Quillhash/Smart-contract-Auditing-Methodology-mindmap

Stars
179
Rank 214,039 (Top 5 %)
Language
Created about 2 years ago
Updated 9 months ago

Quillhash/Smart-contract-Auditing-Methodology-mindmap

Quillhash

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

This repository contains a mindmap on smart contract auditing methodology and different steps in how to audit a smart contract.

Smart-contract-Auditing-Methodology-mindmap

PDF Version: Auditing-Methodology-Mindmap

Mindmap Link: https://xmind.works/share/LoZXVn0y

1. Information Gathering:

It involves reading Technical documentation about the project.
Understanding What project wants to deliver
Any undocumented features
Whitepaper of Projects

2. Understanding the Code:

Read the Code line by line
Understand the core logic of Contracts.
Detailed business logic review and smart contract architecture
Access control map, Fund flow map

3. Static analysis by automated tools.

Mythx
Slither
Mythril
Manticore
Manually Verify the result as these tools generate lots of false positives.

4. Test against the standard list of vulnerabilities.

5. Functional Testing:

Running unit tests provided by Auditee.
Functional Testing for various edge case scenarios.
Writing POCs for the manual findings:
1. Hardhat
2. Foundry
3. Brownie
4. Truffle
Remix Deployment [Optional]
Gas Optimizations Test Reports

6. Fuzz Testing

7. Provide Recommendations and Generating Reports

Provide Recommendations and fixes for Bugs.
Audit report preparation and Final submission.

QuillAudit_Auditor_Roadmap

This repository contains a mindmap and stepwise resource to get started with Smart Contract Auditing. If you find anything missing or want to update existing resources, feel free to create a pull request.

Solidity-Attack-Vectors

This Repository contains list of Common Solidity SmartContract Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

Web3-Security-Tools

This repository contains a list of the most popular and widely used tools in web3 security. If you find any tools missing, you can create a pull request and be a contribute the project.

QuillAudit_Reports

QuillAudits Smart Contracts, deFi, NFT, tokens,Dao , Dex and DApps Audit Reports

NFT-Attack-Vectors

This Repository contains list of Common NFT Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

DeFi-Attack-Vectors

This Repository contains list of Common DeFi threat and Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.

Zero-Knowledge-Mastery

This repository contains list of resources to aid your journey of mastering Zero Knowledge Proofs. If you find any resource missing, you can create a pull request and be a contributor of the project.

EVM-Mastery

This repository contains list of resources to aid your journey of mastering Ethereum Virtual Machine. If you find any resource missing, you can create a pull request and be a contributor of the project.

Smart-Contract-Developer-Roadmap

Here is the best roadmap for you to become a Smart Contract Developer! If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.

Quill-CTFs

Quill CTF is a game in which you hack Ethereum smart contracts to learn about security. The game is designed to educate players on how to identify and fix security issues in Ethereum smart contracts.

Real-World-Assets

This repository comprises the theoretical and technical aspects of tokenisation of real world assets.

DeFi-anti-hack-checklist

This repo contains anti-hack checklists, which will help projects to build and develop secure DeFi applications. If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.

upradeableToken

Smart contracts upgrade , delegateProxy

dNFTs

Distributed ownership of NFT assets on EOS

Blockchain-Attack-vectors

This Repository contains list of Common Blockchain threats and Attack Vectors. If you find any attack vectors missing, you call create a pull request and be a contributor of the project.

NFT-anti-hack-checklist

In this repository, we have created a checklist for developers as well as for users to prevent these hacks/scams and stay safe from these hackers/scammers. If you find anything missing or want to update existing resources, you can create a pull request and contribute to the project.

BEP20Token

binance chain BEP-20 token

Proxies-Security

This repository comprises of everything you need to know about Solidity proxies, upgradeable smart contracts and their security.

ConsensysIndiaHack

credit scores on blockchain

Crowdsale_EOS

Basic Crowdsale smart contract in EOS

MetaTransactiosn_UniversalLogins_Proxy

Blockchain better UX , onboarding Registry (Meta transactions , Universal Logins)

hyperledger-composer-supplychain

hyperledger fabric supply chain

Quill.Capital

Security Tokens Issuance Platform

forwards-checks

Forwards Contracts Trading on R3 CORDA

infiniverse-community-audit

A community audit for the Infiniverse EOS smart contracts

EOS-Crowdsale

A decentralized crowdsale smart contract built on EOS.

stellar-hyperledger-telemedicine

electronic health records on blockchain (hyperledger, stellar)

MultiInserter

Script to insert thousands of records in smart contract mapping.

quillTrace

QuillTrace , supply chain smart contracts

eosio-token

Standard EOSIO token contracts with test cases in python created using eos factory