/Awesome-Smart-Contract-Security

A curated list of Smart Contract Security materials and resources For Researchers

Awesome-Smart-Contract-Security awesome

Screenshot

Table of Contents

Blogs

Papers

Books

Security Journal list

  • IEEE Transactions on Information Forensics and Security [web]
  • Computer & Security[web]
  • IET Information Security[web]
  • ACM Transactions on Information and System Security[web]
  • International Journal of Information Security[web]
  • Security and Communication Networks[web]
  • IEEE Security & Privacy[web]
  • IEEE Transactions on Dependable and Secure Computing [web]
  • Security and Communication Networks[web]
  • Computer Fraud & Security[web]

Trainings

Tools

Visualization

  • ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
  • Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
  • Solgraph - Generates DOT graphs with function control flow of a solidity contract
  • Surya - Generates various visual outputs of function call graphs
  • sol-function-profiler - Solidity contract function profiler

Verification

  • KEVM - K Semantics of the Ethereum Virtual Machine (EVM)
  • Manticore - Symbolic execution tool for EVM

Linters

  • Remix - Browser-based Solidity IDE with linting features
  • SmarrtCheck - A linter for Solidity and Vyper that checks code for security issues and bad practices.
  • Solhint - Linter for both security and style-guide validations. It strictly adheres to the Solidity Style Guide.
  • Solium - Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide.

BugHunting

  • Web3 Decoder - Web3 Decoder is a Burp Suite Extension that helps to analyze what is going on with the operations involving smart contracts of the web3
  • Echidna - Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts.
  • Manticore - Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws
  • Mythril OSS - Open-source security analysis tool for Ethereum smart contracts built around detector modules
  • Securify v2.0 - Static analysis tool from ChainSecurity
  • Slither - Static analysis framework, written in Python, with detectors for many common Solidity issues
  • Octopus - : Blockchain Smart Contracts (BTC/ETH/NEO/EOS)

Reverse Engineering

  • abi-decompiler - EVM reverse engineering helper utility
  • ethereum-dasm - EVM disassembler with static and dynamic analysis abilities, including function signature lookup
  • Ethersplay - Visual disassembler for EVM bytecode built on Binary Ninja
  • evmlab - Utilities for interacting with the Ethereum virtual machine
  • IDA-EVM - IDA plugin to view EVM instructions
  • Panoramix
  • pyevmasm - EVM assembler and disassembler with a CLI and a Python API
  • Rattle - EVM binary static analysis framework. Produces SSA representations of EVM code.
  • Solidity Bytes32 Converter Online - Convert Solidity bytes32 to utf8 string or integers and vice versa.
  • Online Solidity ABI Encoder - Online Solidity ABI Encoder to encode smart contract arguments, and also perform read and write operations on the blockchain.
  • Ethereum Unit Converter - Online tool to convert the different ethereum denominations (wei, gwei, ether).

Labs

Capture the Flag and Wargames

Talks

Title Conference Year
6th Workshop on Trusted Smart Contracts WTSC 2022 2022
Smart Contract Security: a Practitioners’ Perspective ICSE 2021 2021
Predicting Random Numbers in Ethereum Smart Contracts OWASP AppSec 2018
Blockchain Autopsies - Analyzing Smart Contract Deaths Blackhat USA 2018
Rattle - an EVM binary analysis framework reCON 2018
Blackhat Ethereum CanSecWest 2018
Smashing Ethereum Smart Contracts for Fun and Profit HITB Amsterdam 2018
Automatic Bug Finding for the Blockchain EkoParty 2017

Misc

Podcasts

Cheat Sheets

Checklists

Bug Bounty & Writeups

Bug Bounty Platforms & Project