)
26 | - [RareSkills ZKP CTF 1](https://x.com/RareSkills_io/status/1811263676747591772)
27 | - [RareSkills ZKP CTF 2](https://x.com/RareSkills_io/status/1813211998395552109)
28 | - [Reproducing and Exploiting ZK Circuit Vulnerabilities](https://www.zksecurity.xyz/blog/posts/zkbugs/)
29 | - [Security Concerns for Zero-Knowledge Proofs in Blockchain](https://medium.com/numen-cyber-labs/security-concerns-for-zero-knowledge-proofs-in-blockchain-a-comprehensive-guide-by-numen-cyber-ff7d93586c5b)
30 | - [SlowMist: Exploring the Frozen Heart Vulnerability in the Fiat-Shamir Scheme](https://slowmist.medium.com/slowmist-exploring-the-frozen-heart-vulnerability-in-the-fiat-shamir-scheme-3ff179450624)
31 | - [The zero-knowledge attack of the year might just have happened, or how Nova got broken](https://www.zksecurity.xyz/blog/posts/nova-attack/)
32 | - [TOB ZK blog posts](https://blog.trailofbits.com/category/zero-knowledge/)
33 | - [Trail of Bits zkdocs](https://github.com/trailofbits/zkdocs)
34 | - [Uncovering a ZK-EVM Soundness Bug in zkSync Era](https://medium.com/chainlight/uncovering-a-zk-evm-soundness-bug-in-zksync-era-f3bc1b2a66d8)
35 | - [Verichains Finds critcal in Polygon zkEVM](https://blog.verichains.io/p/discovering-and-fixing-a-critical)
36 | - [Weak Fiat-Shamir Attacks on Modern Proof Systems](https://eprint.iacr.org/2023/691)
37 | - [Welcome to the ZK Jargon Decoder](https://nmohnblatt.github.io/zk-jargon-decoder/foreword.html)
38 | - [zellic_io A Primer on Exploiting ZK Circuits Thread](https://twitter.com/zellic_io/status/1750638776215621971)
39 | - [Zero Knowledge Mastery](https://github.com/Quillhash/Zero-Knowledge-Mastery/)
40 | - [ZeroValidation](https://prestwich.substack.com/p/zero-validation)
41 | - [ZK Audit Guide](https://github.com/PositiveSecurity/zk-audit-guide)
42 | - [ZK Bug Tracker](https://github.com/0xPARC/zk-bug-tracker)
43 | - [ZK Security Blog](https://www.zksecurity.xyz/blog/)
44 | - [ZK security reviews](https://github.com/nullity00/zk-security-reviews)
45 | - [ZK Vulnerabilities: Sharp rocks hidden in deep water](https://medium.com/veridise/zk-vulnerabilities-sharp-rocks-hidden-in-deep-water-7cad8d4c2dfa)
46 | - [ZKP Academy](https://github.com/Antalpha-Labs/zkp-academy)
47 | - [ZKP Series: Principles and Implementation of Extensibility Attacks on Groth16 Proofs](https://slowmist.medium.com/zkp-series-principles-and-implementation-of-extensibility-attacks-on-groth16-proofs-aedcd703323a)
48 | - [ZKP Series: Pseudonym Input Vulnerability in Circom’s Verification Contract has Been Replicated](https://slowmist.medium.com/zkp-series-pseudonym-input-vulnerability-in-circoms-verification-contract-has-been-replicated-28fe3fb75ba8)
49 | - [ZKP-Resources: zkp-security](https://github.com/D-Squared70/Reading-Room/blob/main/Zero-Knowledge/ZKP-Resources.md#zkp-security)
50 | - [zkSync Era transfer Bug Thread](https://twitter.com/zksync/status/1644139364270878720)
51 | - [zkVM Security: What Could Go Wrong?](https://www.zksecurity.xyz/blog/posts/zkvm-security/)
52 |
53 | [Return](../README.md#blockchain-security-library)
--------------------------------------------------------------------------------