ZuoYuanP/Awesome-Blockchain-Security

A collection of awesome resources, tools, and other shiny things for blockchain security researcher.

Awesome Blockchain Security

A collection of awesome resources, tools, and other shiny things for blockchain security researcher.

• Author: xxxeyJ
• Blog: tricksongs.com
• Email: xxx3yJ@protonmail.ch
• 知识星球: 区块危机 (BLOCKCRISIS)
• publications: github.com/xxxeyJ/publications

Blockchain Cornerstone

• Bitcoin White Paper - https://bitcoin.org/bitcoin.pdf

• Ethereum Wiki - https://github.com/ethereum/wiki/wiki

• EIPs - https://eips.ethereum.org/

Solidity Basic Learning

• Docs - English - Official documentation.

• Docs - Chinese - Official documentation chinese.

• Cheatsheet - Cheatsheet from the official docs.

• Solidity development - Comprehensively master Solidity smart contract development.

• Ethernaut - Ethernaut is a Web3/Solidity based wargame.

• CryptoZombies - CryptoZombies is a gaming platform for learning blockchain.

• ethereum/solidity - Source code.

• ethereum/solc-bin - Current and historical builds of the compiler.

Blockchain Security Papers

• 先知区块链安全板块

• Seebug Paper Blockchain Security

• Freebuf区块链安全专区

• 安全客区块链安全专区

Blockchain Security Blogs

Personal

• xxxeyJ's Blog - Security Researcher

• samczsun's Blog - Paradigm Security Researcher

• Rivaill's Blog - Security Researcher

• Arvanaghi's Blog - Security Researcher

• Christoph Michel's Blog - Security Researcher

• Adrian's Blog - Security Researcher

Organization

• Paradigm's Blog - Paradigm is an investment firm focused on supporting the great crypto companies

• Ethereum - Ethereum's Blog

• SECBIT Labs - SECBIT's Blog

• OpenZeppelin - OpenZeppelin's Blog

• PeckShield - PeckShield's Blog

• Consensys - Consensys's Blog

• Quantstamp - Quantstamp's Blog

• Certik - Certik's Blog

• Iosiro - Iosiro's Blog

• BlockHunters - BlockHunters's Blog

• Coinfabrik - Coinfabrik's Blog

• Immunefi - Immunefi's Blog

Smart Contract Audit Reports

• OpenZeppelin Audit Reports
• ConsenSys Diligence Audit Reports
• PeckShield Audit Reports
• SlowMist Audit Reports
• Trail of Bits Audit Reports
• Tech Audit USA Audit Reports
• Halborn Audit Reports
• InterfiNetwork Audit Reports
• Solidified Audit Reports
• ChainSecurity Audit Reports
• ImmuneBytes Audit Reports
• TechRate Audit Reports
• MixBytes Audit Reports
• Quillhash Audit Reports
• Chainsulting Audit Reports

Blockchain security project party audit report

• AutofarmNetwork Audit Report

• NUTMoneyDeFi Audit Report

• Quras Audit Report

Tools

• Porosity - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts.

• Mythril - Security analysis tool for Ethereum smart contracts.

• MAIAN - Automatic tool for finding trace vulnerabilities in Ethereum smart contracts.

• Echidna - Ethereum fuzz testing framework.

• Ethersplay - A graphical EVM disassembler with advanced features. (Binja)

• Oyente - An automatic EVM code analyzer based on symbolic execution and Z3 SMT solver.

• IDA-EVM - IDA Processor Module for the Ethereum Virtual Machine.

• Evmdis - EVM disassembler.

• Securify - Formal Verification of Ethereum Smart Contracts.

• SmartCheck - Static smart contract security analyzer

• Solgraph - Visualise Solidity control flow for smart contract security analysis

• Manticore - Symbolic execution tool on Smart Contracts and Binaries

• Rattle - Rattle is an EVM static analyzer that analyzes the EVM bytecode directly for vulnerabilities.

• Slither - Static analysis on Solidity.

• Diligence - Security Services, Tools and Best Practices for the Ethereum Ecosystem.

• Fuildai - Fluid is an AI that can automatically find and fix fatal security vulnerabilities in Smart Contracts.

• VSCode - Solidity Visual Auditor Extension for VS Code.

Blockchain Books

• Mastering Bitcoin: Programming The Open Blockchain

• Mastering Ethereum: Building Smart Contracts and DApps

• 精通以太坊智能合约开发

• 智能合约安全分析和审计指南

Blockchain Bug Bounty Platform

• Immunefi - Immunefi is the premier bug bounty platform.

• HackenProof - Crowdsourced cybersecurity testing platform.

• Ethereum - Ethereum official bug bounty platform.

• DVPNET - Decentralized Vulnerability Platform.

• SlowMist - SlowMist bug bounty platform.

• Bounty0x - Bounty0x is a cryptocurrency bounty hunting platform.

• BugBounter - BugBounter bug bounty platform.

Blockchain Community

• BitcoinTalk

• 登链社区

• 无退社区

• Ethereum Community

• Ethereum Stackexchange

• Solidity Official Community

• OpenZeppelin Official Community

• Smart Contract Research Forum

• Ethereum Magicians

Blockchain CTFs

• Damn Vulnerable DeFi

• Security Innovation CTF

• Capture the Ether

• GOATCasino

• Paradigm CTF

Blockchain Security Enterprise

Well-known Security Agency

• 安节科技 - BlockSecTeam

• 链安 - ChainSecurity

• 吞吴 - CertiK

• 派盾科技 - PeckShield

• 慢雾科技 - SlowMist

• ABDK

• OpenZeppelin

• ConsenSys Diligence

• Certora

• Trail of Bits

• Halborn

• Quantstamp

Ordinary Security Agency

• 安比实验室 - SECBIT

• 成都链安 - Beosin

• 北京链安 - ChainsGuard

• 知道创宇 - KnownSec

• 长亭科技 - Chaitin

• 降维安全 - Johnwick

• 零踪安全 - Fairyproof

• 零时科技 - Noneage

• AnChain

• ArcadiaGroup

• BlockHunters

• BlockSoftLab

• Blockchain Consilium

• Blockchain Labs NZ

• Bloqchain Audit

• BlockStream

• Bramah Systems

• Callisto Network

• Chainsulting

• CoinMercenary

• Coinbae

• Coinfabrik

• Coinspect

• Code423n4

• CryptoManiaks

• CrypticLabs

• CTDSec

• CyberUnit

• dApp.org

• Dedaub

• Decenter

• DeFi SafeTy

• Dessert Finance

• Enebula

• EtherAuthority

• Hacken

• HAECHI

• HashEx

• ImmuneBytes

• Inspex

• Iosiro

• Kaspersky

• Least Authority

• MixBytes

• New Alchemy

• Paladin

• PepperSec

• Pessimistic

• QuillAudits

• RDAuditors

• Runtime Vеrification

• Sentnl

• ShellBoxes

• SOOHO

• Smartdec

• Solidified

• Solidity Finance

• Somish

• SolidProof

• SigmaPrime

• Tech Audit USA

• TechRate

• Theori

• Validity Labs

• Verichains Lab

• ZK Labs

• Zokyo

References

Knowledge Base 慢雾安全团队知识库

Etherscan Smart Contracts Audits

OffcierCia - DeFi Developer Road Map