Awesome

Contents

• Tools
• CTFs and Wargames
  • CTFs
  • CTF writeups
  • Wargames
• Audit reports
  • Cairo
  • Cairo 0
• Blogposts and Tutorials
  • Writeups
  • Video tutorials
  • Twitter threads
• General
  • Repositories and Examples
• License

Tools

• Aegis - Cairo Formal verification tool.
• amarna - Static-analyzer and linter for the Cairo programming language.
• Cairo Fuzzer - Cairo Fuzzing tool.
• cairo-profiler - Profiler for Cairo and Starknet.
• cairovm.codes - Compile and debug Sierra code.
• Caracal - Static analyzer tool over Sierra.
• entro - Decoding and indexing Starknet data.
• Semgrep - Static analyzer for Cairo.
• sierra-analyzer - Security toolkit in Rust for analyzing Sierra files.
• Starknet Foundry - Starknet contracts development toolkit.
• StarkRekt - Check and reset their token spending permissions on Starknet.
• StarkRevoke - Token revocation tool for Starknet.
• Thoth - Decompiler and security toolkit.

CTFs and Wargames

CTFs

• Curta puzzle #13: Ping Pong - Starknet messaging challenge.
• Paradigm CTF 2022 - Paradigm CTF with Solidity and Cairo challenges.
• StarknetCC-CTF Lisbon 2022 - Lisbon 2022 Cairo CTF.

CTF writeups

• StarknetCC-CTF - StarknetCC 2022 CTF writeup by pscott.
• StarknetCC-CTF - StarknetCC 2022 CTF writeup by Ledger.

Wargames

• cairo-damn-vulnerable-defi - Cairo and Starknet challenges inspired by Capture the Ether.
• Node Guardians - Online wargame and challenge with quests and standalone challenges.
• Starknet-Security-Challenges - Cairo and Starknet challenges inspired by Capture the Ether.
• Underhanded Cairo - Cairo challenges in cairopractice.com.

Audit reports

Cairo

• Argent Account and Multisig - Argent account and Argent Multisig for Starknet audit by Consensys Diligence.

• AVNU - AVNU audit by Nethermind.

• Braavos - Braavos Account audit by Nethermind.

• Carmine - Carmine audit by Nethermind.

• Nimbora - Nimbora V2 report by Cairo- Security-Clan.

• Opus - Opus Code4rena contest report.

• Pragma - Pragma oracle audit by Nethermind.

• Unruggable.meme - Unruggable meme protocol community audits by Antoine M., Credennce0x, 0xerim.

• ZKX - ZKX audit by Nethermind.

Cairo 0

• Briq - Briq protocol audit by Nethermind.

• ChainSecurity DAI Bridge Audit - MakerDAO's DAI bridge audit by ChainSecurity.

• Empiric Netowrk - Empiric network audit by Zellic.

• SithSwap - SithSwap AMM by Nethermind.

• SHA256 from Cartridge - audit of SHA-256 implementation from Cartridge by Nethermind.

Blogposts and Tutorials

Writeups

• Adventures with Account Abstraction – Risks and Mitigations in __validate__ - Considerations for __validate__ function of Starknet smart accounts.
• Auditing Cairo 1.0 Contracts - Cairo auditing tips and pitfalls.
• Cairo 0.x Security - Cairo 0.x pitfalls and considerations.
• Cairo Contracts and pitfalls overview - Cairo traps and vulnerabilities.
• Cairo: the Starknet way to writing safe code - Comparing Cairo and Solidity for smart contracts.
• Introduction to Cairo 1 smart-contracts security - Introduction to Cairo 1 security, tips and considerations.
• Under the hood of Cairo 1 - Understanding Sierra code.
• Zero-Click Argent-X Wallet Contract Vulnerability, Explained - Vulnerability in implementing Starknet smart account.

Video tutorials

• Cairo Security (Peteris Erins) - Spearbit seminar on Cairo security.
• Code4rena x Starknet Basecamp - Starknet basecamp for first Cairo contest.

Twitter threads

General

Repositories and Examples

• not-so-smart-cairo - Examples of common Cairo smart contract vulnerabilities by Trail of Bits.

License

To the extent possible under law, amanusk has waived all copyright and related or neighboring rights to this work.