https://github.com/crytic/awesome-ethereum-security

A curated list of awesome Ethereum security references

https://github.com/crytic/awesome-ethereum-security

Science Score: 13.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (4.1%) to scientific vocabulary

Keywords

ethereum evm security solidity
Last synced: 5 months ago · JSON representation

Repository

A curated list of awesome Ethereum security references

Basic Info
  • Host: GitHub
  • Owner: crytic
  • License: cc-by-4.0
  • Default Branch: master
  • Homepage:
  • Size: 36.1 KB
Statistics
  • Stars: 1,402
  • Watchers: 38
  • Forks: 202
  • Open Issues: 24
  • Releases: 0
Topics
ethereum evm security solidity
Created over 7 years ago · Last pushed over 1 year ago
Metadata Files
Readme Contributing License

README.md

Awesome Ethereum Security PRs Welcome

A curated list of awesome Ethereum security references, guidance, tools, and more.

Join Trail of Bits for a free Ethereum Office Hours session by reserving a slot on Calendly. An engineer from Trail of Bits will assist you in applying advanced security (tools)[#tools] and practices to your smart contract code.

Contents

Learning

Security references

Insecurity references

Capture the Flag and Wargames

Writeups

Coordinated disclosure

Blogs

  • Hacking Distributed - Emin Gün Sirer, professor in Cornell Tech’s IC3 lab focused on blockchain security.
  • Phil Does Security - Phil Daian, grad student behind KEVM, Hydra, and other Ethereum academic projects
  • Trail of Bits - Cybersecurity R&D firm with a blockchain security practice
  • Martin Holst Swende - Martin Swende, programmer and appsec consultant
  • SmartDec blog - Company blog about security issues and practices within blockchain ecosystem

Notable blog posts

Conference talks

| Title | Conference | Year | | --- | --- | --- | | Predicting Random Numbers in Ethereum Smart Contracts | OWASP AppSec | 2018 | | Blockchain Autopsies - Analyzing Smart Contract Deaths | Blackhat USA | 2018 | | Rattle - an EVM binary analysis framework | reCON | 2018 | | Blackhat Ethereum | CanSecWest | 2018 | | Smashing Ethereum Smart Contracts for Fun and Profit | HITB Amsterdam | 2018 | | Automatic Bug Finding for the Blockchain | EkoParty | 2017 |

Podcasts and Episodes

Podcasts

Episodes

Tools

Visualization

  • ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
  • Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
  • Solgraph - Generates DOT graphs with function control flow of a solidity contract
  • Surya - Generates various visual outputs of function call graphs
  • sol-function-profiler - Solidity contract function profiler

Linters

  • Remix - Browser-based Solidity IDE with linting features
  • SmarrtCheck - A linter for Solidity and Vyper that checks code for security issues and bad practices.
  • Solhint - Linter for both security and style-guide validations. It strictly adheres to the Solidity Style Guide.
  • Solium - Linter for both security and style-guide validations. Does not strictly adhere to the Solidity Style Guide.

Bug finding tools

  • Echidna - Fuzzer for Ethereum smart contracts. Uses property testing to generate malicious inputs that break smart contracts.
  • Manticore - Symbolic execution tool for Ethereum smart contracts that includes detectors for common security flaws
  • Mythril OSS - Open-source security analysis tool for Ethereum smart contracts built around detector modules
  • Securify - Static analysis tool from ChainSecurity
  • Slither - Static analysis framework, written in Python, with detectors for many common Solidity issues

Verification tools

  • KEVM - K Semantics of the Ethereum Virtual Machine (EVM)
  • Manticore - Symbolic execution tool for EVM

Reversing tools

  • abi-decompiler - EVM reverse engineering helper utility
  • ethereum-dasm - EVM disassembler with static and dynamic analysis abilities, including function signature lookup
  • Ethersplay - Visual disassembler for EVM bytecode built on Binary Ninja
  • evmlab - Utilities for interacting with the Ethereum virtual machine
  • IDA-EVM - IDA plugin to view EVM instructions
  • Panoramix
  • pyevmasm - EVM assembler and disassembler with a CLI and a Python API
  • Rattle - EVM binary static analysis framework. Produces SSA representations of EVM code.

Custody

  • Subzero - Subzero is an HSM-backed method for cold storage of Bitcoin developed by Square

Communities

Other Awesome Lists

Contributing

We welcome contributions that help curate this awesome list. Please refer to the contributing guidelines when submitting PRs. Thanks!

Owner

  • Name: Crytic
  • Login: crytic
  • Kind: organization
  • Email: opensource@trailofbits.com
  • Location: New York, NY

Blockchain Security, by @trailofbits

GitHub Events

Total
  • Watch event: 80
  • Issue comment event: 1
  • Pull request event: 1
  • Fork event: 9
Last Year
  • Watch event: 80
  • Issue comment event: 1
  • Pull request event: 1
  • Fork event: 9

Committers

Last synced: 9 months ago

All Time
  • Total Commits: 27
  • Total Committers: 4
  • Avg Commits per committer: 6.75
  • Development Distribution Score (DDS): 0.111
Past Year
  • Commits: 0
  • Committers: 0
  • Avg Commits per committer: 0.0
  • Development Distribution Score (DDS): 0.0
Top Committers
Name Email Commits
Dan Guido d****n@t****m 24
Valerie Kim 4****a 1
Bernhard Mueller b****r 1
Arseny Reutov me@r****e 1
Committer Domains (Top 20 + Academic)

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 4
  • Total pull requests: 25
  • Average time to close issues: N/A
  • Average time to close pull requests: 4 months
  • Total issue authors: 4
  • Total pull request authors: 25
  • Average comments per issue: 0.25
  • Average comments per pull request: 1.4
  • Merged pull requests: 3
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 1
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Top Authors
Issue Authors
  • dguido (1)
  • johnsaigle (1)
  • nbanmp (1)
  • muellerberndt (1)
Pull Request Authors
  • yevh (2)
  • rpavlovs (1)
  • mike-myers-tob (1)
  • oldsj (1)
  • PaulRBerg (1)
  • jackerleon (1)
  • yfalcone (1)
  • muellerberndt (1)
  • computerality (1)
  • vvkio (1)
  • kimushkaa (1)
  • ttiinn (1)
  • Enigmatic331 (1)
  • iraamaro (1)
  • dddejan (1)
Top Labels
Issue Labels
Pull Request Labels