Source at wiki.r.security

Gaining the most elusive of tips. Add your input and let's collect them all!

1. Did you know that you can utilize VSCode on your iPad (preferably with a Magic Keyboard) using the Blink App? If not, watch the following video! I hope you find this tip useful in your work!
2. Clone any project, then upload extension into vscode, 2nd link -> add key from sourcegraph, select the contract and the AI analyzes the structure of your project for you! Check out this example!
3. Try auditwizard.io - revolutionize your workflow today!
4. Check out pre-built security properties for commonly forked DeFi protocols.
5. MEV / Sandwich / Front-run & Back-run: Compilation & advanced info.
6. Try Slither Detectors by Pessimistic.io & check out SolCurity.
7. Give a try: Pyrometer & Sporalyzer.
8. Explore Web3 with full confidence guarded by Web3Antivirus security browser extension & learn evm attacks! Consider auditing as part of a team.
9. Try using obsidian.md for notes!, set it up correctly & check out Audit Quality!
10. Check out R.xyz (link!) and apply for a closed beta (here)!
11. Follow my own blog & Hexens' blog!
12. This project was created to support Code4rena Bot Races with useful stats and tools. Read more about it here & try 4naly3er!
13. Bot Racing: The Rise of Web3 Bots. & Code4Rena Bot Racing explained!
14. Check out GasBad which is an open-source project that evaluates gas efficiency in Solidity libraries!
15. Try out this tool - it scans constructor of solidity smart contract for checks to zero address.
16. DeFi Common Fork Bugs List.
17. There was also an incredible tool, and I really like this idea, since it is probably a logical continuation of an old script and this service, but this is actually lot better than another simulator (it probably uses simulation like in this list).
18. Try using Semgrep rules for smart contracts based on DeFi exploits!
19. Complete this set of tasks!
20. Check out this curated list of web3Security materials and resources For Pentesters and Bug Hunters!
21. Let's break down such a concept as mind-mapping - study this list & check out AuditorsRoadmap mind-map!
22. Explorer Bookmark is a fantastic VS Code extension for all the code4rena Wardens, Sherlockdefi Watsons, and CodeHawks Hawks out there. No more struggling to find contracts in scope among a sea of others. With this extension, you can easily collect in one place and access all the contracts within the scope of your audit. Enjoy a more streamlined workflow!
23. Also use the "Hide Comments" VSCode extension when auditing. It helps you cut through the noise, remain unbiased and focus on what the code truly does! Study audits anomalies archive.
24. Use the "Solidity Visual Developer" extension which comes with the @audit, @audit-info, @audit-ok, @audit-issue to categorize your notes!
25. Also Use Inline Bookmarks VSCode Extension by ConsenSys Audits to organize all your audit comments & findings! Thoroughly document/explain each function using simple language to reason about it.
26. How To Learn Fast? | How to make better decisions?

• glide.r
• sol2uml
• tx2uml
• EVM - Draw & link
• openchain.xyz
• Vscode Solidity Inspector
• EVM Slot Reader
• heimdall-rs
• EVM Bench
• Function Selector Miner
• explorer.swiss-knife.xyz
• Solhunt
• Solsec
• Gas Gauge
• ityfuzz
• evmdiff.com
• contract-diff.xyz
• x48.tools/diff
• bytegraph.xyz
• lcov-parse
• EVM cfg
• Check external calls in a contract
• evm.storage
• contractreader.io
• Tatum Explorer
• cadcad.org
• With this tool you can search across a half million git repos!
• Hardhat Gas Reporter
• Get Ethereum block number by a given date.
• Hardhat plugin for exporting the contract storage layout.
• Allowing smart contract developers to do simulation driven development via an EVM emulator.
• Memory Strux
• tecommons.org
• Octopus
• Solidity rlp Encode
• Dune to CSV
• Duneanalytics Tools
• machinations.io
• tenderly.co
• impersonator.xyz
• A 4-hr smart contract fuzzer speed run.
• Fuzzing cryptographic libraries. Magic bug printer go brrrr.

• Navigation Page
• BalancerV1 Integration Tips
• Meta-Transactions: General Overview
• CurveV1 Integration Tips
• Auditing Projects on the NEAR Blockchain: From Zero to Hero
• Reentrancy Attacks on Smart Contracts Distilled
• Gas Gauge: Pressure Control
• Short Types in Solidity: Rare Tricks Uncovered
• Fuzzing Solidity Smart Contracts with Echidna: Die-Hard Level Tips
• Slither: An Auditor’s Cornucopia
• Per Aspera ad Astra: How to become a smart contract auditor & bugbounty-hunter
• Tenderly App — a Swiss Pocketknife for the Web3 developer
• Convex Finance DeFi Integration Tips
• Auditing Tips for NFT Projects
• AAVE V3 DeFi Integration Tips
• AAVE V3 DeFi Integration: Specifications
• Slitherin Timeline 2.0
• Compound v2 DeFi Integration: Specifications
• Compound v2 DeFi Integration Tips
• Oracles, Entropy & Chainlink VRF Secure Integration Tips
• Chainlink VRF Secure Integration Tips: Specifications
• Auditor’s Notes: Semantic Grep & Solidity
• Price & Reward Manipulation Attacks Distilled
• Read-only Reentrancy: In-Depth
• Web3 Security Distilled
• Arbitrum: Basic Features, Technical Details and Differences from Ethereum
• AMM (Automatic Market Makers) Integration Tips
• Web3 Security Distilled 2.0
• Auditor’s Notes: Semantic Grep & Solidity 2.0
• Auditor’s Notes: ERC20 Integration Tips
• Auditor’s Advice: Math, Solidity & Gas Optimizations | Part 1/3
• Auditor’s Advice: Solidity Checklist & Reentrancy Attack | Part 2/3
• Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3
• Auditor’s Notes: Initializing, Proxy, Oracles & Multi-Chain
• Auditor’s Notes: Tokens, EIP-712 & Meta-Transactions
• Remediate Web3: R.xyz
• Arbitrary Calls & New Slitherin Detector Release

• DeFi Developer Road Map
• Awesome On-Chain Forensic HandBook
• Ultimate DeFi & Blockchain Research Base
• The Atypical OSINT Guide

• MVP for OpSec
• The ultimate framework to best secure your Dapp and optimize the money spent on security reviews.
• Zk Proofs Explained
• On Bitcon Custody...
• Join my TG folder!
• The Ultimate Security Checklist
• Easy Quick Start Guide: Сrypto Data Analytics by 0xdatawolf
• All About Tenderly Sandbox
• Vault Math - How much shares to mint? How much token to withdraw?
• Tools for Solidity Extension
• Pen-Testing on Android and MacBook
• In-line file import suggestions with Foundry remapping support
• Foundry Cheatsheet
• Yet Another Audit DB
• Template repository intended to ease fuzzing components of Solidity projects, especially libraries.
• An interactive Solidity shell with lightweight session recording and remote compiler support.
• Gas Numbers Every Solidity Dev Should Know!
• This repository contains projects implementing both low-level and high-level concepts of Solidity in an incremental learning pattern!
• Learn how to build on Ethereum; the superpowers and the gotchas.
• This is a course for hackers, programmers, and software engineers who learn by doing!
• Smart Contracts Security by Ethereum.org
• Re-entrancy Attack Patterns List
• This project aims to curate a comprehensive list of independently hosted bug bounty programs within the Web3 ecosystem that offer substantial rewards, with payouts ranging into six figures.
• To learn common smart contract vulnerabilities using Foundry!
• The difference between Auditor and Security Researcher
• This Repository contains list of Common NFT Attack Vectors.
• NFT Attacks List
• Single-command flamegraph profiling Tool
• High Severity Findings List
• An Ethers.js compatible signer that connects to AWS KMS.
• Ethereum EVM illustrated
• Blockchain dark forest selfguard handbook. Master these, master the security of your cryptocurrency.
• Smart Contract Security Verification Standard
• Immunefi PoC Templates
• Foundry Forge Coverage
• Audit Techniques & Tools 101
• State of the art of detection evasion, for web3 malware.
• EEA EthTrust Security Levels Specification v1
• Flash Crash for Cash: Cyber Threats in Decentralized Finance
• This repo contains a comprehensive list of smart contract auditor tools and techniques that can be utilized by both smart contract auditors and blockchain developers for developing secure smart contracts
• Robust, open-source contract verification for the EVM.
• Roadmap for Web3/Smart Contract Hacking | 2022
• Information about web3 security and programming tutorials/tools
• What happens when you send 1 DAI
• How to Read Smart Contracts
• Bytes032 Blog
• Pentacle Security List
• list of FREE resources to make Web3 accessible to everyone.
• How to understand EVM byte code...
• Awesome Blogs & Explanation
• How to access real-time smart contract data from Python code (using Lido contract as an example)
• Wallet EIP-712 Injection Vulnerability
• Vyper: A Security Comparison with Solidity Based on Common Vulnerabilities
• Unprotected Swap() Function: A ERC777 Reentrancy Vulnerability
• Metamorphic Smart Contracts: Is EVM Code Truly Immutable?
• One more problem with ERC777
• Randomness List

• Frontend Security, Web2 vs Web3 Bugs
• Scroll Workshop Rust House
• DApp Frontend Security
• MVP for OpSec

• Web3 Security Distilled 2.0
• Crypto Jobs List - Main
• web3.smsunarto.com
• hexens.io/careers
• 2023 Global Crypto Events & Hackathons
• Check out R.xyz (link!) and apply for a closed beta (here)!
• Crypto Telegram & Discord Channels & Chats
• Jobsincrypto
• CryptoJobsList
• Jobs TG Folder
• LobsterHR
• DeveloperDAO
• LidoGrants
• GitCoin
• anonfriendly.com
• Web3grants
• hackathons.live
• hackenproof.com
• bbscope
• immunefi.com
• code4rena.com
• sherlock.xyz
• spearbit.com
• Web3SecurityDAO
• WHITE HAT DAO
• Hats.Finance
• crypto-jobs-fyi.github.io
• auditjobs.xyz
• intropia.io/hire
• solodit.xyz
• codehawks.com
• www.jobstash.xyz
• frontrunnrs.xyz
• www.jobprotocol.xyz

The best thing is to support me directly by donating to my address on Ethereum Main-net or any of the compatible networks or to any address from the list below:

• 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A — ERC20 & ETH officercia.eth
• 17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU - BTC
• 4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero/XMR
• You can also support me by minting one of my Mirror articles NFTs!

• Check out my Telegram Channel
• Follow my Twitter
• Track all my activities
• All my Socials