rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
master
awesome-awesomeness/terminal/evmsecurity2
rhetenor 652812eed0 update
2025-07-18 23:13:11 +02:00

121 lines
19 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
 Awesome EVM Security !Awesome (https://awesome.re/badge.svg) (https://awesome.re)
!Awesome EVM Security (awesome-evm-security.png) (https://github.com/kareniel/awesome-evm-security#readme)
EVM (https://ethereum.org/en/developers/docs/evm/) stands for "Ethereum Virtual Machine". The EVM powers the Ethereum mainnet, but also Layer 2 protocols, sidechains, and EVM-compatible chains.
This list is an overview of the EVM ecosystem from an information security management perspective.
Contents
- Guides (#guides)
- Governance (#governance)
- Architecture (#architecture)
- Standards (#standards)
- System Assets (#system-assets)
- Threats (#threats)
- Vulnerabilities (#vulnerabilities)
- Controls (#controls)
- Ecosystem (#ecosystem)
Guides
- CryptoSec.info (https://cryptosec.info/) - Information to help beginners learn how to protect their funds against hackers and scammers.
- Simplified Roadmap for Blockchain Security (https://devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html) - Covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security.
- How to become a smart contract auditor (https://cmichel.io/how-to-become-a-smart-contract-auditor/) - Frequently asked questions that are related to auditing and auditors can get their first job.
Governance
- A beginner's guide to DAOs (https://linda.mirror.xyz/Vh8K4leCGEO06_qSGx-vS5lvgUqhqkCz9ut81WwCP2o) - Gives a high level overview of what DAOs are, why they are interesting and some of their use cases.
- Deep DAO (https://deepdao.io/#/deepdao/dashboard) - Lists, ranks and analyzes top DAOs across multiple metrics.
- SAFT Agreements (https://saftproject.com/) - A commercial instrument used to convey rights in tokens prior to the development of the tokens' functionality.
- Voting Options in DAOs (https://medium.com/daostack/voting-options-in-daos-b86e5c69a3e3) - Voting Options in DAOs.
- The Wyoming DAO bill (https://twitter.com/awrigh01/status/1369328856260354051) - A thread about Wyoming DAOs .
- It Takes a Cryptonetwork (https://medium.com/primedao/it-takes-a-cryptonetwork-2ae9ab541c17) - Prime's Strategy for DAO to DAO Relations.
- DAOs, Democracy and Governance (https://merkle.com/papers/DAOdemocracyDraft.pdf) - A paper by Ralph Merkle about DAOs.
Architecture
- Shelling Out: The Origins of Money (https://nakamotoinstitute.org/shelling-out/) - Illustrates the value of collectibles in reducing social transaction costs.
- Foundations of Cryptoeconomic Systems (https://epub.wu.ac.at/7309/8/Foundations%20of%20Cryptoeconomic%20Systems.pdf) - This paper explores why the term
"cryptoeconomics" is context dependent and proposes complementary micro, meso and macro definitions of the term.
- Towards a Practice of Token Engineering (https://blog.oceanprotocol.com/towards-a-practice-of-token-engineering-b02feeeff7ca) - How do we design tokenized ecosystems, their incentives and how do we analyze or verify them?
- A Crash Course in Mechanism Design for Cryptoeconomic Applications (https://medium.com/blockchannel/a-crash-course-in-mechanism-design-for-cryptoeconomic-applications-a9f06ab6a976) - Introduces the basic concepts of mechanism design, and gives 
a taste for their usefulness in the cryptocurrency world.
- WTF Is QF (https://wtfisqf.com/?grant=&grant=&grant=&grant=&match=1000) - A simple explanation of quadratic funding.
- Bonding Curves Explained (https://yos.io/2018/11/10/bonding-curves) - What bonding curves are and their potential applications.
Standards
- DeFi Safety (https://www.defisafety.com/) - Best practices security score reviews.
- DASP Top 10 of 2018 (https://dasp.co/) - Decentralized Application Security Project Top 10 vulnerabilities.
- IVSCS (https://immunefi.com/severity-updated/) - Immunefi Vulnerability Severity Classification System.
- Smart Contract Security Verification Standard (https://securing.github.io/SCSVS/) - A free 14-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.
- Secureth guidelines (https://guidelines.secureth.org/) - Aid you in formulating your own software engineering process by giving a complete picture of all the different concerns and expectations in your software projects.
- CryptoCurrency Security Standard (CCSS) (https://cryptoconsortium.github.io/CCSS/) - A set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage 
solutions.
- The Solcurity Standard (https://github.com/Rari-Capital/solcurity) - Opinionated security and code quality standard for Solidity smart contracts.
System Assets
- Security Considerations in the Solidity documentation (https://docs.soliditylang.org/en/v0.8.6/security-considerations.html) - Lists some pitfalls and general security recommendations.
- Ethereum 2.0 Specifications Security Audit Report (https://leastauthority.com/static/publications/LeastAuthority-Ethereum-2.0-Specifications-Audit-Report.pdf) - Security Audit Report of the Eth2.0 spec by Least Authority.
- Getting Deep Into EVM (https://hackernoon.com/getting-deep-into-evm-how-ethereum-works-backstage-ac7efa1f0015) - An Ultimate, In-depth Explanation of How EVM Works.
- Ethereum EVM illustrated (https://takenobu-hs.github.io/downloads/ethereum_evm_illustrated.pdf) - Exploring some mental models and implementations.
- Ethereum Blockspace: Who Gets What and Why (https://www.aniccaresearch.tech/blog/ethereum-blockspace-who-gets-what-and-why) - Ethereum blockspace market structure.
- What Is Uniswap and How Does It Work? (https://academy.binance.com/en/articles/what-is-uniswap-and-how-does-it-work) - What Uniswap is, how it works, and how you can swap tokens on it simply with an Ethereum wallet.
- Scaling EVM (Ethereum Virtual Machine) (https://capitalgram.com/posts/scaling-evm/) - How fast and far can the EVM based blockchain architecture still take us.
- L2Beat (https://l2beat.com/) - Transparent and verifiable insights into emerging layer two (L2) technologies.
- The Non-Fungible Token Bible (https://opensea.io/blog/guides/non-fungible-tokens) - Everything you need to know about NFTs.
- KEVM (https://github.com/kframework/evm-semantics) - A formal model of the EVM in the K framework.
Threats
- Blockchain Graveyard (https://magoo.github.io/Blockchain-Graveyard/) - A list of all massive security breaches or thefts involving blockchains.
- List of Bitcoin Heists (https://bitcointalk.org/index.php?topic=576337) - Research on prior Bitcoin-related thefts.
- Blockchain Threat Intelligence (https://www.blockthreat.io/) - The latest in blockchain, DeFi and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.
- Rekt News (https://rekt.news/) - Investigative journalism, creative commentary, and incident analysis.
- DeFiYield's REKT db (https://defiyield.app/rekt-database) - Database of Crypto Hacks, Exploit, Scam.
- CryptoScamDB (https://cryptoscamdb.org/scams) - Keeping track of cryptocurrency scams in an open-source database.
- Mudit Gupta's Twitter threads (https://mudit.blog/twitter-threads/) - Early analysis and educational content on Twitter.
- Flash Boys 2.0 Paper (https://ieeexplore.ieee.org/document/9152675) - Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.
- MEV-explore (https://explore.flashbots.net/) - Help the community understand and quantify the significance of "Dark Forest activities" and their impact on the Ethereum network.
- Flashloan monitor (https://monitor.blocksecteam.com/) - Dashboard that helps you monitor flashloan transactions.
- Known Attacks (https://consensys.github.io/smart-contract-best-practices/known_attacks/) - A list of known attacks which you should be aware of, from Consensys.
- Solidity Security (https://blog.sigmaprime.io/solidity-security.html) - Comprehensive list of known attack vectors and common anti-patterns.
Vulnerabilities
- SWC Registry (https://swcregistry.io/) - Smart Contract Weakness Classification and Test Cases.
- 246 Findings (https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/) - 246 Findings From Trail of Bits Smart Contract Audits.
- A Survey of Security Vulnerabilities in Ethereum Smart Contracts (https://arxiv.org/pdf/2105.06974.pdf) - Explains eight vulnerabilities that are specific to the application level of blockchain technology by analyzing the past exploitation case
scenarios of these security vulnerabilities.
- List of Security Vulnerabilities (https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities) - A comprehensive list of common smart contract security vulnerabilities, compiled from various sources.
- List of Known Bugs (https://docs.soliditylang.org/en/v0.8.1/bugs.html) - A JSON-formatted list of some of the known security-relevant bugs in the Solidity compiler.
Controls
- Simple Security Toolkit (https://github.com/nascentxyz/simple-security-toolkit) - Opinionated recommendations that the team at Nascent find to be appropriate, particularly for teams developing and managing early versions of a protocol.
- Gnosis Safe (https://docs.gnosis-safe.io) - Multi-sig. Require multiple team members to confirm every transaction in order to execute it, which helps prevent unauthorized access to company crypto.
- List of DeFi auditors (https://www.defisafety.com/auditors) - List of DeFi auditors maintained by DeFiSafety.
- State of DeFi Audits (https://medium.com/conflux-network/the-overlooked-element-of-defi-adoption-e3b29829e3da) - Article taking a look at the auditing space and its importance in onboarding users by properly securing new DeFi protocols.
- Building Secure Contracts (https://github.com/crytic/building-secure-contracts/) - Trail of Bits' guidelines and best practices on how to write secure smart contracts.
- Solidity Patterns (https://fravoll.github.io/solidity-patterns/) - A compilation of patterns and best practices for the smart contract programming language Solidity.
- Security Pattern for Ethereum and Solidity (https://docs.google.com/spreadsheets/d/1PF4QZudW6Z7EV4hqQfwPo3A43AVqPrsuzzzey5yRYcs/edit#gid=0) - Google Sheets Checklists.
- Solidity Best Practices for Smart Contract Security (https://consensys.net/blog/developers/solidity-best-practices-for-smart-contract-security/) - Pro tips from Consensys to ensure your Ethereum smart contracts are fortified.
- CERtified (https://cer.live/) - Top 100 exchanges by Cybersecurity rating.
- Smart Contract Security Registry (https://github.com/ethereum-lists/contracts) - An effort to identify deployed contracts instances given their chain and address, by listing the project they belong to.
- Forta (https://docs.forta.network/) - Community-based runtime security network for smart contracts.
Ecosystem
- People to follow on Twitter (https://twitter.com/i/lists/1453086258436128770) - Twitter list to an overview of the web3 ecosystem and security people.
- Videos to watch on YouTube (https://www.youtube.com/playlist?list=PLox242_JhiuEe64LzW1M8XpiQ2-N5bZsX) - YouTube playlist of web3 security videos.
Footnotes
See Also
Other Awesome Lists:
- Awesome BlockSec CTF (https://github.com/0xjeffsec/awesome-blocksec-ctf) - Blockchain security Capture the Flag (CTF) competitions.
- Awesome Buggy ERC20 Tokens (https://github.com/sec-bit/awesome-buggy-erc20-tokens) - Vulnerabilities in ERC20 Smart Contracts With Tokens Affected.
- Awesome Cryptoeconomics (https://github.com/jpantunes/awesome-cryptoeconomics) - Cryptoeconomic research and learning materials.
- Awesome Zero-Knowledge Proofs (ZKP) (https://github.com/matter-labs/awesome-zero-knowledge-proofs) - A curated list of awesome things related to learning Zero-Knowledge Proofs (ZKP).
- Officer CIA's Ultimate DeFi Research Base (https://github.com/OffcierCia/ultimate-defi-research-base) - Curated DeFI & Blockchain research papers and tools.
- Awesome MEV resources (https://github.com/0xalpharush/awesome-MEV-resources)
evmsecurity Github: https://github.com/kareniel/awesome-evm-security
Reference in New Issue View Git Blame Copy Permalink