crytic / Awesome Ethereum Security
Licence: cc-by-4.0
A curated list of awesome Ethereum security references
Stars: ✭ 345
Programming Languages
solidity
1140 projects
Projects that are alternatives of or similar to Awesome Ethereum Security
Evm Opcodes
Ethereum opcodes and instruction reference
Stars: ✭ 344 (-0.29%)
Mutual labels: ethereum, evm
Ethabi
Encode and decode smart contract invocations
Stars: ✭ 172 (-50.14%)
Mutual labels: ethereum, evm
Monax
DEPRECATED. To be removed December, 2018 (use monax/bosmarmot)
Stars: ✭ 269 (-22.03%)
Mutual labels: ethereum, evm
Armors Solidity
Armors-solidity is a framework to build secure smart contracts on Ethereum.
Stars: ✭ 184 (-46.67%)
Mutual labels: ethereum, evm
Openzeppelin Contracts
OpenZeppelin Contracts is a library for secure smart contract development.
Stars: ✭ 14,308 (+4047.25%)
Mutual labels: ethereum, evm
Evm Tools
Ethereum Virtual Machine tools and guide
Stars: ✭ 238 (-31.01%)
Mutual labels: ethereum, evm
Bamboo
Bamboo see https://github.com/cornellblockchain/bamboo
Stars: ✭ 300 (-13.04%)
Mutual labels: ethereum, evm
Chains
provides metadata for networkIDs and chainIDs
Stars: ✭ 117 (-66.09%)
Mutual labels: ethereum, evm
Evmone
Fast Ethereum Virtual Machine implementation
Stars: ✭ 162 (-53.04%)
Mutual labels: ethereum, evm
Hevm
(OLD REPO) A debug-oriented Ethereum VM (EVM)
Stars: ✭ 114 (-66.96%)
Mutual labels: ethereum, evm
Securify
[DEPRECATED] Security Scanner for Ethereum Smart Contracts
Stars: ✭ 177 (-48.7%)
Mutual labels: ethereum, evm
Chaingear
The consensus computer driven database framework
Stars: ✭ 83 (-75.94%)
Mutual labels: ethereum, evm
Evm2wasm
[ORPHANED] Transcompiles EVM code to eWASM
Stars: ✭ 96 (-72.17%)
Mutual labels: ethereum, evm
Remix Project
Remix is a browser-based compiler and IDE that enables users to build Ethereum contracts with Solidity language and to debug transactions.
Stars: ✭ 225 (-34.78%)
Mutual labels: ethereum, evm
Awesome Ethereum Security
A curated list of awesome Ethereum security references, guidance, tools, and more.
Join Trail of Bits for a free Ethereum Office Hours session by reserving a slot on Calendly. An engineer from Trail of Bits will assist you in applying advanced security (tools)[#tools] and practices to your smart contract code.
Contents
Learning
Security references
- Comprehensive list of known attack vectors for Solidity
- Consensys Best Practices
- Decentralized Application Security Project
- Solidity Security Considerations
- Solidity v0.5.0 Breaking Changes
Insecurity references
Capture the Flag and Wargames
Writeups
- Hands on the Ethernaut CTF - Writeups for various Ethernaut CTF challenge contracts.
- Ethernaut - Naught Coin (ERC20) Exploitation - Writeup for a vulnerable ERC20 from the Ethernaut CTF.
- EtherHack CTF Writeup - Writeup for EtherHack CTF challenges.
- PolySwarm Smart Contract Hacking Challenge Writeup - Demonstrates advanced use of Manticore
Coordinated disclosure
- Blockchain Security Contacts - Security contact info for blockchain projects
Blogs
- Hacking Distributed - Emin Gün Sirer, professor in Cornell Tech’s IC3 lab focused on blockchain security.
- Phil Does Security - Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects
- Trail of Bits - Cybersecurity R&D firm with a blockchain security practice
- Martin Holst Swende - Martin Swende, programmer and appsec consultant
- SmartDec blog - Company blog about security issues and practices within blockchain ecosystem
Notable blog posts
- Contract upgrade anti-patterns
- How the winner got Fomo3D prize — A Detailed Explanation
- How to debug Solidity Smart Contracts with Tenderly and Truffle
- Lashing out at a Spank Channel
- Malicious GasToken Minting
- Missing return value bug in ERC20 tokens
- Not A Fair Game – Fairness Analysis of Dice2win
- Initial Formal Verification of Ethereum Casper Protocol
- Security considerations for Shamir's secret sharing
- SmartDec smart contract audit beginner's guide
- The Anatomy of a Block Stuffing Attack
- The phenomenon of smart contract honeypots
- Use our suite of Ethereum security tools
- Vertcoin (VTC) was successfully 51% attacked
Conference talks
Title | Conference | Year |
---|---|---|
Predicting Random Numbers in Ethereum Smart Contracts | OWASP AppSec | 2018 |
Blockchain Autopsies - Analyzing Smart Contract Deaths | Blackhat USA | 2018 |
Rattle - an EVM binary analysis framework | reCON | 2018 |
Blackhat Ethereum | CanSecWest | 2018 |
Smashing Ethereum Smart Contracts for Fun and Profit | HITB Amsterdam | 2018 |
Automatic Bug Finding for the Blockchain | EkoParty | 2017 |
Podcasts and Episodes
Podcasts
Episodes
- The Smartest Contract #15 - Trail of Bits’ Outlook on Security w/ JP Smith
- The Smartest Contract #8 - Smart Contract Security and Honeypots w/ Gerhard Wagner
- Zero Knowledge #29 - The DAO, the White Hat Hacker Group & Giveth w/ Griff Green
- Zero Knowledge #16 - Talking security with JP Smith from Trail of Bits
- Risky Business #488 - JP Smith about all things blockchain
Tools
Visualization
- ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
- Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
- Solgraph - Generates DOT graphs with function control flow of a solidity contract
- Surya - Generates various visual outputs of function call graphs
- sol-function-profiler - Solidity contract function profiler
Linters
- Remix - Browser-based Solidity IDE with linting features
- SmarrtCheck - A linter for Solidity and Vyper that checks code for security issues and bad practices.
- Solhint - Linter for both security and style-guide validations. It strictly adheres to the Solidity Style Guide.
- Solium - Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide.
Bug finding tools
- Echidna - Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts.
- Manticore - Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws
- Mythril OSS - Open-source security analysis tool for Ethereum smart contracts built around detector modules
- Securify - Static analysis tool from ChainSecurity
- Slither - Static analysis framework, written in Python, with detectors for many common Solidity issues
Verification tools
- KEVM - K Semantics of the Ethereum Virtual Machine (EVM)
- Manticore - Symbolic execution tool for EVM
Reversing tools
- abi-decompiler - EVM reverse engineering helper utility
- ethereum-dasm - EVM disassembler with static and dynamic analysis abilities, including function signature lookup
- Ethersplay - Visual disassembler for EVM bytecode built on Binary Ninja
- evmlab - Utilities for interacting with the Ethereum virtual machine
- IDA-EVM - IDA plugin to view EVM instructions
- Panoramix
- pyevmasm - EVM assembler and disassembler with a CLI and a Python API
- Rattle - EVM binary static analysis framework. Produces SSA representations of EVM code.
Custody
- Subzero - Subzero is an HSM-backed method for cold storage of Bitcoin developed by Square
Communities
Other Awesome Lists
- Awesome AppSec
- Awesome Ethereum Virtual Machine
- Awesome Solidity
- Crypto projects that might not suck
Contributing
We welcome contributions that help curate this awesome list. Please refer to the contributing guidelines when submitting PRs. Thanks!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].