└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | BlockChain-Security-List
  2 | About cryptocurrency security. (reverse, exploit, fuzz..)
  3 | 
  4 | 欢迎加入！此List会跟踪最新情报实时更新。
  5 | 
  6 | ![alt text](https://avatars2.githubusercontent.com/u/25600994?s=400&v=4)
  7 | 
  8 | ## Tools
  9 | 
 10 | [mythril](https://github.com/ConsenSys/mythril) - Security analysis tool for Ethereum smart contracts 
 11 | 
 12 | [manticore](https://github.com/trailofbits/manticore) - Symbolic execution tool
 13 | 
 14 | [Slither](https://trailofbits.wufoo.com/forms/m1qfujq31qyj9ee/) - Slither combines a set of proprietary static analyses on Solidity
 15 | 
 16 | [Porosity](https://github.com/comaeio/porosity) - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts
 17 | 
 18 | [Echidna](https://github.com/trailofbits/echidna) - Ethereum fuzz testing framework 
 19 | 
 20 | [Oyente](https://github.com/melonproject/oyente) - An Analysis Tool for Smart Contracts
 21 | 
 22 | [MAIAN](https://github.com/MAIAN-tool/MAIAN) - Automatic tool for finding trace vulnerabilities in Ethereum smart contracts.
 23 | 
 24 | [Ethersplay](https://github.com/trailofbits/ethersplay) - A graphical EVM disassembler with advanced features. (Binja)
 25 | 
 26 | [IDA-EVM](https://github.com/trailofbits/ida-evm) - IDA Processor Module for the Ethereum Virtual Machine.
 27 | 
 28 | [Evmdis](https://github.com/arachnid/evmdis) - EVM disassembler.
 29 | 
 30 | [Securify](https://securify.ch/) - Formal Verification of Ethereum Smart Contracts.
 31 | 
 32 | [Rattle](https://trailofbits.wufoo.com/forms/m1qfujq31qyj9ee/) - Rattle is an EVM static analyzer that analyzes the EVM bytecode directly for vulnerabilities.
 33 | 
 34 | [Diligence](https://consensys.net/diligence/) - Security Services, Tools and Best Practices for the Ethereum Ecosystem.
 35 | 
 36 | [fuildai](https://fluidai.co/) - Fluid is an AI that can automatically find and fix fatal security vulnerabilities in Smart Contracts.
 37 | 
 38 | ## bp nodes security checklist[超级节点安全执行指南]
 39 | [EOS bp nodes security checklist（EOS超级节点安全执行指南）](https://github.com/slowmist/eos-bp-nodes-security-checklist)
 40 | 
 41 | [VeChain core nodes security checklist（唯链核心节点安全执行指南）](https://github.com/slowmist/vechain-core-nodes-security-checklist)
 42 | 
 43 | [Ontology Triones Service Node security checklist（本体北斗共识集群安全执行指南）](https://github.com/slowmist/Ontology-Triones-Service-Node-security-checklist)
 44 | 
 45 | ## Blogs
 46 | [区块链安全专题智库](https://bcsec.org/)
 47 | 
 48 | [PeckShield Inc. - Blog](https://www.peckshield.com/blog.html)
 49 | 
 50 | [Security Archives - Ethereum Blog](https://blog.ethereum.org/category/security/)
 51 | 
 52 | [Blockchain-sec](https://blockchain-sec.com/)
 53 | 
 54 | [猎豹移动区块链中心](https://www.cmcmbc.com/zh-cn/blog/)
 55 | 
 56 | [隐形人真忙-区块链安全](https://blog.csdn.net/u011721501/article/category/7483965)
 57 | 
 58 | [Trailofbits-blockchain](https://blog.trailofbits.com/category/blockchain/)
 59 | 
 60 | [blackhat pdf for cansecwest 2018](https://cansecwest.com/slides/2018/Blackhat%20Ethereum%20-%20Ryan%20Stortz%20and%20Jay%20Little,%20Trail%20of%20Bits,%20Inc.pdf) - Blackhat Ethereum.
 61 | 
 62 | [solidified](https://medium.com/solidified/parity-hack-how-it-happened-and-its-aftermath-9bffb2105c0) - Parity hack.
 63 | 
 64 | [arvanaghi 1](https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/) - Reversing ethereum smart contracts.
 65 | 
 66 | [arvanaghi 2](https://arvanaghi.com/blog/reversing-ethereum-smart-contracts-pt2/) - Reversing ethereum smart contracts 2.
 67 | 
 68 | [ret2](https://blog.ret2.io/2018/05/16/practical-eth-decompilation/) - Practical ETH decompilation.
 69 | 
 70 | [loom-network](https://medium.com/loom-network/how-to-secure-your-smart-contracts-6-solidity-vulnerabilities-and-how-to-avoid-them-part-1-c33048d4d17d) - 6 vulnerabilities and how to avoid them part 1.
 71 | 
 72 | [ETH assembly](https://medium.com/@xJonathan/reverse-engineering-ethereum-smart-contract-lets-talk-assembly-10c38b8e3c2) - Lets talk assembly.
 73 | 
 74 | [radare2](https://blog.positive.com/reversing-evm-bytecode-with-radare2-ab77247e5e53) - Reversing EVM bytecode with radare2.
 75 | 
 76 | [Etherum security tools](https://blog.trailofbits.com/2018/03/23/use-our-suite-of-ethereum-security-tools/) - Trailofbits Ethereum security tools.
 77 | 
 78 | [Hackernoon](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df) - Analyzing Ethereum smart contracts for vulnerabilities.
 79 | 
 80 | [nccgroup](https://www.nccgroup.trust/us/our-research/discovering-smart-contract-vulnerabilities-with-goatcasino/?style=Cyber+Security) - Discovering Smart Contract Vulnerabilities with GOATCasino.
 81 | 
 82 | [Arseny Reutov](https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620) - Predicting Random Numbers in Ethereum Smart Contracts.
 83 | 
 84 | [funfair](https://funfair.io/randomness-is-a-big-deal/) - Randomness is a big deal.
 85 | 
 86 | ## Training
 87 | 
 88 | [Ethernaut](https://ethernaut.zeppelin.solutions/level/0x6545df87f57d21cb096a0bfcc53a70464d062512) - The ethernaut is a Web3/Solidity based wargame.
 89 | 
 90 | [GOATCasino](https://github.com/nccgroup/GOATCasino) - GOATCasino is a Truffle project which deploys a set of intentionally vulnerable smart contracts.
 91 | 
 92 | ## Events
 93 | 
 94 | [Blockchain-Graveyard](https://magoo.github.io/Blockchain-Graveyard/)
 95 | 
 96 | [Coindesk](https://www.coindesk.com/?s=) //search keyword,like 'hack'、'attack'...
 97 | 
 98 | [36kr-tag-anquan](https://36kr.com/tags/anquan)
 99 | 
100 | [cnn-bitcoin-crime](https://www.ccn.com/bitcoin-crime/)
101 | 
102 | [scmagazineuk-cryptocurrency](https://www.scmagazineuk.com/cryptocurrency/topic/48080/)
103 | 
104 | ## Vulnerabilities
105 | 
106 | [DASP](http://www.dasp.co/)
107 | 
108 | [Smart Contract Best Practices](https://github.com/ConsenSys/smart-contract-best-practices)
109 | 
110 | [BitcoinWiki-Weaknesses](https://en.bitcoin.it/wiki/Weaknesses)
111 | 
112 | [BitcoinWiki-CVEs](https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures)
113 | 
114 | [Go-ethereum issue vuln](https://github.com/ethereum/go-ethereum/issues?utf8=%E2%9C%93&q=label%3Avuln)
115 | 
116 | [Examples of Solidity security issues ](https://github.com/trailofbits/not-so-smart-contracts)
117 | 
118 | [Scanning-ethereum-smart-contracts-for-vulnerabilities](https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df)
119 | 
120 | [Smart Contract Security](https://blog.ethereum.org/2016/06/10/smart-contract-security/)
121 | 
122 | [Solidity Security Considerations](http://solidity.readthedocs.io/en/latest/security-considerations.html)
123 | 
124 | [以太坊生态缺陷导致的一起亿级代币盗窃大案(2018-03-20)](https://mp.weixin.qq.com/s/Kk2lsoQ1679Gda56Ec-zJg)
125 | 
126 | [EOSIO P2P Sybil Attack(2018-05-29)](https://github.com/slowmist/papers/blob/master/EOSIO-P2P-Sybil-Attack/en.pdf)
127 | 
128 | [EOSIO P2P 拒绝服务漏洞 (2018-05-29)](https://github.com/slowmist/papers/blob/master/EOSIO-P2P-Sybil-Attack/zh.md)
129 | 
130 | [EPoD: Ethereum Packet of Death (CVE-2018-12018)](https://www.peckshield.com/2018/06/27/EPoD/)
131 | 
132 | [New evilReflex Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-12702,CVE-2018-12703)](https://www.peckshield.com/2018/06/23/evilReflex/)
133 | 
134 | ## MISC
135 | 
136 | [dasp](http://dasp.co/) - Decentralized Application Security Project (or DASP) Top 10 of 2018.
137 | 
138 | [Not so smart conracts](https://github.com/trailofbits/not-so-smart-contracts) - Examples of Solidity security issues.
139 | 
140 | [EVM opcodes](https://github.com/trailofbits/evm-opcodes) - Ethereum opcodes and instruction reference.
141 | 
142 | ## Threats
143 | 
144 | [Go-ethereum issue bug](https://github.com/ethereum/go-ethereum/issues?q=is%3Aopen+is%3Aissue+label%3Abug)
145 | 
146 | [Solidity issue bug](https://github.com/ethereum/solidity/issues?utf8=%E2%9C%93&q=label%3Abug+)
147 | 
148 | [Reddit ethereum](https://www.reddit.com/r/ethereum/)
149 | 
150 | [Bitcointalk](https://bitcointalk.org/index.php?board=6.0)
151 | 
152 | [Stackexchange ethereum security](https://ethereum.stackexchange.com/questions/tagged/security)
153 | 
154 | [Stackexchange bitcoin security](https://bitcoin.stackexchange.com/questions/tagged/security)
155 | 
156 | ## Paper
157 | 
158 | [DASP Top10 中文版](https://github.com/slowmist/Knowledge-Base/blob/master/DASP-top10-chinese.pdf)
159 | 
160 | [Solidity 安全：已知攻击方法和常见防御模式综合列表](https://github.com/slowmist/Knowledge-Base/blob/master/solidity-security-comprehensive-list-of-known-attack-vectors-and-common-anti-patterns-chinese.md)
161 | 
162 | [区块链安全分析报告](https://bcsec.org/blockchainsecurity_v1.pdf)
163 | 
164 | [区块链安全生存指南](https://chaitin.cn/cn/download/blockchain_security_guide_20180507.pdf)
165 | 
166 | [Hacking Blockchain](https://www.rsaconference.com/writable/presentations/file_upload/fon4-t11_hacking_blockchain.pdf)
167 | 
168 | [BGP hijacking](https://en.wikipedia.org/wiki/BGP_hijacking)
169 | 
170 | [Safe-wallet-white-paper](https://www.cmcmbc.com/zh-cn/blog/research/2018-04-18/79.html)
171 | 
172 | [Blockchains-how-to-steal-millions-in-264-operations](https://research.kudelskisecurity.com/2018/01/16/blockchains-how-to-steal-millions-in-264-operations/)
173 | 
174 | [Quantum attacks on Bitcoin, and how to protect against them](https://arxiv.org/pdf/1710.10377.pdf)
175 | 
176 | [Eclipse Attacks on Bitcoin’s Peer-to-Peer Network](http://cs-people.bu.edu/heilman/eclipse/)
177 | 
178 | [Smarter](https://eprint.iacr.org/2016/633.pdf) - Making Smart Contracts Smarter.
179 | 
180 | [Yellow Paper](https://ethereum.github.io/yellowpaper/paper.pdf) - Ethereum: a secure decentralised generalised transaction ledger. 
181 | 
182 | [以太坊 Solidity 合约 call 函数簇滥用导致的安全风险](https://paper.seebug.org/category/blockchain/)
183 | 
184 | [以太坊智能合约 Owner 相关 CVE 漏洞分析](https://paper.seebug.org/627/)
185 | 
186 | [从以太坊"MorphToken事件"看智能合约构造函数大小写编码错误漏洞](https://paper.seebug.org/630/)
187 | 
188 | [以太坊蜜罐智能合约分析](https://paper.seebug.org/631/)
189 | 
190 | [以太坊 Solidity 合约 call 函数簇滥用导致的安全风险](https://paper.seebug.org/633/)
191 | 
192 | ## Reports
193 | 
194 | [New allowAnyone Bug Identified in Multiple ERC20 Smart Contracts](https://peckshield.com/2018/05/29/eosOOB/)
195 | 
196 | [Analyzing and Reproducing the EOS Out-of-Bound Write Vulnerability in nodeos](https://peckshield.com/2018/05/29/eosOOB/)
197 | 
198 | [Audit report of iohk’s etc wallet](https://research.kudelskisecurity.com/2018/01/26/audit-report-of-iohks-etc-wallet/)
199 | 
200 | [Audit report of the waves platform](https://research.kudelskisecurity.com/2017/10/10/audit-report-of-the-waves-platform/)
201 | 
202 | ## Awesomes
203 | 
204 | [solidity-audit-checklist](https://github.com/miguelmota/solidity-audit-checklist)
205 | 
206 | [EOS bp nodes security checklist](https://github.com/slowmist/eos-bp-nodes-security-checklist)
207 | 
208 | [pentesting-ethereum-dapps](https://arvanaghi.com/blog/pentesting-ethereum-dapps/)
209 | 
210 | [awesome](https://github.com/sindresorhus/awesome)
211 | 
212 | [blockchain-security-awesome](https://github.com/0xMrcat/blockchain-security-awesome)
213 | 
214 | [awesome ethereum](https://github.com/btomashvili/awesome-ethereum)
215 | 
216 | [awesome ethereum virtual  machine](https://github.com/pirapira/awesome-ethereum-virtual-machine)
217 | 
218 | ## Jobs
219 | [Slowmist](https://www.slowmist.com/)
220 | 
221 | [Ethercasts](https://jobs.ethercasts.com/)
222 | 
223 | [Solidified](https://solidified.io/)
224 | 
225 | [codementor](https://www.codementor.io/solidity-developers)
226 | 
227 | [iosiro](https://www.iosiro.com/)
228 | 
229 | ## The author
230 | I'M ，爱上平顶山
231 | Thanks to all blockchain security researchers
232 | 
233 | thanks:
234 | 李嵩@blackhat pdf for cansecwest 2018
235 | 


--------------------------------------------------------------------------------