Awesome-web3-Security
A curated list of web3 Security materials and resources For Pentesters and Bug Hunters.
Vulnerable Web3 CTFs
- Capture the Ether
- The Ethernaut
- Damn Vulnerable DeFi
- Security Innovation Blockchain CTF
- GOAT Casino
- Paradigm CTF
- Blocksec CTFs
- ciphershastra CTF
- DeFiVulnLabs
- QuillCTF
- Vulnmachines - Blockchain hacking
Common Vulnerabilities in Smart contracts MindMap
Open the mindmap in Xmind
How to become a smart contract auditor?
Open the MindMap
Web3 Security Tools
Open the MindMap Check the Quillhash Web3-Security-Tools Repo for more details
Check Remix Ethereum project here: https://remix-project.org/ (The Remix Project is a rich toolset which can be used for the entire journey of contract development by users of any knowledge level, and as a learning lab for teaching and experimenting with Ethereum.)
Web3 blogs and postmortem reports
- Immunefi Medium
- Openzeppelin Blogs
- QuillAudits Blogs
- Solidity Scan Blogs
- Beosin
- Neptune Mutual
- BlockSec
- CertiK
- mouse-run
Crypto Bug Bounty Platforms
Web3 Security Newsletter
Complete Collection of Hacks, Trends, Resources
Web3 Security Conference Talks and Videos
- Overview of Web3 Smart Contract Hacking | IWCON-S22 Talk by Duncan Townsend
- hat Ethereum Smart Contract Hacking Looks Like by LiveOverFlow
- The Web3 Security Mindset with Corey Petty
- Security and Vulnerabilities in Web3 - Harry Papacharissiou
- Web3 Security Playlist
- Unstoppable - Damn Vulnerable DeFi | CTF
- Smart Contract Hacking - 0x0C - Attacking Authorization with Web3.js
- How to Audit a Smart Contract | Can you find the Solidity Security Vulnerabilities?
- Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript – 32-Hour Course
// To be updated!
Resources to learn Solidity
- https://cryptozombies.io/
- https://www.learnweb3.io/
- https://www.smartcontract.engineer/
- https://solidity-by-example.org/
- https://www.web3.university/
- https://www.useweb3.xyz/
Smart Contract Security Audit Reports
- Chainsulting
- Code4rena Audit Reports
- Consensys Audit Reports
- QuillAudits Audit Reports
- Spearbit Audit Reports
- iskdrews
- Sherlock
- Avastars Smart Contract Audit Public Report
- KubixSquare audit
- lemonade-audits
- Techrate
- interfinetwork
- Decentraland audit
- Tech-Audit
- Sifchain
- Complete List of Security Audit Reports
Smart Contract Security Certifications
- Certified Blockchain Practitioner (CBP) Use the coupon code 100-OFF to get 100% discount
- Certified Blockchain Security Professional (CBSP))
// To be updated! // RoadMap to be added
A star to the repo would be fantastic