A library of blockchain security resources for various categories in blockchain.
Want to add something blockchain security related? Create a PR making sure that:
- It is blockchain security related.
- Link is in the correct section or can be made into a new section.
- It stays in alphabetical order.
Do you think something would better fit in another section? Create an issue about why you think so.
- Blockchain Security Library
- Contributing
- Access Control
- Blockchain Security News
- CDP, Lending and Borrowing
- Comprehensive List of Hacks and Exploits
- CTFs and Puzzles
- DeFi
- DOS
- ERC-1155
- ERC-20
- ERC-4337
- ERC-4626
- ERC-721
- ERC-777
- EVM Internals and Low Level
- Findings Search Utilities and Databases
- Formal Verification and Symbolic Execution
- Fuzzing
- Gas
- General
- Governance
- L2 and Bridges
- LSD
- MEV
- Oracle and Flashloans
- Over/Underflow
- Reentrancy
- Reversing
- RoadMaps
- Rounding and Math
- Security Checklists
- Security Courses
- Security Monitoring and Protection
- Signature Vulnerabilities
- Tools
- Upgradability
- Validation and Logic errors
- ZK
- Access Control Vulnerability in DeFi
- Admin Brick & Forced Revert
- Attack Vectors in Solidity #1: Inappropriate Access Control
- CoW Swap Solver Exploit— Post mortem
- Cryptoninja World NFT hack Analysis — Improper Access control
- Degen Millionaires Club hack
- Dungeon Swap and Launch Zone Exploit
- Enzyme Vulnerability
- Land NFT Hack
- MetaPoint Hack Analysis
- SAFEMOON - REKT
- SafeMoon Exploit Explained
- The Role of Access Control in Solidity Smart Contracts
- Thunder Lands
- Uncovering a High Severity Access Control Vulnerability
- Understanding Local Traders Exploit
- Unlock Protocol
- Blockchain Threat Intelligence
- HashingBits
- Immunefi
- Security Pills (Mix of both web2 & web3)
- Web3 Security Watch
- Web3Sec News
- Week in Ethereum News
- Aave Fork Checklist
- Borrowing on Ethereum: Comparing Architecture Evolution of MakerDAO, Yield, Aave, Compound, & Euler
- CDP Checklist
- Compound v2 DeFi Integration: Specifications
- Compound V2 in Depth
- compound-v3-book
- DeFi Lending Concepts Part 1: Lending and Borrowing
- Discussion on lending/borrowing bugs
- How (Not) to Create a DeFi CDP or Lending Protocol
- Issues in Certain Forks of Gains Network
- Lending/Borrowing DeFi Attacks
- Lending/Borrowing DeFi Attacks
- Radiant Capital Hack Analysis
- Typical vulnerabilities in lending and CDP protocols
- Understanding Compound’s Liquidation
- Vulnerable Spots of Lending Protocols
- Vulnerable Spots of Lending Protocols
- Coinspect's Learn EVM Attacks
- Cryptosec DeFi Hacks
- DeFi Fork Bugs
- Defi Hack Analysis
- DeFiHackLabs
- DeFi POC
- DefiLlama
- Hack Analysis POCs
- OpenZeppelin Post Mortems
- Phalcon Security Incidents
- QuillAudit's Hackerboard
- Rekt Leaderboard
- SlowMist Hacked
- Smart Contract Hack POC
- a-MAZE-X: A Smart Contract Security Capture the Flag Workshop
- Blocksec CTFs
- Code is Law 2
- CTF Lending
- ctfprotocol
- Curta Archive
- Curta Golf
- Curta Write Ups
- Damn Vulnerable DeFi
- Decently Safe DeFi
- decipher_EVM_puzzles
- DownUnderCTF Blockchain CTF
- Ethernaut CTF 2024
- Ethernaut
- EVM through CTFs
- evm-puzzles
- Gas Puzzles
- Grey Cat The Flag
- HalbornSecurity CTFs
- Hats Finance Games
- Hats Finance vault-game
- more-evm-puzzles
- Mr Steal Yo Crypto
- Offensive Vyper
- Paradigm CTF 2021
- Paradigm ctf 2022 teaser
- Paradigm CTF 2022
- Protocol CTF
- Secureum A-MAZE-X Maison de la Chimie
- Secureum A-MAZE-X Stanford
- Sherlock x Secureum CTF
- SkidsDAO ctf
- Smart Contract Hacker Playground
- Sol Challenge
- Solana CTF
- Solidity Challenges
- Solidity Riddles
- Solidity Trivias
- Solidity Underhanded Contest
- Sussy Huff CTF
- unhackedctf
- VyperPunk
- Yet another evm puzzle
- zero knowledge puzzles
- A Deep Dive Into the Uniswap V2 Protocol
- AAVE V3 DeFi Integration Tips
- aave-unleashed
- All About DeFi and Future of Finance - Full Course in 4 playlists
- amm Checklist
- AMM Market Manipulation
- Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit
- Attacks on Dynamic DeFi Interest Rate Curves
- Auditor’s Digest : Incorrect TWAP implementations
- awesome-uniswap-hooks
- BalancerV1 Integration Tips
- Bitpaid Hack
- Concentrated Liquidity Manager Vulnerabilities
- Convex Finance DeFi Integration Tips
- CurveV1 Integration Tips
- Decentralized Finance (DeFi) Attacks
- Decentralized Finance Threat Matrix
- DeFi Attack Vectors
- DeFi Design Takeaways from DeFi Risk Modelling
- Defi fork bugs
- DeFi Risk Modelling Awesome
- DeFi Slippage Attacks
- Euler Finance Incident Post-Mortem
- First Deposit Bug in CompoundV2
- Floki Inu hack
- How Was ASKACR Token Exploited?
- How Was LunaFi Exploited?
- KyberSwap Elastic bug
- Level Finance Hack Analysis
- liquidations thread
- Manipulating $GPT Token's Fee Mechanism
- Numerical Analysis
- Overview of the Inflation Attack
- Para.Space Hack
- Precision Loss Errors
- Price & Reward Manipulation Attacks Distilled
- Retrospecting Unhealthy Order Allowance Vulnerability in Perpetual Protocol
- reward based protocols thread
- Snooker Token Hack Analysis
- So you want to use TWAP?
- StErMi Aave v3 bug bounty part 1
- StErMi Aave v3 bug bounty part 2
- StErMi Aave v3 bug bounty part 3
- Thorns in the Rose: Exploring Security Risks in Uniswap v4’s Novel Hook Mechanism
- TradFi, Meet DeFi
- Typical vulnerabilities in AMM protocols
- Uniswap v3 Book
- Uniswap V3 ticks - dive into concentrated liquidity
- Uniswap v4 - threat modeling for secure integration
- UniswapV4 hooks
- When bug-fixes go wrong: RAI debt auctions bug
- a study of return bombing
- Charged Particles Griefing Bugfix Review
- Intro to Smart Contract Security Audit: DOS
- Mass-Disclosure of Griefing Vulnerabilities
- Permission denied
- Solidity Smart Contract Unbounded Loops DOS Attack Vulnerability Explained with REAL Example
- Stacks DoS Bugfix Review
- Threshold tBTC vulnerabilities disclosed
- ERC721/ERC1155 contract development and security
- Security Analysis of the ERC 1155 NFT Smart Contract
- Your Guide to ERC-1155
- 12 ERC20 Edge Cases
- Another Attack Due To Deflationary Token Compatibility Issues
- Auditor’s Notes: ERC20 Integration Tips
- Awesome Buggy ERC20 Tokens
- bZx’s Security
- Contract development and contract security for ERC20 related business
- ERC-20 Standard – Security Department Statement
- ERC20 Standard Main Issue
- How to Avoid Issues Related to Deflationary Tokens
- How to Ensure Web3 Users Are Safe from Zero Transfer Attacks
- ERC20 Weirdness & Attacks Part 1
- Kaoya Swap Hack
- Known problems of ERC-20 token standard
- Navigating the pitfalls of securely interacting with ERC20 tokens
- Public transfer vulnerability of the Tether Gold smart contract
- Rebasing Tokens thread
- Smart Contract Security Guidelines #1
- The Importance of Secure ERC20 Tokens: Ensuring Trust in the World of Decentralized Finance
- Token Interaction Checklist
- Token Tester
- Tradeoff Between Convenience and Security
- weird-erc20
- Why you should ALWAYS use SafeERC20
- A deep dive into the main components of ERC-4337
- Account Abstraction Security Guide
- ACCOUNT ABSTRACTION: A COMPREHENSIVE GUIDE
- Account Abstraction: Security for Auditors
- Account Abstraction: Use Cases, Technical Overview, and Security Considerations
- Account Abstraction's Impact on Security and User Experience
- Account Abstraction
- EIP-4337 – Ethereum Account Abstraction Incremental Audit
- EIP-4337: Account Abstraction thread
- EIP4337Manager selfdestruct vulnerability
- ERC-4337 Primer
- ERC-4337 UserOperation Packing Vulnerability
- ERC4337 Audit Checklist
- ERC4337 Sample VerifyingPaymaster Signature Replay attack
- MEV Exploration: From the Perspective of ERC-4377
- Security Checkpoints for EIP-4337 Based Account Abstraction Implementation
- Smart Contract Audit of Sock’s ERC-4337 Compliant Self-Custodial Trading Platform
- Smashing ERC4337 Wallets For Fun and Profit
- Understanding ERC-4337 User Operation Packing Vulnerability
- A Novel Defense Against ERC4626 Inflation Attacks
- ERC 4626 Token Standard And Its Security Concerns Explained
- ERC4626 Interface Explained
- Exploring ERC-4626: A Security Primer
- Is my ERC-4626 vault token up to the standard?
- Shared Vulnerabilities Between ERC-4626 Vaults and Vault-Like Contracts
- A comprehensive guide to the ERC721 standard and related security issues
- A Research Into NFT Whitelist Bypass Vulnerability (1/2)
- An Analysis of the Attack on the OmniX NFT Platform
- Are NFTs Safe?
- Audita’s Vulnerability Highlights: Part 1
- Auditing Tips for NFT Projects
- Auditing Tips for NFT Projects
- Beosin: 10 Ways to Teach You How to Guard the NFT Assets
- BEST PRACTICES FOR SECURE NFT DEVELOPMENT
- Critical NFT Bridge Vulnerability
- Deciphering ERC721 Token Standard & Fungibility of assets from a Developer’s perspective
- How Hackers Can Become “Lucky” in NFT Minting
- How to Ensure the Security of NFT Under the Web 3.0 Boom?
- How to hack into NFT marketplace
- Insight Into NFT Token Standards And Best Security Practices
- NFT Attack Vectors
- NFT attacks
- NFT Best Practices
- NFT Marketplace Smart Contract Audit Guidelines
- NFT Security: Tips and Best Practices
- NFT Smart Contract Audit
- Recreating Kubz NFT Hack and understanding what went wrong
- royalty fee limit of nft marketplace bypass via eip 2981
- SECURITY RISKS OF NFT GAMES
- TOP 10 WAYS YOUR NFTS CAN BE HACKED
- Unforgettable NFT Smart Contracts Exploits
- Deciphering Token Standards in Ethereum Part-IV — The Failure of ERC777
- Exploring ERC777 Tokens: Vulnerabilities and Potential DOS Attacks on Smart Contracts
- Latent Bugs in Billion-Plus Dollar Code
- One more problem with ERC777
- SlowMist: Detailed Explanation of Uniswap’s ERC777 Re-entry Risk
- The Potential Impact Of ERC-777 Tokens On DeFi Protocols
- A call, a precompile and a compiler walk into a bar
- A Low-Level Guide To Solidity's Storage Management
- A Playdate with the EVM
- Basic Bit Manipulation
- Building an EVM from scratch
- Building reliable EVM disassemblers
- Data Representation in Solidity
- Dissecting EVM using go-ethereum Eth client implementation. Part I
- Ethereum Data Structures
- Ethereum EVM illustrated
- Ethereum Virtual Machine Language Design
- Ethereum Yellow Paper Course
- Ethereum Yellow Paper
- ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER
- Ethereum
- EVM Chad
- EVM From Scratch
- EVM Limitations & Assembly Auditing Tips
- EVM Mastery
- EVM-Book
- evm-from-scratch
- evm-from-scratch
- evm-pt1
- EVM: Degen Bit Masking
- evm.codes
- From bytecode to bugs
- How I Almost Cheesed the EVM
- Huff
- Inline Assembly
- learn yul
- Learning Solidity : Tutorial 12 Functional Assembly
- Learning Solidity : Tutorial 13 Instructional Assembly
- Low level vulnerabilities & POCs
- Mastering Ethereum
- Memware: Generalised Frontrunners
- noxx
- Pointers in Solidity?
- Programming Tutorial: Getting Started with Yul+
- Smart Contract Obfuscation Techniques
- Solidity and EVM: Bit Shifting and Masking in Assembly(YUL)
- Solidity Bugs in Yul
- Solidity Inline Assembly & Yul
- Solidity Inline Assembly Vulnerabilities
- Solidity Tutorial : all about Assembly
- solvm
- Technical Exploration of Inline Assembly in Solidity
- The Bytecode #35 - Hari - Solidity Compiler
- The Dark Arts of Yul, Explained
- The EVM and Smart Contract Internals
- The EVM Handbook
- Understand EVM bytecode
- Understanding The Ethereum Yellow Paper
- What Is a Precompiled Contract Vulnerability?
- Where can the EVM read and write data?
- Yul (and Some Solidity) Optimizations and Tricks
- Yul & Memory Intro | Yul Exploit!
- Yul By Example
- Yul Solidity Fridays
- Yul
Great tools for looking for more specific findings
- Audit Hero
- ConsenSys Blockchain SecurityDB
- Masamune
- Public Audit Reports Data
- Solodit
- tintinweb smart-contract-vulndb
- Tomo's Findings Database
- Awesome Symbolic Execution
- Certora Documentation
- Certora Tutorials
- daejunpark halmos usage
- ERC20-K: Formal Executable Specification of ERC20
- ERC777-K: Formal Executable Specification of ERC777
- Ethereum Formal Verification
- Everything You Wanted to Know About Symbolic Execution for Ethereum Smart Contracts
- EVM Symbolic Execution
- Formal Methods for DeFi Developers
- formal verification & symbolic execution Thread
- Formal Verification of ERC20 Contracts
- Formal Verification of Smart Contracts: Equivalence Checking of Uniswap Library
- Formal verification to the people
- Formally Verifying Finality in Gasper:
- Formally Verifying WETH
- Implementing stateful invariant testing with Halmos
- MIT Symbolic Execution
- Morpho Certora Tutorials
- Preventing reentrancy bugs — another use case for formal verification
- Scaling Formal Verification to Find Bugs in Complex Smart Contract Systems
- Smashing bugs using Certora Prover
- SMTChecker and SMT Solvers: Exploring Formal Verification One Step at a Time
- SMTChecker: The Game Changer in Smart Contracts Verification and Security
- Solady FixedPointMathLib testing
- Solana Formal Verification: A Case Study
- Symbolic testing with Halmos
- The Easy Way To Quit (Concrete) Testing
- Z3 Docs
- 10 Steps To Easily Use 3 Fuzzers
- A Guide to Crafting Robust Invariants
- awesome directed fuzzing
- Breaking the Tree: Violating Invariants in Semaphore
- Building a smart contracts fuzzer for fun and profit
- Crytic Properties
- Detecting Reentrancy Issues in Smart Contracts Using Fuzzing
- Differential Fuzzing On Solidity Fixed-Point Libraries
- Echidna Streaming Workshop
- Echidna: Invariant Tests for AMM Contracts
- Exploiting Precision Loss via Fuzz Testing
- Finding Denial of Service Bugs At Scale With Invariant Tests
- Finding mispriced opcodes with fuzzing
- function-level invariant Thread
- Fuzz on the Beach: Fuzzing Solana Smart Contracts
- Fuzz Test Coverage Tips
- Fuzzing and Heuristics interview with @devdacian
- Fuzzing ERC20 contracts with Diligence Fuzzing
- Fuzzing on-chain contracts with Echidna
- Fuzzing Smart Contracts Yields this Research Team $100K+ in Bounties
- Fuzzing smart-contracts practical aspects
- Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge
- Fuzzing Vyper Contracts Using Foundry
- Invariant Testing WETH With Foundry
- Josselin Feist - Building secure contracts: Fuzzing like a pro
- Learnings from 6 weeks of fuzzing Badger DAO's eBTC protocol
- Mastering Fuzzing
- Next level smart contract security with Diligence Fuzzing
- Saving Millions in 2023 with Specification-Guided Fuzzing
- Secureum Diligence Bootcamp
- The Fuzzing Book
- Thomas Roth , Solana - JIT - Lessons from fuzzing a smart contract compiler
- TOB fuzzing blog posts
- A Collection of Gas Optimisation Tricks
- A Dive into Storage Packing
- A Guide to Ethereum Gas Fees and Ways to Reduce Them
- Auditor’s Advice: Math, Solidity & Gas Optimizations
- Awesome Solidity Gas-Optimization
- EVM Gas optimization tricks
- EVM Gas Optimizations
- Gas Numbers Every Solidity Dev Should Know
- Gas Optimization in Ethereum Smart Contracts
- Gas Optimization Resources Thread
- Gas Optimizations / Gas Golfing using Huff , Yul
- Gas Optimizations for the Rest of Us
- gas optimizations
- golf-course
- How to optimize your gas consumption without getting REKT
- hrkrshnn gas ops
- re-golf-course
- solidity gas optimization
- Solidity Gas Optimizations 101
- Solidity Gas Optimizations Cheat Sheet
- Structs in Solidity: Best Practices for Gas Efficiency by 0xLazard
- The RareSkills Book of Solidity Gas Optimization: 80+ Tips
- The Ultimate Guide to NFT Gas Optimization
- Yul (and Some Solidity) Optimizations and Tricks
- (Not So) Smart Contracts
- A hitchhikers guide to solana program security
- Academic Smart Contract Papers
- All about Smart Contract & DApp Auditing
- All known smart contract-side and user-side attacks and vulnerabilities in Web3.0, DeFi, NFT and Metaverse + Bonus
- Architectural Design for Secure Smart Contract Development
- Awesome Ethereum Security
- Awesome On-Chain Investigations HandBook
- Awesome Tezos Security
- awesome-cryptoeconomics
- Beginners Guide to Smart Contract Auditing
- blockchain auditing
- Blockchain Security
- BlockSec Academy
- Bug Patterns in Solidity and Smart Contract Auditing
- Bug Patterns in Solidity and Smart Contract Auditing
- Building Secure Smart Contracts
- Coinbase Solidity Style Guide
- Composable Security security guide
- CryptoVulhub
- DeFi Security Lecture
- Demystifying Exploitable Bugs in Smart Contracts
- ethereum-security
- Hitchhiker's Guide to Security
- HolyTips
- Immunefi-bug-bounty-writeups-list
- Immunefi Proof of Concepts Repository
- Learn EVM Attacks
- opensensepw
- OriginProtocol security
- OSWAR
- OWASP Smart Contract Security
- Path Quest - The Attacker Mindset
- SC Exploits Minimized
- SCSVS v2
- SCSVS
- SCV-List
- Sealevel Attacks
- Secure Smart Contract Design Principles
- Security Audit | What Are the Common Characteristics of Recent Web3 Attacks, and How Can Projects Avoid These Issues?
- Security Review Readiness Guide
- Smart Contract Attack Vectors
- Smart Contract Security Best Practices
- Smart Contract Security
- Smart Contract Vulnerabilities
- Solana Auditing and Security Resources
- Solidity DevSecOps Standard
- Solidity Notes
- Solidity Patterns
- solidity-security-blog
- solidity-security-by-example
- Spearbit Armory
- SWC Registry
- The 4 External Call Attacks
- The Compendium
- The Secure Smart Contract Development Roadmap
- The Top 10 Most Common Vulnerabilities In Web3
- Tincho’s audit process
- Top Ten “Awesome” Security Incidents in 2023
- Top 10 blockchain hacking techniques of 2023
- TOP 10 real-life exploits Thread
- ultimate defi research base
- Ultimate List of Common DeFi Component Types
- Understanding Smart Contract Vulnerabilities
- Vulnerabilities every beginner Smart Contract Security Researcher should find
- Web 3 audit dump
- Web3 Audits, Bug-Bounties, CTFs: Introduction
- Web3 Resources
- web3 Security DAO
- Web3 Security Library
- Web3 Security Library
- wiki.r.security
- Zero Knowledge Mastery
- AquaDAO hack
- DAO Governance DeFi Attacks
- Election Fraud? Double Voting in Celer’s State Guardian Network
- Exploiting governance with metamorphic proposals
- Multi-block MEV and Compound Governor
- Swerve Finance Hack
- The Hidden Shortcomings of DAOs
- The Vulnerable Nature of Decentralized Governance in DeFi
- Tornado Cash governance exploit
- 6 security sins of Web3 bridges
- A COMPREHENSIVE GUIDE TO ARBITRUM AND ITS SECURITY FEATURES
- Aave V2 upgrade compatible issues
- Analysis & Remediation of the Precompile Attack on the Hedera Network
- Binance Bridge Hack in Layman’s Terms
- Bounty Program Helps Fix Contract Vulnerability
- Bridge Bug Tracker
- Bridge Bugs Overview
- bridge hacks
- Common Cross-Chain Bridge Vulnerabilities
- Cross-Chain Security with LayerZero Labs
- ERC 20 Bridge Security
- Ethereum Log Confusion in Polygon's Heimdall
- evmdiff
- Finding a Critical Vulnerability in Astar
- Heimdall Security Bug Fix Review
- l2 security framework
- L2 Security
- LayerZero trusted-party vulnerabilities
- Moonbeam, Astar, And Acala Library Truncation Bugfix Review
- Multichain Auditor
- rollup.codes
- Secure integration with LayerZero
- Security disclosure from Offchain Labs to OP Labs
- The Dark Side of DeFi: Cross-Chain Bridge Hacks
- You Could Have Found the Nomad Hack
- 0xBentoshi MEV resources
- AMM MEV BACKRUNNING
- Awesome MEV Resources
- awesome-mev-boost
- Awesome-MEV
- Dogetoshi MEV
- Flashbots youtube
- Flashbots
- Front-Running In Blockchain: Real-Life Examples & Prevention
- How To Reproduce A Simple MEV Attack
- How To Reproduce A Simple MEV Attack
- Intro to Smart Contract Security Audit — Front Running
- MEV bot exploit
- MEV Countermeasures: Theory and Practice
- MEV Related Threads
- MEV Research
- MEV Synthetix
- MEV zero to hero thread
- MEV_Research_Group
- NO BULLSHIT: GUIDE TO MEV
- Reversing a MEV Bot Example
- The 0 to 1 Guide for MEV
- The Mev Book
- Towards Stronger Blockchains: Security Against Front-Running Attacks
- Your Sandwich Is My Lunch: How to Drain MEV Contracts V2
- 0x0 Audits Hack
- 520 Token hack
- Allbridge Hack Analysis
- Anji Eco Hack Analysis
- awesome-oracle-manipulation
- babydoge exploit
- BentoBox v1 hack
- Block Forest
- Blockchain Oracle Design Patterns
- Blockchain Oracles: Their Importance, Types, And Vulnerabilities
- BONQDAO hack
- Cellframe Hack
- Chainlink Oracle DeFi Attacks
- Chainlink Oracle Security Considerations
- Chainlink security docs
- chainlink-interaction-security
- CS token
- Curve price oracle usage
- DD Coin
- Decoding Ovix Protocol’s $2 Million Exploit
- Decoding ROE Finance’s Flash Loan Exploit
- EDE Finance hack
- El Dorado Exchange exploit
- Elastic BNB
- Euler Finance Exploit Analysis
- FilDA Exploit Statement
- Flash Loan Attacks: Risks & Prevention
- Flash Loans and how to hack them: a walk through of ERC 3156
- ForTube Hack
- How Was NeverFall Project Exploited?
- Hundred Finance Hack
- Jimbos Protocol Hack
- LW Token Hack
- Market Manipulation vs. Oracle Exploits
- NXUSD Market Manipulation
- Ocean Life token hack analysis
- Post Mortem on SUSHI and YFI Incident
- Rodeo Finance exploit
- SushiSwap hack
- Synopsis Hack
- Tender Finance exploit
- Tender Finance Postmortem
- Themis exploit
- TWAP Oracles For Auditors
- UNMS Hack
- UwuLend hack writeup Daniel Von Fange
- WOOFi Exploit
- BEC Smart Contract Unlimited Token Transfer Vulnerability Analysis
- Learn attack vectors and explore H/M severity issues. Over/Underflow
- Poolz Finance Attacked
- Solidity Integer Overflow & Underflow
- Velocore Incident Post-Mortem
- A Historical Collection of Reentrancy Attacks
- A Vulnerability Perspective Analysis of Move Language Security — — Reentrancy Attacks and Permission Vulnerabilities
- All things reentrancy
- An analysis of Paraluni’s Exploit
- An Insight into the DAO Attack
- Analysis of OrionProtocol Reentrancy Attack
- Another Day, Another Reentrancy Attack
- Another Re-entrancy Attack
- Arcadia Finance $460k exploit
- Callback-Function Reentrancy Attacks in Solidity
- Cauldron V4 Post Mortem
- Conic Finance exploit
- Conic Finance post mortem
- Conic Finance-Detailed Hack Analysis
- Cosmos IBC Reentrancy Infinite Mint
- Cronos critical
- Cross-chain re-entrancy
- Cross-Contract Reentrancy Attack
- Cross-Contract Reentrancy Attack
- Cross-Contract Reentrancy explained thread
- Curve Finance Liquidity Pools Hack Explained
- Decoding Earning Farm’s $528k Exploit
- Decoding Sentiment Protocol’s $1 Million Exploit
- Details of Lendf.Me Reentrancy Attack
- dForce exploit
- DFORCE NETWORK
- DFX Finance Hack-Nov 10, 2022
- Dynamic Finance Hack Analysis
- EarningFarm Hack Analysis
- EraLend exploit
- Essential Auditing Knowledge | What is the Difficult-to-Guard “Read-Only Reentrancy Attack”?
- Exploiting Uniswap: from reentrancy to actual profit
- Finding a viper in the curved lawn
- Flash Loan & Reentrancy Attack: Analysis of Hundred and Agave Hack
- Flashloan + reentrance attacks, technical analysis about why OUSE lost $ 7 million
- Hack Analysis: Omni Protocol, July 2022
- Hoshiyari finds critical in ERC-4626 vault
- How to Escape Smart Contracts from The Clutch of Reentrancy Attacks?
- https://blog.solidityscan.com/starsarena-hack-analysis-e71d78704e85
- Intro to Smart Contract Security Audits | Reentrancy Attack
- Jarvis Network Flash Loan and Re-Entrancy Attack Analysis
- Jarvis Network Flash Loan and Re-Entrancy Attack Analysis
- Jarvis Polygon Pool Hack Analysis
- JAY Token Exploit
- JPEG’d Hack Analysis
- Libertify exploit
- Loss Exceeds $80M Due to Reentrancy Vulnerability in Contract: Beosin’s Analysis of the FeiProtocol Exploit
- Mainnet Re-Entrancy Flaw Exploited
- Multiple Projects Attacked Due to Vyper Reentrancy Vulnerability
- NFT contracts also have reentrancy risks: Analysis of Revest Finance hack
- OpenZeppelin Reentrancy Bugfix Review
- Orion Protocol exploit
- Orion Protocol Hack Analysis
- ORION PROTOCOL hack
- Paribus exploit
- Paribus Hack
- Platypus Stablecoin USP Hack Analysis
- Rari-Capital Re-entrancy Vulnerability Analysis
- Re-Entrancy Attacks
- Re-Entrancy
- Read-only reentrancy attacks: understanding the threat to your smart contracts
- read-only reentrancy thread
- Read-only Reentrancy: In-Depth
- Read-only Reentrancy: In-Depth
- Read-only reentrancyexplainer
- Reentrancy After Istanbul
- Reentrancy Attack on Cream Finance
- Reentrancy Attack: Analysis of Visor Finance’s Uniswap V3 Liquidity Protocol Hack
- Reentrancy Attack
- Reentrancy Attack
- Reentrancy Attacks on Smart Contracts Distilled
- Reentrancy
- Revest Finance Vulnerabilities
- Safeguarding Against Re-Entrancy Attacks
- Secure Smart Contract Development — Code Reentrancy in NFT Contracts
- Sentiment Hack Analysis
- Sentiment Hack
- SharkTeam: Analysis of Vyper Vulnerability Leading to Attacks on Projects like Curve and JPEG’d
- Single-Function Reentrancy Attacks in Solidity
- SlowMist: A brief analysis of the Akropolis attack
- SlowMist: Restore the truth about the Lendf.Me hacking incident
- Solidity Security By Example #05: Cross-Contract Reentrancy
- Sturdy Finance exploit
- The most famous attack in history: The Reentrancy Attack
- THE STARS ARENA HACK
- The Ultimate Guide To Reentrancy
- The Ultimate Guide To Reentrancy by Owen Thurm
- Top 10 Smart Contract Security Threats of Reentrancy Attacks
- TSTORE Low Gas Reentrancy
- Understanding Re-entrancy in Smart Contracts
- Uniswap Universal Router vulnerability
- Uniswap Vulnerability
- Unprotected Swap() Function: A ERC777 Reentrancy Vulnerability
- Vyper malfunctioning reentrancy locks
- Vyper Nonreentrancy Lock Vulnerability Technical Post-Mortem Report
- Vyper postmortem
- What Is A Re-entrancy Attack?
- WHAT IS A RE-ENTRANCY ATTACK?
- What is a Reentrancy attack?
- What Is a Reentrancy Attack?
- WHAT IS READ-ONLY REENTRANCY?
- When “SafeMint” Becomes Unsafe
- When “SafeTransfer” Becomes Unsafe
- Where to find solidity reentrancy attacks
- Deconstructing a Solidity Contract —Part I: Introduction
- DeGatchi on Reverse Engineering and MEV
- Disassembling EVM Bytecode
- Diving Into Smart Contract Decompilation
- EthTx Transaction Decoder
- evm.storage
- Jon Becker Interview On Reverse Engineering
- Online Solidity Decompiler
- REVERSE ENGINEERING A CONTRACT
- Reversing and debugging EVM Smart contracts
- Reversing The EVM: Raw Calldata
- AuditorsRoadmap
- Becoming a web 3 security researcher
- Bug Bounty Beginner's Roadmap
- DeFi Developer Road Map
- How to become a smart contract auditor
- How to become the Number 1 Auditor in Web3
- matta.’s Ethereum security road-map
- SlowMist-Learning-Roadmap-for-Becoming-a-Smart-Contract-Auditor
- Why are you not an Elite Smart Contract Security Researcher?
- balancer rounding error bugfix review
- Kankodu donation attack thread
- MIM_Spell attack
- Rate manipulation in Balancer Boosted Pools
- Rounding Errors For Auditors
- SwaposV2Pair
- wise lending hack analysis
- Checks while Hacks
- DeFi-anti-hack-checklist
- Ethereum smart contracts security recommendations and best practices
- Morpho Security Checklists
- Security Checklist
- Security Roadmap for Solana applications
- Simple Security Toolkit
- SlowMist: Web3 Project Security Practice Requirements
- smart-contract-auditing-heuristics
- SmartContracts-audit-checklist
- solcurity
- Solidity Checklist & Reentrancy Attack
- Solodit's Audit Checklist
- The Ultimate 100+ Point Checklist Before Sending Your Smart Contract for Audit
- The ultimate security checklist
- Trail of Bits Rekt Test
- Blockchain Security Course
- Cyfrin Updraft
- DeFi Hacks Reproduce & Academy
- DeFiVulnLabs
- Gateway Free Web3 Security Course
- learnEVM
- Node Guardians
- Peter's Solidity Recruitment Test
- rareskills Test
- Secureum
- security-and-auditing-full-course-s23
- Smart Contracts and Hacking 101
- Solana Security Workshop
- A Case for the Defense
- A Novel Collaborative Learning Framework to Detect Attacks in Transactions and Smart Contracts
- Crisis Handbook - Smart Contract Hack
- DeFi-anti-hack-checklist
- Establishing On-Chain Communication After an Incident
- Evaluating blockchain security maturity
- Francisco Giordano - Incident response at OpenZeppelin Contracts and how to be in the loop
- Gal Sagie - You got Hacked, now What?
- how to create a web3 security incident response plan
- How to Defend Your Castle | Innovative Trio in Smart Contract Security: Monitoring, Prevention, Defense
- How to not get hacked and other security lessons learned
- How to Set Up Your Own Forta/Erigon Node
- Monitoring & Incident Response
- Monitoring and Mitigation of Economic Risk
- morpho-security
- Preventative Security Tactics
- Securing Web3 Through Proactive Threat Prevention
- Security Defense For Smart Contracts
- Threat Modeling for Smart Contracts: Best Step-by-Step Guide
- What does a project need to do to stay secure?
- After Ethereum merge, beware of replay attacks
- Auditor’s Digest : The risks of EIP712
- Avalanche Protocol Signature Exploit: Part One
- Azuki DAO exploit
- B002: Solidity EC Signature Pitfalls
- Compact Signature malleability
- Decoding Azuki DAO Hack
- Don’t overextend your Oblivious Transfer
- ECDSA signature vulnerabilities
- Exploiting Signature Verification Vulnerabilities in Smart Contracts
- Frequent security risks on NFT trading platforms — Analysis of OpenSea & X2Y2 security incidents
- How to Steal User’s Signature in NFT Phishing Attacks
- How to verify a signature in a wrong way
- How was Multichain Exploited?
- Intro to Smart Contract Security Audit — Signature Replay
- Malleable Signatures
- NFT liquidity market security issues frequently occur— — Analysis of the hack of NFT trading platform Quixotic
- POLYNONCE: A TALE OF A NOVEL ECDSA ATTACK AND BITCOIN TEARS
- preventing replay attacks post ethereum merge
- Reveal the “Message’’ Replay Attacks on EthereumPoW
- SharkTeam: Analysis of the AzukiDAO Attack Incident
- SharkTeam: Move Language Security Analysis and Contract Audit Essentials — — The Replay Attack
- Signature Malleability thread
- Signature Replay Attacks
- Signature replay vulneribility
- Signature Replay
- Signature Replay
- SlowMist: Ethereum Smart Contracts Replay Attack Details Analysis
- SlowMist: Key to the Theft of 20 Million OP Tokens
- Top-10 Vulnerabilities in Substrate-based Blockchains Using Rust
- Transaction Replay + Management Vulnerability
- Understanding Signature Replay Attack
- 4naly3er
- Audit wizard
- Auditor toolbox
- Awesome Advanced Smart Contracts Testing and Verification
- awesome smart contract analysis tools
- Caracal
- Certora prover
- Chain Walker
- Circomscribe
- Contract Diff Tool
- contract_grabber
- Decompile Bytecode
- DeFi Detective
- Diffusc
- Diffyscan
- echidna
- erever
- Etheno
- EtherSolve
- evm hound rs
- EVM Toolkit
- EVM-SMT solver
- forge-gas-metering
- Forta Bot Templates
- Forta Starter Kit Bot Details
- forta-agents
- forta-bot-examples
- Foundry Gas Diff
- Foundry Multibuild
- Fuzz introspector
- fuzzlib
- gambit
- Generate Foundry Fork Test from Attack Transaction
- halmos
- Heimdall-rs
- ityfuzz
- kontrol
- MadMax
- Manticore
- Masamune
- Medusa
- MEV Toolkit
- mev-inspect-py
- Napalm
- necessist
- Online ABI Encoder
- Optik
- Pakala
- ProMutator
- Pyrometer
- Rattle
- ReSuMo
- scrapyFi
- Scribble
- Semgrep rules for Compound
- Semgrep rules for smart contracts
- Sleuthing Toolbox
- Slither
- Slitherin
- Smart Contract Auditor Tools and Techniques
- Smart Contract Storage HexViewer
- SmartCheck
- Smartian
- Solhunt
- Solidity Mutation Testing
- solstat
- SuMo-SOlidity-MUtator
- Tayt
- Thread about The Secureum Kontrol workshop
- Theo
- Transaction Tracer
- tx coverage
- universalmutator
- vertigo-rs
- Vyper Halmos
- Vyper Interface Scanner
- WhatsABI
- Whitehacks Kit
- yools
- A Comprehensive Survey of Upgradeable Smart Contract Patterns
- Astaria vulnerability disclosed
- Awesome Diamonds
- Critical Bug Identified in 88mph
- diamond storage walkthrough by banteg
- Foundation NFT contracts vulnerability disclosed
- pashovkrum deep-div
- Security Guide to Proxies
- Upgradeable proxy contract from scratch
- Upgradeable Smart Contracts (USCs): Exploring The Concept And Security Risks
- All your staking rewards are belong to us
- Analysis of hacking incidents of NFT lending protocol XCarnival
- Analysis of the Hedgey Finance Exploit
- Astrid Finance exploit
- Aurora rainbow bridge withdrawal logic bug
- Balancer Logic Error Bugfix Review
- Beanstalk Insufficient Input Validation Bugfix Review
- Beanstalk Logic Error Bugfix Review
- Beosin’s Analysis of the Arbitrum-based TreasureDAO exploit
- Blur NFT platform bug allows old bids to be accepted
- BRA Token Hack Analysis
- Decoding Deus DAO $6.5 Million Exploit
- DEXIBLE hack
- Exactly Protocol exploit
- Feed Every Gorilla hack
- Flash Loan Attack on TINU Token
- From the vulnerability incident of APE airdrop, what is the security situation of NFT?
- Helping Secure BNB Chain Through Responsible Disclosure
- Jump Satoshi Token Backdoor
- LendingHub hack
- Logic Error Bug Fix Review
- NFTCloud
- OMNI Real Estate Token Exploit
- Phantom Functions and the Billion-Dollar No-op
- phyProxy hack
- Pike USDC Withdrawal Vulnerability
- Platypus Finance Incident Post-Mortem
- PrismaRisk Post Mortem
- Quaternion
- Retrospecting Arbitrary Position Cancellation Vulnerability in Perpetual Protocol
- Revert Finance
- Sewer Pass Flash Claim Vulnerability
- Shata Capital exploit
- The bug that codearena missed, twice
- Thoreum Finance Smart Contract Vulnerability
- Trust The Trident Hack
- UF DAO hack
- Unibot router exploit
- Uniswap's SwapRouter doesn't refund unspent ETH in partial swaps
- Upswing hack
- USDs Feb 3 Exploit Report
- XCarnival NFT lending protocol vulnerability analysis
- A Primer on Exploiting ZK Circuits
- a16z zkDocs
- Algebraic Attacks on ZK-Friendly Hash Functions
- Awesome zero knowledge proofs
- Awesome Zero Knowledge
- Awesome zkEVM
- awesome-starknet: security
- Aztec Connect Claim Proof Bug
- Cairo and StarkNet Security
- Circom-pairing library vulnerability
- Circuit Audit: Are Redundant Constraints Really Redundant?
- Common Zero-Knowledge Proof Vulnerabilities
- Exploring Cairo: A Security Primer
- Exploring Tornado Cash In-Depth to Reveal Malleability Attacks in ZKP Projects
- Weak Fiat-Shamir Attacks on Modern Proof Systems
- Ingopedia
- Practical Security Analysis of Zero-Knowledge Proof Circuits
- Security Concerns for Zero-Knowledge Proofs in Blockchain
- SlowMist: Exploring the Frozen Heart Vulnerability in the Fiat-Shamir Scheme
- The zero-knowledge attack of the year might just have happened, or how Nova got broken
- TOB zk blog posts
- Trail of Bits zkdocs
- Uncovering a ZK-EVM Soundness Bug in zkSync Era
- Verichains Finds critcal in Polygon zkEVM
- Vulnerability in the 0xPolygon zkEVM
- Welcome to the ZK Jargon Decoder
- ZeroValidation
- ZK Bug Tracker
- zk security reviews
- ZK Vulnerabilities: Sharp rocks hidden in deep water
- ZKP Series: Principles and Implementation of Extensibility Attacks on Groth16 Proofs
- ZKP Series: Pseudonym Input Vulnerability in Circom’s Verification Contract has Been Replicated
- ZKP-Resources: zkp-security
- ZKSECURITY
- zkSync Era transfer Bug