/awesome-evm-security

🕶 A high-level overview of the EVM security ecosystem

Creative Commons Zero v1.0 UniversalCC0-1.0

Awesome EVM Security Awesome

Awesome EVM Security

EVM stands for "Ethereum Virtual Machine". The EVM powers the Ethereum mainnet, but also Layer 2 protocols, sidechains, and EVM-compatible chains.

This list is an overview of the EVM ecosystem from an information security management perspective.

Contents

Guides

Governance

Architecture

Standards

  • DeFi Safety - Best practices security score reviews.
  • DASP Top 10 of 2018 - Decentralized Application Security Project Top 10 vulnerabilities.
  • IVSCS - Immunefi Vulnerability Severity Classification System.
  • Smart Contract Security Verification Standard - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
  • Secureth guidelines - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.
  • CryptoCurrency Security Standard (CCSS) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.
  • The Solcurity Standard - Opinionated security and code quality standard for Solidity smart contracts.

System Assets

Threats

  • Blockchain Graveyard - A list of all massive security breaches or thefts involving blockchains.
  • List of Bitcoin Heists - Research on prior Bitcoin-related thefts.
  • Blockchain Threat Intelligence - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.
  • Rekt News - Investigative journalism, creative commentary, and incident analysis.
  • DeFiYield's REKT db - Database of Crypto Hacks, Exploit, Scam.
  • CryptoScamDB - Keeping track of cryptocurrency scams in an open-source database.
  • Mudit Gupta's Twitter threads - Early analysis and educational content on Twitter.
  • Flash Boys 2.0 Paper - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.
  • MEV-explore - Help the community understand and quantify the significance of "Dark Forest activities" and their impact on the Ethereum network.
  • Flashloan monitor - Dashboard that helps you monitor flashloan transactions.
  • Known Attacks - A list of known attacks which you should be aware of, from Consensys.
  • Solidity Security - Comprehensive list of known attack vectors and common anti-patterns.

Vulnerabilities

Controls

  • Simple Security Toolkit - Opinionated recommendations that the team at Nascent find to be appropriate, particularly for teams developing and managing early versions of a protocol.
  • Gnosis Safe - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.
  • List of DeFi auditors - List of DeFi auditors maintained by DeFiSafety.
  • State of DeFi Audits - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.
  • Building Secure Contracts - Trail of Bits' guidelines and best practices on how to write secure smart contracts.
  • Solidity Patterns - A compilation of patterns and best practices for the smart contract programming language Solidity.
  • Security Pattern for Ethereum and Solidity - Google Sheets Checklists.
  • Solidity Best Practices for Smart Contract Security - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.
  • CERtified - Top 100 exchanges by Cybersecurity rating.
  • Smart Contract Security Registry - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.
  • Forta - Community-based runtime security network for smart contracts.

Ecosystem

Footnotes

See Also

Other Awesome Lists: