Auditing

Gas optimization in Ethereum is re-writing Solidity code to accomplish the same business logic while consuming fewer gas units in the Ether

About the Spearbit Promotion Process, roles and responsibilities. The goal of this document is to outline Spearbit’s promotion process, define roles and responsibilities, and guide transparency. In...

This Repository contains list of Common NFT Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project. - GitHub - Quillhash/NFT-Attac...

Learn Solidity & Web 3 concepts on Node Guardians. An RPG-like experience to level up your programming game.

An AI-powered Solidity Smart Contract Auditor that uses AI to analyze and audit smart contract code, finds errors and vulnerabilities, and provides detailed reports for secure and error-free smart contracts.

Proxies Research Compilation

Explore the fundamentals of security and auditing in the smart contract space. In this video, you can learn about key tools like Slither, Echidna, and Mythri...

From time to time, I receive messages asking me for advice on how to get started as a smart contract security auditor. While there are…

Generate graph of Solidity smart contract with VS Code extension #Solidity #SmartContract #Ethereum #スマートコントラクト Take a course https://www.smartcontract.engineer/ Follow https://odysee.com/@SmartContractProgrammer:8 https://twitter.com/ProgrammerSmart https://discord.gg/bt8FK2wkcW https://t.me/smartcontractprogrammer https://smartcontractprogrammer.com

Auditz - The fastest way to scan smart contracts for vulnerabilities. Get a full detailed report including contract description, vulnerabilities, compliance, security recommendations, and live monitoring in minutes.

Central Repository for the Epoch 0 coursework and quizzes. Contains all the content, cross-referenced and linked. - x676f64/secureum-mind_map: Central Repository for the Epoch 0 coursework and qui...

👋 Howdy I hope you all are doing well and fine! Welcome to the awesome world of Blockchain Security. As promised in my introductory Genesis 0x00 post, I am back with the first edition of our Genesis Series. For those who don’t know what Genesis is; Let’s do a quick introduction to this series. Genesis is a series of weekly articles on Blockchain Security, which will include interesting topics such as Blockchain basics, Blockchain Development, Ethereum 101, Building Dapps, Common vulnerabilities in smart contracts, Auditing Solidity source code, Static analysis of Smart contracts, latest news and the future state of DeFi. 🏗️🔨 Building vs Breaking Without knowing how an application/protocol/framework is built or structured, we cannot proceed further with its security audit or find any vulnerabilities in it, however, If you do manage to find actual vulnerabilities in a smart contract or any blockchain protocol, without having any prior knowledge of how it is built and structured; You were just throwing arrows in the dark, and got lucky. To a great extent, your ability to break into an application is directly proportional to your understanding of how that application is built and structured, that said we will be focusing on blockchain development before we jump to the security aspects related to it. This article will be laying down a path/roadmap for us, following which we will enter into the field of Blockchain Security together 🤝. All you need is the plan, the road map, and the courage to press on to your destination. - Earl Nightingale ✔️The only Roadmap you need This Roadmap is not exhaustive, but it is organized and covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security. It also acts as a guide to our future articles in Genesis Series. Note: I handpicked these topics and links to the resources listed below, all of these resources are 100% free. In my coming articles in the Genesis Series, we will be starting from Blockchain Basics (skipping rudimentary topics such as basics of internet, Web2.0 security, etc). Elementary Topics: Familiarity with Linux OS. Understanding of commonly used bash commands. Understanding of version control systems such as Git ,Github, Gitlab , etc. What is CI/CD pipeline. JavaScript. Python. Good understanding of Object Oriented programming. Familiarity with Package Managers (npm, yarn, pnpm, pip). Basics of Internet: Good understanding of Networking concepts. How a Web Browser works. What is DNS (What happens behind the scenes when you type google.com in web browser). What is HTTP Protocol and how it works. What are HTTP Request and Response headers. What is RPC Protocol. Familiarity with Browser’s developer tools. Web2.0 (how a typical Web2.0 application is packaged and deployed). Existing Authentication/Authorization models in Web2.0 applications. SSO — Single Sign On OAuth — Open Authorization JWT Authentication Token Based Authentication Session Based Authentication Basic Authentication What is HTTP Caching. Web 2.0 Security: OWASP Top 10: Broken Access Control vulnerabilities. Cryptographic Failures. Injection vulnerabilities. Insecure Design. Security Misconfigurations. Vulnerable and Outdated Components. Identification and Authentication Failures. Software and Data Integrity Failures. Security Logging and Monitoring Failures. Server-Side Request Forgery. Basics of Blockchain: What is Asymmetric Cryptography. What is Elliptic Curve Cryptography. Understanding of commonly used words in Blockchain world, such as Programmable, Distributed, Decentralized, Immutable, Unanimous, Time-Stamped, etc. Bitcoin Whitepaper. What is Double-spending problem and how bitcoin solves it. What is Consensus Algorithm. Proof of work vs Proof of stake. What is Bitcoin Mining and how ASIC is better than regular mining gig. What is 51% Attack. Basics of Ethereum: What is Etheruem. Why Etheruem is termed as World Computer. How Ethereum is different from its predecessor blockchains. What is Ethereum Protocol and how it works. The Ethereum Foundation and the ether presale What is Ether Currency. What are transactions in ethereum ecosystem. What are different types of accounts (EOAs vs contract accounts). Wallets and Ethereum clients. Public Key vs Private Key. What is Gas. What is Mining. What is a block explorer. What are different types of networks in ethereum (Mainnet vs Testnet). What are EIPs. What are ERC standards. What is ERC20 Standard. What is ERC721 Standard. What is Turing Completeness. What is Ethereum Virtual Machine(EVM). What are Smart Contracts. Ethereum Higher Level languages (Solidity, Vyper, LLL, Serpent). Understanding Solidity What is Solidity. What is Remix IDE. What are different Data Types in Solidity (Boolean, Integer, Fixed point, Address, Byte array, Enum, Arrays, Struct, Mapping, Time units, Ether units). What are Predefined Global Variables and Functions (msg.sender, msg.value, msg.gas, msg.data, msg.sig, etc). Error handing in Solidity. What is Ethereum Contract ABI. Life Cycle of Smart Contract. Compiling, testing, Deploying smart Contracts. What is JSON RPC. Interacting with smart contracts using an external library such as web3.js or web3.py Frameworks for Ethereum development: Truffle Suit (Truffle, Ganache, Drizzle). Brownie (written in Python). Infura. Openzeppelin. Dapptools Smart Contract Security: Visualization Tools: Solidity Visual Developer Surya Solgraph EVM Lab ethereum-graph-debugger Piet Linters and formatters: Ethlint. Prettier + Solidity Plugin. Solhint. Common Vulnerabilities in Smart contracts: What is Reentrancy. What is Junk code (Code With No Effects). What is Unencrypted Private Data On-Chain. What is Integer Overflow and Underflow. What is Floating Pragma. What is Unchecked Call Return Value. What is Unprotected SELFDESTRUCT Instruction. State Variable Default Visibility. What is Uninitialized Storage Pointer. Use of Deprecated Solidity Functions. DoS with Failed Call. Authorization through tx.origin Signature Malleability. Weak Sources of Randomness from Chain Attributes. Lack of Proper Signature Verification. Missing Protection against Signature Replay Attacks. Insufficient Gas Griefing. DoS With Block Gas Limit. Hash Collisions With Multiple Variable Length Arguments. Message call with hardcoded gas amount. Oracle Manipulation. Static and Dynamic Analysis: Oyente Octopus Vertigo MythX Mythril Slither Echidna Blockchain CTFs: Openzeppelin’s Ethernaut. Damn Vulnerable DeFi. Smart Contract CTF. Capture the Ether. GOATCasino. Paradigm CTF. Bug Bounty Platforms with Crypto Programs: Immunefi HackerOne Bugcrowd The future of Ethereum: What is Ethereum 2.0. ✨ Bonus For your convenience in tracking your progress while following the above roadmap, I am sharing a publicly readable version of my Notion notes, which you can copy it to your own Notion notebook as a template for tracking your progress. Link to my notion notebook can be found here. Additional Resources Ethereum Homestead Documentation Ethereum Community guides and resources Solidity Documentation Solidity, Blockchain, Smart Contract Course DeFi Developer Road Map That was all from my side in this article; See you very soon in Genesis 0x02, Keep warm, stay hydrated and have good day ahead :) 💌 Want to support my work? If you think my work has added some value to your existing knowledge, then you can Buy me a Coffee here (and who doesn’t loves a good cup of coffee?) Newsletter Subscribe to Genesis’s Newsletter to get future articles/updates/blockchain-related news directly in your mailbox.

Resources and complementary educational material to start your journey in security and hacking of smart contracts in Ethereum.