A list of the available tools, projects, and protocols for analyzing and managing risk within DeFI.
Note that this list is focused on technical, centralization, and liquidity risk of DeFi protocols, NOT price risk of tokens.
We hope that better sharing of tools, standards, and development patterns will support the safe growth of the DeFi ecosystem overall and that DeFi protocols, whitehate hackers, developers, auditors, and users can unite around the common goal of making DeFi safer for current and future adopters.
Feel free to submit a pull request, with anything from small fixes to translations to tools you'd like to add (or remove!). If adding a new tool, please add a brief description that you think new developers would understand.
- Projects that do not have a working product should only be added to the Coming Soon section.
- Projects that are deprecated or no longer maintained will be removed.
- Projects that are paid/restricted services without open source code or developer reviews will be further vetted.
Building on the work of awesome projects like DeFi Score, DeFi Safety, and others, we believe that the systematic failure of large financial protocols is the biggest risk to a thriving DeFi community over the next few years.
Protocols and smart contracts that contain large amounts of value face the following risks:
- Smart Contract Risk - Technical bugs that can expose funds to hackers
- Centralization Risk - Centralized admin keys are stolen or used nefariously, or oracles are manipulated to allow an exploit
- Financial Risk - Collateral falls below outstanding obligations, likely due to price movement, or low liquidity leads to locked funds
We hope that the resources below can help educate and evangelize the common methods of failure, so they can eliminated or mitigated as more groundbreaking financial services are built in this space.
- DeFi Score - A 1-10 grade on the smart contract, centralization, and financial risk of lending protocols
- Economic Safety Grade from DeFi Pulse & Gauntlet - A 1-100 grade to quantify and compare the economic risks of using on-chain protocols
- DeFi Safety - A 1-100 rating of smart contract quality and safety for DeFi apps
- Prime Rating - Letter rating (A+ to D) that represents the overall quality of a protocol based on publicly available data.
- Certik Security Scores - A 1-100 score of protocols across on-chain monitoring, social sentiment, governance changes, and market volatility
- CER Security Score - A 1-10 score on protocols based on audits, bug bounties, and liquidity
- CoinGecko Trsut Score - A 1-10 score on centralized exchanges as well as a Green/Yellow/Red rating of the liquidity of certain trading pairs
- Rekt News - Anonymous platform for whistleblowers and DeFi detectives to present their information to the community
- Blockchain Threat Intelligence - Newsletter covering the latest security news, tools, events, vulnerabilities, and threats in the cryptocurrency landscape
- Blockchain Graveyard - A list of all massive security breaches or thefts involving blockchains.
- Nexus Mutual
- ArmorFi
- Certik Foundation
- Cover Protocol
- Unslashed Finance
- Nayms
- Risk Harbor
- 3F Mutual / Hakka Finance
- Bridge Mutual
- Atomica
- UNION
- NSure
- Opium Network
- CryptoFin Solidity Auditing Checklist - A checklist of common findings, and issues to watch out for when auditing a contract for a mainnet launch.
- MythX - Security verification platform and tools ecosystem for Ethereum developers
- Mythril - Open-source EVM bytecode security analysis tool
- Oyente - Alternative static smart contract security analysis
- Securify - Security scanner for Ethereum smart contracts
- SmartCheck - Static smart contract security analyzer
- Ethersplay - EVM disassembler
- Evmdis - Alternative EVM disassembler
- Hydra - Framework for cryptoeconomic contract security, decentralised security bounties
- Solgraph - Visualise Solidity control flow for smart contract security analysis
- Manticore - Symbolic execution tool on Smart Contracts and Binaries
- Slither - A Solidity static analysis framework
- Adelaide - The SECBIT static analysis extension to Solidity compiler
- solc-verify - A modular verifier for Solidity smart contracts
- Solidity security blog - Comprehensive list of known attack vectors and common anti-patterns
- Awesome Buggy ERC20 Tokens - A Collection of Vulnerabilities in ERC20 Smart Contracts With Tokens Affected
- Free Smart Contract Security Audit - Free smart contract security audits from Callisto Network
- Piet - A visual Solidity architecture analyzer
- Gemini's Cryptopedia - Accessible encyclopedia on crypto security topics
- Paradigm's CFT - Challenges to learn common smart contract failures
- Damn Vulnerable DeFi - Challenges to understand common DeFi vulnerabilities
- ImmuneFi - Bug bounties on smart contract vulnerabilities
- Crowdsourced Content Updates on DeFi Risk from the community
- Crowdscource updates and scoring of the Risk methodologies
- Glossary/Defi risk knowledge base - Hacks vs exploits vs rugs vs scams, with detailed definitions and strategies to prevent these, but aso positive DeFi/DAO best practices for new and current projects to build on. Definition of DeFi risk factors used in the model
- Hack Event Registry - An accessible resource for learning about past DeFi vulnerabilities/exploits and helping prevent them in the future
- Bug Bounties - Aggregate bug bounties across protocols and provide funding for new bounties
- Form a DeFi risk-focused DAO
Creation of this list was spurred by the good folks at ArmorFi and ConsenSys Codefi.
If you'd like to collaborate or participate in a DeFi Safety DAO, DM us at Corbin Page or ArmorFi.