Awesome cryptocurrency security
π Curated list about cryptocurrency security. (reverse, exploit, fuzz..)
Image from this Practical ETH decompilation blog .
Tools
Porosity - Decompiler and Security Analysis tool for Blockchain-based Ethereum Smart-Contracts.
Mythril - Security analysis tool for Ethereum smart contracts.
MAIAN - Automatic tool for finding trace vulnerabilities in Ethereum smart contracts.
Echidna - Ethereum fuzz testing framework.
Manticore - Manticore uses symbolic execution to simulate complex multi-contract and multi-transaction attacks against EVM bytecode.
Ethersplay - A graphical EVM disassembler with advanced features. (Binja)
Oyente - An automatic EVM code analyzer based on symbolic execution and Z3 SMT solver.
IDA-EVM - IDA Processor Module for the Ethereum Virtual Machine.
Evmdis - EVM disassembler.
Securify - Formal Verification of Ethereum Smart Contracts.
Rattle - Rattle is an EVM static analyzer that analyzes the EVM bytecode directly for vulnerabilities.
Slither - Static analysis on Solidity.
Diligence - Security Services, Tools and Best Practices for the Ethereum Ecosystem.
fuildai - Fluid is an AI that can automatically find and fix fatal security vulnerabilities in Smart Contracts.
vs code - Solidity Visual Auditor Extension for VS Code
Blogs
muellerberndt - Practical Smart Contract Security Analysis and Exploitationβ Part 1
blackhat - Blackhat Ethereum.
solidified - Parity hack.
arvanaghi 1 - Reversing ethereum smart contracts.
arvanaghi 2 - Reversing ethereum smart contracts 2.
ret2 - Practical ETH decompilation.
loom-network - 6 vulnerabilities and how to avoid them part 1.
ETH assembly - Lets talk assembly.
radare2 - Reversing EVM bytecode with radare2.
Etherum security tools - Trailofbits Ethereum security tools.
Hackernoon - Analyzing Ethereum smart contracts for vulnerabilities.
nccgroup - Discovering Smart Contract Vulnerabilities with GOATCasino.
Arseny Reutov - Predicting Random Numbers in Ethereum Smart Contracts.
funfair - Randomness is a big deal.
Training
Ethernaut - The ethernaut is a Web3/Solidity based wargame.
GOATCasino - GOATCasino is a Truffle project which deploys a set of intentionally vulnerable smart contracts.
ctf challs SWAMPCTF
MISC
dasp - Decentralized Application Security Project (or DASP) Top 10 of 2018.
Not so smart conracts - Examples of Solidity security issues.
EVM opcodes - Ethereum opcodes and instruction reference.
mint integer overflow mint integer overflow.
Uninitialized Pointer Storage Allocation Exploits in Ethereum Smart Contracts.
Paper
Smarter - Making Smart Contracts Smarter.
Yellow Paper - Ethereum: a secure decentralised generalised transaction ledger.
Awesomes
awesome ethereum virtual machine
Jobs
@withzombies @chaignc @trailofbits