Awesome
Smart Contract Auditor Tools and Techniques
How to become a Smart Contract Auditor
- How to become Smart Contract Auditor and Bounty Hunter by Officer CIA
- Auditor's Roadmap by RazzorSec
Transaction Visualization tools for hacks
- MistTrack
- Phalcon BlockSec
- Bitquery Explorer
- Tx eth samczsun
- Tenderly
- Cruise Supremacy
- Cross-chain transaction tracker
- Front-running explorer
- Awesome On-chain Investigation
Stanford Defi Security Summit 2022
Paris Defi Security Summit 2023
Miscellaneous Tools
- Cyfrin Solodit - Smart contract security research
- Cryptocurrency OSINT
- Tool for Storage visualization of Proxy contracts & to check storage collision
- Uniswap TWAP Oracle Price Manipulation Simulator
- Metamorphic contracts detector
- Vscode on Etherscan
- EVM traces with Python
- Tool to detect Out of Gas/Denial of Service
- List of Defi Hacks with Proof of Concept
- Tool to extract ABI from Unverified contracts
- Tool to get historical data from EVM chains
- Immunefi Web3 Security library
- Ethers.js playground
- ETH-Toolbox: Useful tools for Ethereum devs
- EVM codes Interactive Playground
- Echidna Fuzzer
- Trade volume metrics across all chains
- Tool to check audited code diff on-chain
- Oracle risk rating system
- Tool to diff contracts using simhashes
- Tool to match hashes of known contracts
- ABI decompiler
- Database and tool to detect and report scams
- Rug Checker tools
- User friendly Metadock extension by BlockSec
- Tool for checking cross-function and cross-contract reentrancy
- Tool to guess type of ABI encoded data
- Running slither and other tools on cloud
- samczsun's tool to get function signature from abi.encoded data
- Visualize EVM storage (finally!)
- Tool to query Solidity Smart contracts
- WeAudit Vscode extension by ToB to make Notes during Audit
On-Chain Monitoring tools for attacks (Refer Pessimistic-blog)
- Forta
- Defender
- Tenderly
- Lossless
- Hackless
- Blocknative
- Seraph
- Slowmist monitor
- Ironblocks
- Hypernative
- Hacken Extractor
- QuickNode's QuickAlerts
- Cyvers.ai
- Hexagate
- Peckshield's KillSwitch
- Zokyo's Mamoru.ai
On-chain Simulators for user-Side Defense
- Fire
- Pocket Universe
- Stelo
- Interlock
- Wallet guard
- Meshed Labs
- Blowfish
- Hexagate
- Rabby.io- Alternative to metamask
- Web3 Antivirus
OffcierCIA On-chain Investigation Tools
- Ethtective
- Breadcrumbs
- Hal
- Dune Analytics
- Nansen.ai
- Bloxy.info
- Tx2uml
- EVM Trace
- 3D VR blockchain visualization
- Unrekt.net
- Revoke.cash
- Tutela
Echidna Fuzzing resources
- Why Echidna is the best smart contract fuzzer
- Breaking solidity compiler with Fuzzing
- More on fuzzing using Echidna
- ToB setting up fuzzing for clients
- ToB livestream on fuzzing using Echidna
- Hybrid Fuzzing
- Intro to advanced, with tips & FAQs
Symbolic Execution / Formal Verification Tools
Static analysis Tools and More!
- Oyente
- Osiris
- Maian
- TeEther
- Sereum
- ContractFuzzer
- ILF
- Slither
- Vandal
- Madmax
- Ethir
- Smartcheck
- SaferSC
- RecChecker
- KEVM
- Eth-Isabelle
- SmartPulse
- Semgrep
- C4udit
- Cyfrin Aderyn
Smart contract Security Techniques and Best practices (Refer DefiVulnLabs )
- Mastering Ethereum - Smart Contract Security
- Smart Contract Best Practices- The Smart Contract Security Field Guide
- Awesome-Smart-Contract-Security
- (Not So) Smart Contracts
- Smart contract best practices by ToB
- Smart Contract Attack Vectors
- Secureum Security Pitfalls 101
- Secureum Security Pitfalls 201
- How to Secure Your Smart Contracts: 6 Solidity Vulnerabilities and how to avoid them (Part 1)(Part 2)
- All Ethereum EIPs
- Missing support for EIP-2930 on BSC- Beware Multisigs!
- Handling "missing return" ERC20 tokens
- All types of Reentrant attacks
- Smart Contract Weakness Classification Registry (SWC Registry)
- Ethereum Post Merge Security and known attack vectors
- Best practice for Upgradeable smart contracts
- Guide to Governance attacks
- How to avoid Governance attacks
- DAO Governance Attacks and how to avoid them
- The Vulnerable Nature of Decentralized Governance in DeFi
- A white hat mindset- From the perspective of a smart contract auditor
- Commit and Reveal scheme to mitigate Front-run attacks
- NFT Security collection
- Solving the issue with slippage in EIP-4626
- A Novel Defense Against ERC4626 Inflation Attacks by Openzeppelin
- ERC-4626 Security concern: Inflation attack by Openzeppelin
- Property tests in Foundry for ERC4626 by a16z
- Proxy contracts security guide
- Awesome Oracle manipulation
- 100 point checklist before sending your smart contract for audits
- Solcurity security checklist for audits
- Smart contract Audit Checklist
- Solodit audit checklist
- Upgradeable smart contract audit checklist
- Smart Contract Security Verification Standard (SCSVS)
- Top 10 Hacking Techniques of 2022- by Openzeppelin
- Question until it crashes- by Tincho
- Reproducing MEV attacks
- Checklist for Signature verification
- Signature Replay attacks
- Improper verification of signatures SWC-121 and SWC-117
- Loss of Precision vulnerabilities
- EEA DeFi Risk Assessment Guidelines (1st Draft)
- Blog on AI in Crypto & Smart Contract security
Defi Focused Security Resources
- Zokyo Auditing Tutorial for Medium to High Findings
- Top 10 DeFi Security Best Practices
- Defi Slippage attacks
- Price Oracle Best practices
- Securely using Chainlink to price Curve LP Pools
- Chainlink oracle attacks
Audit reports and findings
- Code4rena Audit reports
- Sherlock Audit reports
- The Auditor book- Sherlock and Code4rena findings
- Search Code4rena and Sherlock findings
- Immunefi Bug Bounty Writeups
- Cyfrin Solodit search with filters
- All Audit reports of Security companies
- List of Bridge hacks
ZK security and Learning resources
- Intro to Zk Security
- Zk bugs tracker
- Zk hash collision vulnerability
- Common Zero-Knowledge Proof Vulnerabilities
- Zk auditing cohort open sourced
- Zk Camp's Aztec/Noir Cohort
- Zk learning with 0xparc
- Zk learning resources by Shanzson :)
- Zk audit playbook by Zellic
Free smart contract security-related resources
- Ethereum Yellow paper course
- Awesome Openzeppelin
- Stanford Cryptography course
- Mastering Solidity Assembly (YUL)
- All about assembly
- Cyfrin Updraft - Smart Contract Security and Auditing Course
What to do when Hacked?
- Seal 911 Bot by Whitehats to Rescue You when Hacked
- Incident Response Guidelines by ToB
- Crisis Handbook- Smart contracts Hack
Privacy Tools
- Tool for Private RPC
- Hopr protocol
- Using Zmok along with MullVad VPN