SOCIAL-MTHRFCKR

Zefram's Personal Blog

Blog on Ethereum smart contracts, Solidity and Dapps secure development

A curated list of EVM resources for aspiring shadowy super coders.

A curated list of free, high quality, on-demand resources for learning & building web3 & blockchain applications, with a focus on independent creators. In addition to educational resources, Ive included links to various resources like DAOs, grants programs, networks, tools, and protocols.

We recently received a user report regarding abnormal position value loss in Alpha Homora V2 on Ethereum after the position was opened. Looking at the transaction details, the slippage control values correctly reflected the 1% tolerance, but the LP value still did not conform. So whats going on? In

Financial markets. Click to read Kyrian Alex's Newsletter, by Kyrian.sol , a Substack publication with hundreds of readers.

Welcome to Immersion Den, your best friend in the new Exponential Age.

TBD

A blog about blockchains and smart contracts development

Devpill.me - A Public Good Blockchain Development Guide - GitHub - dcbuild3r/blockchain-development-guide: Devpill.me - A Public Good Blockchain Development Guide

Howdy I hope you all are doing well and fine! Welcome to the awesome world of Blockchain Security. As promised in my introductory Genesis 0x00 post, I am back with the first edition of our Genesis Series. For those who dont know what Genesis is; Lets do a quick introduction to this series. Genesis is a series of weekly articles on Blockchain Security, which will include interesting topics such as Blockchain basics, Blockchain Development, Ethereum 101, Building Dapps, Common vulnerabilities in smart contracts, Auditing Solidity source code, Static analysis of Smart contracts, latest news and the future state of DeFi. Building vs Breaking Without knowing how an application/protocol/framework is built or structured, we cannot proceed further with its security audit or find any vulnerabilities in it, however, If you do manage to find actual vulnerabilities in a smart contract or any blockchain protocol, without having any prior knowledge of how it is built and structured; You were just throwing arrows in the dark, and got lucky. To a great extent, your ability to break into an application is directly proportional to your understanding of how that application is built and structured, that said we will be focusing on blockchain development before we jump to the security aspects related to it. This article will be laying down a path/roadmap for us, following which we will enter into the field of Blockchain Security together . All you need is the plan, the road map, and the courage to press on to your destination. - Earl Nightingale The only Roadmap you need This Roadmap is not exhaustive, but it is organized and covers all rudimentary topics that one needs to know in order to get into the field of Blockchain Security. It also acts as a guide to our future articles in Genesis Series. Note: I handpicked these topics and links to the resources listed below, all of these resources are 100% free. In my coming articles in the Genesis Series, we will be starting from Blockchain Basics (skipping rudimentary topics such as basics of internet, Web2.0 security, etc). Elementary Topics: Familiarity with Linux OS. Understanding of commonly used bash commands. Understanding of version control systems such as Git ,Github, Gitlab , etc. What is CI/CD pipeline. JavaScript. Python. Good understanding of Object Oriented programming. Familiarity with Package Managers (npm, yarn, pnpm, pip). Basics of Internet: Good understanding of Networking concepts. How a Web Browser works. What is DNS (What happens behind the scenes when you type google.com in web browser). What is HTTP Protocol and how it works. What are HTTP Request and Response headers. What is RPC Protocol. Familiarity with Browsers developer tools. Web2.0 (how a typical Web2.0 application is packaged and deployed). Existing Authentication/Authorization models in Web2.0 applications. SSO Single Sign On OAuth Open Authorization JWT Authentication Token Based Authentication Session Based Authentication Basic Authentication What is HTTP Caching. Web 2.0 Security: OWASP Top 10: Broken Access Control vulnerabilities. Cryptographic Failures. Injection vulnerabilities. Insecure Design. Security Misconfigurations. Vulnerable and Outdated Components. Identification and Authentication Failures. Software and Data Integrity Failures. Security Logging and Monitoring Failures. Server-Side Request Forgery. Basics of Blockchain: What is Asymmetric Cryptography. What is Elliptic Curve Cryptography. Understanding of commonly used words in Blockchain world, such as Programmable, Distributed, Decentralized, Immutable, Unanimous, Time-Stamped, etc. Bitcoin Whitepaper. What is Double-spending problem and how bitcoin solves it. What is Consensus Algorithm. Proof of work vs Proof of stake. What is Bitcoin Mining and how ASIC is better than regular mining gig. What is 51% Attack. Basics of Ethereum: What is Etheruem. Why Etheruem is termed as World Computer. How Ethereum is different from its predecessor blockchains. What is Ethereum Protocol and how it works. The Ethereum Foundation and the ether presale What is Ether Currency. What are transactions in ethereum ecosystem. What are different types of accounts (EOAs vs contract accounts). Wallets and Ethereum clients. Public Key vs Private Key. What is Gas. What is Mining. What is a block explorer. What are different types of networks in ethereum (Mainnet vs Testnet). What are EIPs. What are ERC standards. What is ERC20 Standard. What is ERC721 Standard. What is Turing Completeness. What is Ethereum Virtual Machine(EVM). What are Smart Contracts. Ethereum Higher Level languages (Solidity, Vyper, LLL, Serpent). Understanding Solidity What is Solidity. What is Remix IDE. What are different Data Types in Solidity (Boolean, Integer, Fixed point, Address, Byte array, Enum, Arrays, Struct, Mapping, Time units, Ether units). What are Predefined Global Variables and Functions (msg.sender, msg.value, msg.gas, msg.data, msg.sig, etc). Error handing in Solidity. What is Ethereum Contract ABI. Life Cycle of Smart Contract. Compiling, testing, Deploying smart Contracts. What is JSON RPC. Interacting with smart contracts using an external library such as web3.js or web3.py Frameworks for Ethereum development: Truffle Suit (Truffle, Ganache, Drizzle). Brownie (written in Python). Infura. Openzeppelin. Dapptools Smart Contract Security: Visualization Tools: Solidity Visual Developer Surya Solgraph EVM Lab ethereum-graph-debugger Piet Linters and formatters: Ethlint. Prettier + Solidity Plugin. Solhint. Common Vulnerabilities in Smart contracts: What is Reentrancy. What is Junk code (Code With No Effects). What is Unencrypted Private Data On-Chain. What is Integer Overflow and Underflow. What is Floating Pragma. What is Unchecked Call Return Value. What is Unprotected SELFDESTRUCT Instruction. State Variable Default Visibility. What is Uninitialized Storage Pointer. Use of Deprecated Solidity Functions. DoS with Failed Call. Authorization through tx.origin Signature Malleability. Weak Sources of Randomness from Chain Attributes. Lack of Proper Signature Verification. Missing Protection against Signature Replay Attacks. Insufficient Gas Griefing. DoS With Block Gas Limit. Hash Collisions With Multiple Variable Length Arguments. Message call with hardcoded gas amount. Oracle Manipulation. Static and Dynamic Analysis: Oyente Octopus Vertigo MythX Mythril Slither Echidna Blockchain CTFs: Openzeppelins Ethernaut. Damn Vulnerable DeFi. Smart Contract CTF. Capture the Ether. GOATCasino. Paradigm CTF. Bug Bounty Platforms with Crypto Programs: Immunefi HackerOne Bugcrowd The future of Ethereum: What is Ethereum 2.0. Bonus For your convenience in tracking your progress while following the above roadmap, I am sharing a publicly readable version of my Notion notes, which you can copy it to your own Notion notebook as a template for tracking your progress. Link to my notion notebook can be found here. Additional Resources Ethereum Homestead Documentation Ethereum Community guides and resources Solidity Documentation Solidity, Blockchain, Smart Contract Course DeFi Developer Road Map That was all from my side in this article; See you very soon in Genesis 0x02, Keep warm, stay hydrated and have good day ahead :) Want to support my work? If you think my work has added some value to your existing knowledge, then you can Buy me a Coffee here (and who doesnt loves a good cup of coffee?) Newsletter Subscribe to Genesiss Newsletter to get future articles/updates/blockchain-related news directly in your mailbox.

Everything DeFi. Click to read DeFi Education, a Substack publication with tens of thousands of readers.

A new tool that blends your everyday work apps into one. It's the all-in-one workspace for you and your team

Christoph Michel's blog about software engineering and business.

Blog About Building & Breaking things.

ZeroDayLab Information Security Services: Ethical Hacking, Consulting, Education & Training, Governance, Risk & Compliance, Incident Response & Cyber Solutions, CREST Member.

Trace Labs is a nonprofit organization whose mission is to accelerate the family reunification of missing persons while training members in the tradecraft of open source intelligence (OSINT).

Third Eye OSINT publishes enlightened commentary on geopolitics. The articles will always reflect a pro-American personal viewpoint, because the author is a loyal citizen of the United States of America. This blog is a wholly-owned project of Alfidi Capital.

public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches,Media, print newspapers, magazines, radio, and television from across and between countries. Internet, online publications, blogs, discussion groups, citizen media (i.e. cell phone videos, and user created content), YouTube, and other social media websites (i.e. Facebook, Twitter, Instagram, etc.). This source also outpaces a variety of other sources due to its timeliness and ease of access. Public Government Data, public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches. Although this source comes from an official source they are publicly accessible and may be used openly and freely. Professional and Academic Publications, information acquired from journals, conferences, symposia, academic papers, dissertations, and theses. Commercial Data, commercial imagery, financial and industrial assessments, and databases,Grey literature, technical reports, preprints, patents, working papers, business documents, unpublished works, and newsletters.E-mail: support@osint.ltd

OSINT Combine provides leading edge training in online investigations, online safety, open source intelligence to help you find, understand and take action using open source information!

The National Child Protection Task Force, a registered 501(c)(3), was founded to provide detectives, analysts and officers access to investigative expertise and resources that are unavailable or under-funded in most law enforcement organizations.

Specialised intelligence training from an industry professional. Training available in Intelligence Analysis and Open-Source Intelligence (OSINT).

Nico Dekens OSINT Specialist alias The Dutch OSINT Guy is certified SANS Institute instructor and author. He teaches SEC487 and SEC587 Open-source intelligence gathering and analysis courses. Nico's work includes Online Investigations, Keynotes, Workshops, Consultancy, Cyber Threat Intelligence for clients all around the world.