blockchain-smart-contracts-ethereum.md

Tools

Uncategorized

• dapphub/dapptools - Dapp, Seth, Hevm, and more

3rdparty lists

• SlowMist Hacked - SlowMist Zone
• saeidshirazi/Awesome-Smart-Contract-Security - A curated list of Smart Contract Security materials and resources For Researchers
• slowmist/Blockchain-dark-forest-selfguard-handbook - 区块链黑暗森林自救手册
• knownsec/Ethereum-Smart-Contracts-Security-CheckList - 以太坊合约审计checkList - 2019停更，都是老问题，很多高版本solc已经避免了
• slowmist/Knowledge-Base - 慢雾安全团队知识库
• freebuf: 数字货币钱包安全白皮书 - 360团队在2018阿年编写，主要是SPV系统环境和一些传统问题，没啥用
• x676f64/secureum-mind_map - This content is for the Secureum Epoch0 Bootcamp for Smart Contract auditng. The plan is to grow this over time. Pull requests accepted
• https://devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html
• Blockchain Threat Intelligence - 每周更新
• 1522402210/BlockChain-Security-List - BlockChain-Security-List About cryptocurrency security. (reverse, exploit, fuzz..)
• gokulsan/awesome-blockchain-security-platforms
• https://consensys.net/diligence/audits/
• https://github.com/trailofbits/publications/tree/master/reviews

Vulnerable environments

• SunWeb3Sec/DeFiVulnLabs - To learn common smart contract vulnerabilities using Foundry
• Rivaill/CryptoVulhub - Analyze and reproduce attack events or vulnerabilities in the blockchain world - 非常多的POC环境，全都是真实漏洞
• https://github.com/Poor4ever/Some-defivuln-exp

Code audit / known bugs

• fravoll/solidity-patterns - A compilation of patterns and best practices for the smart contract programming language Solidity
• SWC Registry - Smart Contract Weakness Classification and Test Cases
• Known Attacks - Ethereum Smart Contract Best Practices
• solc - List of known bugs
• History of Ethereum Security Vulnerabilities, Hacks, and Their Fixes

Emulator

• ethereum/py-evm - A Python implementation of the Ethereum Virtual Machine

Decompiler

• palkeo/panoramix - Ethereum decompiler - etherscan在用
• trailofbits/pyevmasm - Ethereum Virtual Machine (EVM) disassembler and assembler

Static analysis

• crytic/slither - Static Analyzer for Solidity - 2.8K star
• ConsenSys/mythril - Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron and other EVM-compatible blockchains
• trailofbits/rattle - an EVM binary static analysis framework designed to work on deployed smart contracts
• quoscient/octopus - Security Analysis tool for WebAssembly module and Blockchain Smart Contracts (BTC/ETH/NEO/EOS)

Libraries

• OpenZeppelin/openzeppelin-contracts - OpenZeppelin Contracts is a library for secure smart contract development

Resources

API provider

• https://www.alchemy.com/
• https://infura.io/

Open Markets

• https://opensea.io/
• https://rarible.com/

IDE / Debug tools

• https://remix.ethereum.org/
• https://ethtx.info/
• https://dashboard.tenderly.co/explorer
• https://www.oklink.com/en
• https://www.walletexplorer.com/

Challenges

• https://ethernaut.openzeppelin.com/
• https://capturetheether.com/
• https://www.damnvulnerabledefi.xyz/
• https://ctf.paradigm.xyz/

Money laundering / Tracking

• https://misttrack.io/
• https://detrust.bitrace.cn/

Crypto Mixer

• https://coinjoin.io/
• https://criptomixer.io/
• https://tornado.cash/
  • 链上追踪：洗币手法科普之 Tornado.Cash
• https://fixedfloat.com/

Resources

• 《全球 Web3 生态创新观察报告》2022
• 慢雾科技
  • 2022 上半年区块链安全及反洗钱分析报告
  • 2023 区块链安全及反洗钱年度报告