Home

Awesome

BlockChain-Security-List About cryptocurrency security. (reverse, exploit, fuzz..)

欢迎加入!此List会跟踪最新情报实时更新。

alt text

Tools

mythril - Security analysis tool for Ethereum smart contracts

manticore - Symbolic execution tool

Slither - Slither combines a set of proprietary static analyses on Solidity

Porosity - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts

Echidna - Ethereum fuzz testing framework

Oyente - An Analysis Tool for Smart Contracts

MAIAN - Automatic tool for finding trace vulnerabilities in Ethereum smart contracts.

Ethersplay - A graphical EVM disassembler with advanced features. (Binja)

IDA-EVM - IDA Processor Module for the Ethereum Virtual Machine.

Evmdis - EVM disassembler.

Securify - Formal Verification of Ethereum Smart Contracts.

Rattle - Rattle is an EVM static analyzer that analyzes the EVM bytecode directly for vulnerabilities.

Diligence - Security Services, Tools and Best Practices for the Ethereum Ecosystem.

fuildai - Fluid is an AI that can automatically find and fix fatal security vulnerabilities in Smart Contracts.

bp nodes security checklist[超级节点安全执行指南]

EOS bp nodes security checklist(EOS超级节点安全执行指南)

VeChain core nodes security checklist(唯链核心节点安全执行指南)

Ontology Triones Service Node security checklist(本体北斗共识集群安全执行指南)

Blogs

区块链安全专题智库

PeckShield Inc. - Blog

Security Archives - Ethereum Blog

Blockchain-sec

猎豹移动区块链中心

隐形人真忙-区块链安全

Trailofbits-blockchain

blackhat pdf for cansecwest 2018 - Blackhat Ethereum.

solidified - Parity hack.

arvanaghi 1 - Reversing ethereum smart contracts.

arvanaghi 2 - Reversing ethereum smart contracts 2.

ret2 - Practical ETH decompilation.

loom-network - 6 vulnerabilities and how to avoid them part 1.

ETH assembly - Lets talk assembly.

radare2 - Reversing EVM bytecode with radare2.

Etherum security tools - Trailofbits Ethereum security tools.

Hackernoon - Analyzing Ethereum smart contracts for vulnerabilities.

nccgroup - Discovering Smart Contract Vulnerabilities with GOATCasino.

Arseny Reutov - Predicting Random Numbers in Ethereum Smart Contracts.

funfair - Randomness is a big deal.

Training

Ethernaut - The ethernaut is a Web3/Solidity based wargame.

GOATCasino - GOATCasino is a Truffle project which deploys a set of intentionally vulnerable smart contracts.

Events

Blockchain-Graveyard

Coindesk //search keyword,like 'hack'、'attack'...

36kr-tag-anquan

cnn-bitcoin-crime

scmagazineuk-cryptocurrency

Vulnerabilities

DASP

Smart Contract Best Practices

BitcoinWiki-Weaknesses

BitcoinWiki-CVEs

Go-ethereum issue vuln

Examples of Solidity security issues

Scanning-ethereum-smart-contracts-for-vulnerabilities

Smart Contract Security

Solidity Security Considerations

以太坊生态缺陷导致的一起亿级代币盗窃大案(2018-03-20)

EOSIO P2P Sybil Attack(2018-05-29)

EOSIO P2P 拒绝服务漏洞 (2018-05-29)

EPoD: Ethereum Packet of Death (CVE-2018-12018)

New evilReflex Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-12702,CVE-2018-12703)

MISC

dasp - Decentralized Application Security Project (or DASP) Top 10 of 2018.

Not so smart conracts - Examples of Solidity security issues.

EVM opcodes - Ethereum opcodes and instruction reference.

Threats

Go-ethereum issue bug

Solidity issue bug

Reddit ethereum

Bitcointalk

Stackexchange ethereum security

Stackexchange bitcoin security

Paper

DASP Top10 中文版

Solidity 安全:已知攻击方法和常见防御模式综合列表

区块链安全分析报告

区块链安全生存指南

Hacking Blockchain

BGP hijacking

Safe-wallet-white-paper

Blockchains-how-to-steal-millions-in-264-operations

Quantum attacks on Bitcoin, and how to protect against them

Eclipse Attacks on Bitcoin’s Peer-to-Peer Network

Smarter - Making Smart Contracts Smarter.

Yellow Paper - Ethereum: a secure decentralised generalised transaction ledger.

以太坊 Solidity 合约 call 函数簇滥用导致的安全风险

以太坊智能合约 Owner 相关 CVE 漏洞分析

从以太坊"MorphToken事件"看智能合约构造函数大小写编码错误漏洞

以太坊蜜罐智能合约分析

以太坊 Solidity 合约 call 函数簇滥用导致的安全风险

Reports

New allowAnyone Bug Identified in Multiple ERC20 Smart Contracts

Analyzing and Reproducing the EOS Out-of-Bound Write Vulnerability in nodeos

Audit report of iohk’s etc wallet

Audit report of the waves platform

Awesomes

solidity-audit-checklist

EOS bp nodes security checklist

pentesting-ethereum-dapps

awesome

blockchain-security-awesome

awesome ethereum

awesome ethereum virtual machine

Jobs

Slowmist

Ethercasts

Solidified

codementor

iosiro

The author

I'M ,爱上平顶山 Thanks to all blockchain security researchers

thanks: 李嵩@blackhat pdf for cansecwest 2018