https://github.com/crytic/building-secure-contracts
Guidelines and training material to write secure smart contracts
Science Score: 26.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Committers with academic emails
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (9.1%) to scientific vocabulary
Keywords from Contributors
solidity
academic-papers
conference-presentations
security-reviews
static-analysis
vyper
vulnerability-detection
symbolic-execution
differential-testing
ganache
Last synced: 9 months ago
·
JSON representation
Repository
Guidelines and training material to write secure smart contracts
Basic Info
- Host: GitHub
- Owner: crytic
- License: agpl-3.0
- Language: Solidity
- Default Branch: master
- Homepage: https://secure-contracts.com/
- Size: 6.47 MB
Statistics
- Stars: 2,390
- Watchers: 34
- Forks: 369
- Open Issues: 55
- Releases: 3
Created over 6 years ago
· Last pushed 10 months ago
Metadata Files
Readme
Contributing
License
Codeowners
README.md
Building Secure Smart Contracts
Brought to you by Trail of Bits, this repository offers guidelines and best practices for developing secure smart contracts. Contributions are welcome, you can contribute by following our contributing guidelines.
Table of Contents:
- Development Guidelines
- Code Maturity: Criteria for developers and security engineers to use when evaluating a codebase’s maturity
- High-Level Best Practices: Best practices for all smart contracts
- Incident Response Recommendations: Guidelines for creating an incident response plan
- Secure Development Workflow: A high-level process to follow during code development
- Token Integration Checklist: What to check when interacting with arbitrary tokens
- Learn EVM: Technical knowledge about the EVM
- EVM Opcodes: Information on all EVM opcodes
- Transaction Tracing: Helper scripts and guidance for generating and navigating transaction traces
- Arithmetic Checks: A guide to performing arithmetic checks in the EVM
- Yellow Paper Guidance: Symbol reference for easier reading of the Ethereum yellow paper
- Forks <> EIPs: Summaries of the EIPs included in each Ethereum fork
- Forks <> CIPs: Summaries of the CIPs and EIPs included in each Celo fork (EVM-compatible chain)
- Upgrades <> TIPs: Summaries of the TIPs included in each TRON upgrade (EVM-compatible chain)
- Forks <> BEPs: Summaries of the BEPs included in each BSC fork (EVM-compatible chain)
- Not So Smart Contracts: Examples of common smart contract issues, complete with descriptions, examples, and recommendations
- Program Analysis: Using automated tools to secure contracts
- Echidna: A fuzzer that checks your contract's properties
- Medusa: A next-gen fuzzer that checks your contract's properties
- Slither: A static analyzer with both CLI and scriptable interfaces
- Manticore: A symbolic execution engine that proves the correctness of properties
- For each tool, this training material provides:
- A theoretical introduction, an API walkthrough, and a set of exercises
- Exercises that take approximately two hours to gain practical understanding
- Resources: Assorted online resources
- Trail of Bits Blog Posts: A list of blockchain-related blog posts created by Trail of Bits
License
secure-contracts and building-secure-contracts are licensed and distributed under the AGPLv3 license. Contact us if you're looking for an exception to the terms.
Owner
- Name: Crytic
- Login: crytic
- Kind: organization
- Email: opensource@trailofbits.com
- Location: New York, NY
- Website: https://www.trailofbits.com/
- Repositories: 66
- Profile: https://github.com/crytic
Blockchain Security, by @trailofbits
GitHub Events
Total
- Create event: 24
- Issues event: 2
- Watch event: 181
- Delete event: 49
- Member event: 1
- Issue comment event: 11
- Push event: 49
- Pull request review comment event: 2
- Pull request review event: 10
- Pull request event: 64
- Fork event: 30
Last Year
- Create event: 24
- Issues event: 2
- Watch event: 181
- Delete event: 49
- Member event: 1
- Issue comment event: 11
- Push event: 49
- Pull request review comment event: 2
- Pull request review event: 10
- Pull request event: 64
- Fork event: 30
Committers
Last synced: about 1 year ago
Top Committers
| Name | Commits | |
|---|---|---|
| Gustavo Grieco | 3****b | 146 |
| Feist Josselin | j****n@t****m | 143 |
| 0xphaze | 0****e@g****m | 74 |
| suryansh-tob | 1****b | 46 |
| Emilio López | e****z@t****m | 27 |
| Dan Guido | d****n@t****m | 21 |
| tuturu-tech | e****j@t****m | 13 |
| Guillermo Larregay | g****y@t****m | 11 |
| Kamil Chmielewski | 4****l | 10 |
| technovision99 | 2****9 | 10 |
| damilola edwards | d****s@g****m | 10 |
| bohendo | b****o@s****m | 10 |
| Alex Groce | a****e@g****m | 9 |
| Anish Naik | a****k@t****m | 8 |
| dependabot[bot] | 4****] | 8 |
| Nat Chin | n****n@t****m | 7 |
| Maciej Domanski | 3****s | 7 |
| Michael Colburn | m****n@t****m | 5 |
| Vara Prasad Bandaru | v****u@t****m | 5 |
| Tarun Bansal | t****m@g****m | 5 |
| Ronald Eytchison | r****n@t****m | 5 |
| Chris Dahlheimer | c****r@t****m | 5 |
| Anders Helsing | 7****1 | 4 |
| Samuel E. Moelius III | s****s@t****m | 4 |
| alpharush | 0****h@p****m | 4 |
| Paweł Płatek | e****5@g****m | 3 |
| Lucas_M | 4****4@q****m | 3 |
| Ardis Lu | a****u@g****m | 3 |
| hwomackToB | 1****B | 3 |
| nisedo | 7****o | 3 |
| and 35 more... | ||
Committer Domains (Top 20 + Academic)
trailofbits.com: 16
mattsolomon.dev: 1
bitgo.com: 1
rappie.com: 1
samalws.com: 1
op.pl: 1
paulrberg.com: 1
qq.com: 1
skiff.com: 1
Issues and Pull Requests
Last synced: 10 months ago
All Time
- Total issues: 40
- Total pull requests: 184
- Average time to close issues: over 1 year
- Average time to close pull requests: 4 months
- Total issue authors: 13
- Total pull request authors: 41
- Average comments per issue: 1.0
- Average comments per pull request: 0.62
- Merged pull requests: 120
- Bot issues: 0
- Bot pull requests: 11
Past Year
- Issues: 3
- Pull requests: 56
- Average time to close issues: about 5 hours
- Average time to close pull requests: 8 days
- Issue authors: 3
- Pull request authors: 13
- Average comments per issue: 0.33
- Average comments per pull request: 0.14
- Merged pull requests: 39
- Bot issues: 0
- Bot pull requests: 5
Top Authors
Issue Authors
- montyly (23)
- ggrieco-tob (5)
- dguido (2)
- tjuwhy (1)
- mingbaile (1)
- Strapontin (1)
- Silur (1)
- Jaime-Iglesias (1)
- marceljay (1)
- kevinjanada (1)
- RayXpub (1)
- chista0x (1)
- quan-tob (1)
Pull Request Authors
- montyly (40)
- ggrieco-tob (39)
- dependabot[bot] (11)
- 0xPhaze (11)
- elopez (11)
- anishnaik (8)
- broccolirob (7)
- damilolaedwards (6)
- nisedo (5)
- technovision99 (4)
- MK-BG (3)
- tarunbhm (2)
- laterlaugh (2)
- sambacha (2)
- ardislu (2)
Top Labels
Issue Labels
Echidna (6)
Manticore (5)
help wanted (5)
documentation (4)
Intermediate level (3)
New exercise (2)
question (2)
Slither (2)
high priority (2)
enhancement (1)
good first issue (1)
Pull Request Labels
dependencies (11)
github_actions (11)
Echidna (3)
documentation (2)
New exercise (2)
Dependencies
.github/workflows/check_links.yml
actions
- actions/checkout master composite
- gaurav-nelson/github-action-markdown-link-check v1 composite
.github/workflows/ci.yml
actions
- actions/checkout v3 composite
- actions/setup-python v4 composite
.github/workflows/deploy.yml
actions
- actions/checkout v3 composite
- actions/deploy-pages v1 composite
- actions/upload-pages-artifact v1 composite
.github/workflows/echidna.yml
actions
- actions/checkout v3 composite
- actions/setup-node v3 composite
- crytic/echidna-action v2 composite