Awesome

Web3 Security Library

This is a collaborative repository that aims to contain all the information you need to start or expand your knowledge in web3 security.

Annexure

Starting Guides:

• Hacking the Blockchain: Ethereum
• Your First Day as a Bug Bounty Hunter on Immunefi

Blockchain Concepts

• Web3
• EVM
• Non EVM chains
• Types of Blockchain Consensus:
• Wallets
• Resources:

Bugfix Reviews

• 2023
• 2022
• 2021

Hack Analyses

• 2023
• 2022

Smart Contracts

• Ethereum Virtual Machine
  • Solidity
  • Vyper
  • Huff

Tools

• Frameworks/ Programming Tools
  • Hardhat (JS) EVM
  • Truffle (JS) EVM
  • Brownie (Python) EVM
  • Foundry (Solidity) EVM
  • Substrate Polkadot
• Blockchain Analysis
• Activity Monitoring
• Threat Intelligence & On-chain Data:
• Vulnerability Scanners & Others:
• Other Tools
• Resources:

Vulnerabilities

• Logic
  • Bad Arithmetics
  • Integer underflow/overflow
  • Checks
• Reentrancy
• Uninitialized
  • Contracts
  • Proxies
• Code injection via delegatecall
• Access Control
  • Unprotected functions
  • Signature Verification
  • Default Visibility
  • Authentication with tx.origin
• Wrong implementation of standards
• Flashloans
• Oracle manipulation
• Unchecked call return value
• Transaction reorganization (MEV)
• Bad Randomness
• Use of components with known vulnerabilities

Check This Out:

• CTFs to Enhance your Solidity Skills
• How to...
• Interviews
• Research Papers
• People to Follow
• Resources from YouTube
• PoC like a pro

How to add Resources?

Please follow the structure of the file you are editing. Whenever possible add a description of the resource you want to share. Send a pull request adding in the comment your Twitter and Discord users to thank you for the contribution and receive XP in the Discord leveling system.

Plagiarism: Word-for-word copying of portions of another's writing won't be allowed.