Home

Awesome

Awesome cryptocurrency security

😎 Curated list about cryptocurrency security. (reverse, exploit, fuzz..)

alt text

Image from this Practical ETH decompilation blog .

Tools

Porosity - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts.

Mythril - Security analysis tool for Ethereum smart contracts.

MAIAN - Automatic tool for finding trace vulnerabilities in Ethereum smart contracts.

Echidna - Ethereum fuzz testing framework.

Manticore - Manticore uses symbolic execution to simulate complex multi-contract and multi-transaction attacks against EVM bytecode.

Ethersplay - A graphical EVM disassembler with advanced features. (Binja)

Oyente - An automatic EVM code analyzer based on symbolic execution and Z3 SMT solver.

IDA-EVM - IDA Processor Module for the Ethereum Virtual Machine.

Evmdis - EVM disassembler.

Securify - Formal Verification of Ethereum Smart Contracts.

Rattle - Rattle is an EVM static analyzer that analyzes the EVM bytecode directly for vulnerabilities.

Slither - Static analysis on Solidity.

Diligence - Security Services, Tools and Best Practices for the Ethereum Ecosystem.

fuildai - Fluid is an AI that can automatically find and fix fatal security vulnerabilities in Smart Contracts.

vs code - Solidity Visual Auditor Extension for VS Code

Blogs

muellerberndt - Practical Smart Contract Security Analysis and Exploitation— Part 1

blackhat - Blackhat Ethereum.

solidified - Parity hack.

arvanaghi 1 - Reversing ethereum smart contracts.

arvanaghi 2 - Reversing ethereum smart contracts 2.

ret2 - Practical ETH decompilation.

loom-network - 6 vulnerabilities and how to avoid them part 1.

ETH assembly - Lets talk assembly.

radare2 - Reversing EVM bytecode with radare2.

Etherum security tools - Trailofbits Ethereum security tools.

Hackernoon - Analyzing Ethereum smart contracts for vulnerabilities.

nccgroup - Discovering Smart Contract Vulnerabilities with GOATCasino.

Arseny Reutov - Predicting Random Numbers in Ethereum Smart Contracts.

funfair - Randomness is a big deal.

Training

Ethernaut - The ethernaut is a Web3/Solidity based wargame.

GOATCasino - GOATCasino is a Truffle project which deploys a set of intentionally vulnerable smart contracts.

ctf challs SWAMPCTF

MISC

dasp - Decentralized Application Security Project (or DASP) Top 10 of 2018.

Not so smart conracts - Examples of Solidity security issues.

EVM opcodes - Ethereum opcodes and instruction reference.

mint integer overflow mint integer overflow.

Uninitialized Pointer Storage Allocation Exploits in Ethereum Smart Contracts.

Paper

Smarter - Making Smart Contracts Smarter.

Yellow Paper - Ethereum: a secure decentralised generalised transaction ledger.

Awesomes

awesome

awesome ethereum

awesome ethereum virtual machine

Jobs

Ethercasts

Solidified

codementor

iosiro

audithor

Twitter

@withzombies @chaignc @trailofbits


By @chaignc #HexpressoTeam.