awesome-awesomeness/html/evmsecurity.html

<h1 id="awesome-evm-security-awesome">Awesome EVM Security <a
href="https://awesome.re"><img src="https://awesome.re/badge.svg"
alt="Awesome" /></a></h1>
<p><a
href="https://github.com/kareniel/awesome-evm-security#readme"><img
src="awesome-evm-security.png" alt="Awesome EVM Security" /></a></p>
<p><a href="https://ethereum.org/en/developers/docs/evm/">EVM</a> stands
for “Ethereum Virtual Machine”. The EVM powers the Ethereum mainnet, but
also Layer 2 protocols, sidechains, and EVM-compatible chains.</p>
<p>This list is an overview of the EVM ecosystem from an information
security management perspective.</p>
<h2 id="contents">Contents</h2>
<ul>
<li><a href="#guides">Guides</a></li>
<li><a href="#governance">Governance</a></li>
<li><a href="#architecture">Architecture</a></li>
<li><a href="#standards">Standards</a></li>
<li><a href="#system-assets">System Assets</a></li>
<li><a href="#threats">Threats</a></li>
<li><a href="#vulnerabilities">Vulnerabilities</a></li>
<li><a href="#controls">Controls</a></li>
<li><a href="#ecosystem">Ecosystem</a></li>
</ul>
<h2 id="guides">Guides</h2>
<ul>
<li><a href="https://cryptosec.info/">CryptoSec.info</a> - Information
to help beginners learn how to protect their funds against hackers and
scammers.</li>
<li><a
href="https://devansh.xyz/blockchain-security/2021/09/17/genesis-0x01.html">Simplified
Roadmap for Blockchain Security</a> - Covers all rudimentary topics that
one needs to know in order to get into the field of Blockchain
Security.</li>
<li><a
href="https://cmichel.io/how-to-become-a-smart-contract-auditor/">How to
become a smart contract auditor</a> - Frequently asked questions that
are related to auditing and auditors can get their first job.</li>
</ul>
<h2 id="governance">Governance</h2>
<ul>
<li><a
href="https://linda.mirror.xyz/Vh8K4leCGEO06_qSGx-vS5lvgUqhqkCz9ut81WwCP2o">A
beginner’s guide to DAOs</a> - Gives a high level overview of what DAOs
are, why they are interesting and some of their use cases.</li>
<li><a href="https://deepdao.io/#/deepdao/dashboard">Deep DAO</a> -
Lists, ranks and analyzes top DAOs across multiple metrics.</li>
<li><a href="https://saftproject.com/">SAFT Agreements</a> - A
commercial instrument used to convey rights in tokens prior to the
development of the tokens’ functionality.</li>
<li><a
href="https://medium.com/daostack/voting-options-in-daos-b86e5c69a3e3">Voting
Options in DAOs</a> - Voting Options in DAOs.</li>
<li><a
href="https://twitter.com/awrigh01/status/1369328856260354051">The
Wyoming DAO bill</a> - A thread about Wyoming DAOs .</li>
<li><a
href="https://medium.com/primedao/it-takes-a-cryptonetwork-2ae9ab541c17">It
Takes a Cryptonetwork</a> - Prime’s Strategy for DAO to DAO
Relations.</li>
<li><a href="https://merkle.com/papers/DAOdemocracyDraft.pdf">DAOs,
Democracy and Governance</a> - A paper by Ralph Merkle about DAOs.</li>
</ul>
<h2 id="architecture">Architecture</h2>
<ul>
<li><a href="https://nakamotoinstitute.org/shelling-out/">Shelling Out:
The Origins of Money</a> - Illustrates the value of collectibles in
reducing social transaction costs.</li>
<li><a
href="https://epub.wu.ac.at/7309/8/Foundations%20of%20Cryptoeconomic%20Systems.pdf">Foundations
of Cryptoeconomic Systems</a> - This paper explores why the term
“cryptoeconomics” is context dependent and proposes complementary micro,
meso and macro definitions of the term.</li>
<li><a
href="https://blog.oceanprotocol.com/towards-a-practice-of-token-engineering-b02feeeff7ca">Towards
a Practice of Token Engineering</a> - How do we design tokenized
ecosystems, their incentives and how do we analyze or verify them?</li>
<li><a
href="https://medium.com/blockchannel/a-crash-course-in-mechanism-design-for-cryptoeconomic-applications-a9f06ab6a976">A
Crash Course in Mechanism Design for Cryptoeconomic Applications</a> -
Introduces the basic concepts of mechanism design, and gives a taste for
their usefulness in the cryptocurrency world.</li>
<li><a
href="https://wtfisqf.com/?grant=&amp;grant=&amp;grant=&amp;grant=&amp;match=1000">WTF
Is QF</a> - A simple explanation of quadratic funding.</li>
<li><a href="https://yos.io/2018/11/10/bonding-curves">Bonding Curves
Explained</a> - What bonding curves are and their potential
applications.</li>
</ul>
<h2 id="standards">Standards</h2>
<ul>
<li><a href="https://www.defisafety.com/">DeFi Safety</a> - Best
practices security score reviews.</li>
<li><a href="https://dasp.co/">DASP Top 10 of 2018</a> - Decentralized
Application Security Project Top 10 vulnerabilities.</li>
<li><a href="https://immunefi.com/severity-updated/">IVSCS</a> -
Immunefi Vulnerability Severity Classification System.</li>
<li><a href="https://securing.github.io/SCSVS/">Smart Contract Security
Verification Standard</a> - A free 14-part checklist created to
standardize the security of smart contracts for developers, architects,
security reviewers and vendors.</li>
<li><a href="https://guidelines.secureth.org/">Secureth guidelines</a> -
Aid you in formulating your own software engineering process by giving a
complete picture of all the different concerns and expectations in your
software projects.</li>
<li><a href="https://cryptoconsortium.github.io/CCSS/">CryptoCurrency
Security Standard (CCSS)</a> - A set of requirements for all information
systems that make use of cryptocurrencies, including exchanges, web
applications, and cryptocurrency storage solutions.</li>
<li><a href="https://github.com/Rari-Capital/solcurity">The Solcurity
Standard</a> - Opinionated security and code quality standard for
Solidity smart contracts.</li>
</ul>
<h2 id="system-assets">System Assets</h2>
<ul>
<li><a
href="https://docs.soliditylang.org/en/v0.8.6/security-considerations.html">Security
Considerations in the Solidity documentation</a> - Lists some pitfalls
and general security recommendations.</li>
<li><a
href="https://leastauthority.com/static/publications/LeastAuthority-Ethereum-2.0-Specifications-Audit-Report.pdf">Ethereum
2.0 Specifications Security Audit Report</a> - Security Audit Report of
the Eth2.0 spec by Least Authority.</li>
<li><a
href="https://hackernoon.com/getting-deep-into-evm-how-ethereum-works-backstage-ac7efa1f0015">Getting
Deep Into EVM</a> - An Ultimate, In-depth Explanation of How EVM
Works.</li>
<li><a
href="https://takenobu-hs.github.io/downloads/ethereum_evm_illustrated.pdf">Ethereum
EVM illustrated</a> - Exploring some mental models and
implementations.</li>
<li><a
href="https://www.aniccaresearch.tech/blog/ethereum-blockspace-who-gets-what-and-why">Ethereum
Blockspace: Who Gets What and Why</a> - Ethereum blockspace market
structure.</li>
<li><a
href="https://academy.binance.com/en/articles/what-is-uniswap-and-how-does-it-work">What
Is Uniswap and How Does It Work?</a> - What Uniswap is, how it works,
and how you can swap tokens on it simply with an Ethereum wallet.</li>
<li><a href="https://capitalgram.com/posts/scaling-evm/">Scaling EVM
(Ethereum Virtual Machine)</a> - How fast and far can the EVM based
blockchain architecture still take us.</li>
<li><a href="https://l2beat.com/">L2Beat</a> - Transparent and
verifiable insights into emerging layer two (L2) technologies.</li>
<li><a href="https://opensea.io/blog/guides/non-fungible-tokens">The
Non-Fungible Token Bible</a> - Everything you need to know about
NFTs.</li>
<li><a href="https://github.com/kframework/evm-semantics">KEVM</a> - A
formal model of the EVM in the K framework.</li>
</ul>
<h2 id="threats">Threats</h2>
<ul>
<li><a href="https://magoo.github.io/Blockchain-Graveyard/">Blockchain
Graveyard</a> - A list of all massive security breaches or thefts
involving blockchains.</li>
<li><a href="https://bitcointalk.org/index.php?topic=576337">List of
Bitcoin Heists</a> - Research on prior Bitcoin-related thefts.</li>
<li><a href="https://www.blockthreat.io/">Blockchain Threat
Intelligence</a> - The latest in blockchain, DeFi and cryptocurrency
threat intelligence, vulnerabilities, security tools, and events.</li>
<li><a href="https://rekt.news/">Rekt News</a> - Investigative
journalism, creative commentary, and incident analysis.</li>
<li><a href="https://defiyield.app/rekt-database">DeFiYield’s REKT
db</a> - Database of Crypto Hacks, Exploit, Scam.</li>
<li><a href="https://cryptoscamdb.org/scams">CryptoScamDB</a> - Keeping
track of cryptocurrency scams in an open-source database.</li>
<li><a href="https://mudit.blog/twitter-threads/">Mudit Gupta’s Twitter
threads</a> - Early analysis and educational content on Twitter.</li>
<li><a href="https://ieeexplore.ieee.org/document/9152675">Flash Boys
2.0 Paper</a> - Frontrunning in Decentralized Exchanges, Miner
Extractable Value, and Consensus Instability.</li>
<li><a href="https://explore.flashbots.net/">MEV-explore</a> - Help the
community understand and quantify the significance of “Dark Forest
activities” and their impact on the Ethereum network.</li>
<li><a href="https://monitor.blocksecteam.com/">Flashloan monitor</a> -
Dashboard that helps you monitor flashloan transactions.</li>
<li><a
href="https://consensys.github.io/smart-contract-best-practices/known_attacks/">Known
Attacks</a> - A list of known attacks which you should be aware of, from
Consensys.</li>
<li><a href="https://blog.sigmaprime.io/solidity-security.html">Solidity
Security</a> - Comprehensive list of known attack vectors and common
anti-patterns.</li>
</ul>
<h2 id="vulnerabilities">Vulnerabilities</h2>
<ul>
<li><a href="https://swcregistry.io/">SWC Registry</a> - Smart Contract
Weakness Classification and Test Cases.</li>
<li><a
href="https://blog.trailofbits.com/2019/08/08/246-findings-from-our-smart-contract-audits-an-executive-summary/">246
Findings</a> - 246 Findings From Trail of Bits Smart Contract
Audits.</li>
<li><a href="https://arxiv.org/pdf/2105.06974.pdf">A Survey of Security
Vulnerabilities in Ethereum Smart Contracts</a> - Explains eight
vulnerabilities that are specific to the application level of blockchain
technology by analyzing the past exploitation case scenarios of these
security vulnerabilities.</li>
<li><a
href="https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities">List
of Security Vulnerabilities</a> - A comprehensive list of common smart
contract security vulnerabilities, compiled from various sources.</li>
<li><a href="https://docs.soliditylang.org/en/v0.8.1/bugs.html">List of
Known Bugs</a> - A JSON-formatted list of some of the known
security-relevant bugs in the Solidity compiler.</li>
</ul>
<h2 id="controls">Controls</h2>
<ul>
<li><a
href="https://github.com/nascentxyz/simple-security-toolkit">Simple
Security Toolkit</a> - Opinionated recommendations that the team at
Nascent find to be appropriate, particularly for teams developing and
managing early versions of a protocol.</li>
<li><a href="https://docs.gnosis-safe.io">Gnosis Safe</a> - Multi-sig.
Require multiple team members to confirm every transaction in order to
execute it, which helps prevent unauthorized access to company
crypto.</li>
<li><a href="https://www.defisafety.com/auditors">List of DeFi
auditors</a> - List of DeFi auditors maintained by DeFiSafety.</li>
<li><a
href="https://medium.com/conflux-network/the-overlooked-element-of-defi-adoption-e3b29829e3da">State
of DeFi Audits</a> - Article taking a look at the auditing space and its
importance in onboarding users by properly securing new DeFi
protocols.</li>
<li><a
href="https://github.com/crytic/building-secure-contracts/">Building
Secure Contracts</a> - Trail of Bits’ guidelines and best practices on
how to write secure smart contracts.</li>
<li><a href="https://fravoll.github.io/solidity-patterns/">Solidity
Patterns</a> - A compilation of patterns and best practices for the
smart contract programming language Solidity.</li>
<li><a
href="https://docs.google.com/spreadsheets/d/1PF4QZudW6Z7EV4hqQfwPo3A43AVqPrsuzzzey5yRYcs/edit#gid=0">Security
Pattern for Ethereum and Solidity</a> - Google Sheets Checklists.</li>
<li><a
href="https://consensys.net/blog/developers/solidity-best-practices-for-smart-contract-security/">Solidity
Best Practices for Smart Contract Security</a> - Pro tips from Consensys
to ensure your Ethereum smart contracts are fortified.</li>
<li><a href="https://cer.live/">CERtified</a> - Top 100 exchanges by
Cybersecurity rating.</li>
<li><a href="https://github.com/ethereum-lists/contracts">Smart Contract
Security Registry</a> - An effort to identify deployed contracts
instances given their chain and address, by listing the project they
belong to.</li>
<li><a href="https://docs.forta.network/">Forta</a> - Community-based
runtime security network for smart contracts.</li>
</ul>
<h2 id="ecosystem">Ecosystem</h2>
<ul>
<li><a href="https://twitter.com/i/lists/1453086258436128770">People to
follow on Twitter</a> - Twitter list to an overview of the web3
ecosystem and security people.</li>
<li><a
href="https://www.youtube.com/playlist?list=PLox242_JhiuEe64LzW1M8XpiQ2-N5bZsX">Videos
to watch on YouTube</a> - YouTube playlist of web3 security videos.</li>
</ul>
<h2 id="footnotes">Footnotes</h2>
<h3 id="see-also">See Also</h3>
<p>Other Awesome Lists:</p>
<ul>
<li><a href="https://github.com/0xjeffsec/awesome-blocksec-ctf">Awesome
BlockSec CTF</a> - Blockchain security Capture the Flag (CTF)
competitions.</li>
<li><a
href="https://github.com/sec-bit/awesome-buggy-erc20-tokens">Awesome
Buggy ERC20 Tokens</a> - Vulnerabilities in ERC20 Smart Contracts With
Tokens Affected.</li>
<li><a
href="https://github.com/jpantunes/awesome-cryptoeconomics">Awesome
Cryptoeconomics</a> - Cryptoeconomic research and learning
materials.</li>
<li><a
href="https://github.com/matter-labs/awesome-zero-knowledge-proofs">Awesome
Zero-Knowledge Proofs (ZKP)</a> - A curated list of awesome things
related to learning Zero-Knowledge Proofs (ZKP).</li>
<li><a
href="https://github.com/OffcierCia/ultimate-defi-research-base">Officer
CIA’s Ultimate DeFi Research Base</a> - Curated DeFI &amp; Blockchain
research papers and tools.</li>
<li><a
href="https://github.com/0xalpharush/awesome-MEV-resources">Awesome MEV
resources</a></li>
</ul>
<p><a
href="https://github.com/kareniel/awesome-evm-security">evmsecurity.md
Github</a></p>