Welcome to the Web3 Security Resources Hub! This repository is your one-stop destination for all things related to Web3 security. Whether you're a beginner looking to dive into smart contract auditing, a developer seeking best practices, or a security enthusiast wanting to stay updated with the latest trends and vulnerabilities, you'll find valuable resources here.
- π Roadmaps & Learning Paths
- π Audit Company Analysis
- π Smart Contract Programming Best Practices
- π Audit Reports
- π° Blogs, News & Newsletters
- π Formal Verification Tools
- β Security Checklists
- π§° Security Tools & Frameworks
- π CTFs & Challenges
- π₯ Exploit Repositories
- πΈ DeFi Security
- π Zero-Knowledge Proofs (ZKPs)
- π Proxy Security
- π Vulnerabilities & Attack Vectors
- π§βπ» Developer Resources
- π Job Boards
- π Academic Papers
- π¨βπ» Sway Language Security Audit
- π‘ Contribution
- π« Contact
Here are some standout resources to get you started:
-
Mastering Ethereum Book on GitHub
-
Web3 Security Libraries
-
Smart Contract Exploits & Analysis
A structured approach to mastering Web3 security.
- Simplified Roadmap for Blockchain Security
- Quillhash Auditor Roadmap
- RazzorSec Auditor's Roadmap
- Complete Roadmap to Smart Contract Auditing in 2022
- How to Become a Smart Contract Auditor
- Awesome Web3 Security
- Smart Contract Auditor Coggle Diagram
- Ethereum Security Road Map
- Blockchain Security Guide
- Knowledge Sharing - Blockchain Security
- Awesome Smart Contract Security
- SlowMist Learning Roadmap for Auditors
- Smart Contract Resources
- Blockchain Security Library
- Blockchain Best Developer Roadmap
- Full Solidity Course by Patrick
Insights and analyses of various audit companies in the Web3 space.
Guidelines and patterns to write secure smart contracts.
Comprehensive audit reports from leading security firms.
- Spearbit
- ConsenSys Diligence
- Quill Audits
- Comprehensive Audit Lists
Stay updated with the latest trends, vulnerabilities, analyses, and curated newsletters in Web3 security.
-
Blogs & News
-
Newsletters
Tools and resources for formally verifying smart contracts to ensure their correctness and security.
- Awesome Web3 Formal Verification
- Zellic on Formal Verification
- Invariant Testing in Solidity
- Cyfrin on Formal Verification & Symbolic Execution
- Quill Audits on Testing and Formal Verification
- Verified Smart Contracts by Runtime Verification
Essential checklists to ensure comprehensive security audits and best practices.
- Smart Contract Security Checklist
- The Ultimate 100-Point Checklist
- Web3 Security Checklist on LinkedIn
- Decurity Audit Checklists
- Audit Crew's Audit Hero
- Cryptofinlabs Audit Checklist
- OpenZeppelin Audit Readiness Guide
- Spearbit Bridge Security Checklist
- 0xPrinc Checks While Hacks
- SCV List
- TechnoGeek01 Solidity Gas Optimizations
- ERC-4337 Security Checklist
- Web3Sec Smart Contract Audit Checklist
A collection of tools and frameworks to aid in Web3 security assessments and audits.
- Web3 Security Tools by Quillhash
- SmartBugs Automated Framework
- Smart Contract Auditor Tools & Techniques
- AuditBase (Paid)
- Ackee-Blockchain Tests IPO
- C4udit Smart Contract Vulnerability Scanner
- Regast Public
- Foundry Cheatsheet
- Solidity Memory Optimization
- Solidity-Attack-Vectors by Quillhash
- Transmissions11 Solcurity
- Smart Contract Security Verification Standard (SCSVS)
- Simple Security Toolkit by NascentXYZ
- Web3Sec Security Tools Collection
Engage in Capture The Flag (CTF) competitions and challenges to sharpen your Web3 security skills.
- Ethernaut All CTF Challenges in One Video
- BlockThreat CTF Collection
- MinaMao CTF Blockchain Challenges
- Paradigm CTF Write-Ups
- Capture The Ether
- StarkNet Challenges
- Code4rena & Sherlock CTF Reports
- CTF Dragonfly
- NodeGuardians CTF
- Solidity Riddles
- HackMD CTF Solutions
- My CTF Challenges
Learn from past exploits and understand how vulnerabilities are exploited in real-world scenarios.
- Smart Contract Exploits Minimized
- Serial Coder's Solidity Security by Example
- Rohan's Web3 Security
- Immunefi Bug Bounty Writeups
- DeFi Hack Labs by SunWeb3Sec
- All Things Reentrancy
- Solidity Security by Serial Coder
Resources focused on the security aspects of Decentralized Finance (DeFi).
- Path - The Ultimate Guide to DeFi Hacking
- Deep Dive into DeFi
- DefiSecurity Best Practices
- Defi MOOC
- Defi Vunerable Labs by SunWeb3Sec
- Top 10 DeFi Security Practices by Arunim Shukla
- Lending & Borrowing DeFi Platforms Vulnerabilities
- TokenInsight DeFi Market Analysis
Explore the intricacies and security aspects of Zero-Knowledge Proofs in Web3.
- Awesome ZK by Ventali
- ZK Bug Tracker by 0xPARC
- Common ZK Vulnerabilities
- ZKM Newsletter August 2023
- ZK Weekly Resources by Nirlin
- Demystifying ZKPs with Porter Adams
- ZK Security Reviews
- Learn ZK by 0xPARC
- ZK Sync YouTube Playlist
- ZK Crypto Library Bugs
- Common Bugs & Attacks Using ZKP
Guidelines to secure proxy contracts in smart contract development.
Understand common vulnerabilities and attack vectors in smart contracts and blockchain systems.
- Smart Contract Attack Vectors by Quillhash
- SigmaPrime Solidity Security Blog
- Runtime Verification's Vulnerabilities List
- YAcademy Common Web3 Security Issues
- Harendra Shakya's Attack Vectors
- Abarbatei's Attack Vectors on Twitter
- Algorithm for Vulnerable Pattern Detection
- Audit Hero - Bug Search
- Vulnerable Smart Contract Patterns Registry
- Public Registry of Known Bugs & Attacks
- Top 10 Hacking Techniques of 2022
- List of Known Solidity Compiler Bugs
- Smart Contract Security Best Practices
- Code4rena Report Categorized
Essential tools and libraries for Web3 developers focusing on security.
- YUL by Example
- Solidity in Foundry
- Foundry YUL Puzzles
- Solidity Notes by Chinmay Farkya
- EVM Playground
- EVM Learning Resources
- Awesome EVM Security
- EVM Book by 0xKitsune
- Awesome Ethereum Virtual Machine
- Blockchain Development Resources
- EVM Mastery by Quillhash
- Learn Cairo Language
- WTF Cairo
- Foundry Cheatsheet
- Ethereum Technical Specification
Find the latest job opportunities in Web3 security.
Research papers and academic resources on smart contract security and blockchain vulnerabilities.
- Top-10 Vulnerabilities in Substrate-based Blockchains
- Rust Security Research Paper
- Academic Smart Contract Papers Collection
- MEV Conundrum Research
- Smart Contract Attack Vector Detection
The Sway language is a domain-specific language for the Fuel network. It is built to ensure smart contract security, and here are some key resources for learning and mastering Sway from a security auditing perspective.
-
Introduction to Sway Language Security Audit β An in-depth introduction to the security audits of Sway language in the Fuel ecosystem.
-
Mastering Sway Analyzer β An essential guide to using the Sway Analyzer to enhance smart contract security.
-
Sway Standards - Security Information (SRC-11) β Official documentation on security standards for Sway language in Fuel Network.
-
Top 5 Bugs from the Fuel Attackathon β A breakdown of the most significant security bugs discovered during the ImmuneFi Fuel Attackathon, providing insights into potential vulnerabilities in Sway-based projects.
We welcome contributions from the community! If you have valuable resources to add or improvements to suggest, feel free to raise a Pull Request (PR).
- Fork the repository.
- Create a new branch (
git checkout -b feature/YourFeature). - Commit your changes (
git commit -m 'Add some feature'). - Push to the branch (
git push origin feature/YourFeature). - Open a Pull Request.
Feel free to reach out with any questions or suggestions!
- Twitter: Raiders
- LinkedIn: Chirag Agrawal
- Schedule a 1on1 Mentorship Session: Book a Time
Thank you for visiting the Web3 Security Resources Hub! Happy learning and secure coding! π‘οΈβ¨
This repository is maintained by Raiders. If you find any broken links or have suggestions for improvement, please let us know!