Let’s make web3 industry more secure!

Community

discord.svg

DeFiHackLabs

Community Whitehat (145)

Sun

Sun.jpeg

DeFi Hacks Analysis - Root Cause

English version (400 Incidents)

中文版 (Traditional Chinese)

中文版 (Simplified Chinese)

한국어 (Korean)

日本語 (Japanese)

Vietnamese version

Spanish version

DeFiVulnLabs Solidity Security Testing Guide

English version

Web3 Cybersecurity Academy

Substack

OnChain transaction debugging

Solidity smart contract security and auditing techniques

Move programming language secure development

Enhancing user asset security

Informative Tweet

[Tools] Identify a DeFi scam token

[Tools] Mev watcher & Real time threat alert

[Tools] Intro transaction debugging tools

[Course] Web3 security awareness course for users

1.Nine Common Web3 Hacks and Scams

2.Blind signing

3.[Quiz] User security awareness testing

4.Event spoofing - fake records on etherscan!

  1. Top5 crypto drainers you should know

[Course] Web3 security course for devs

1.Read-only reentrancy

2.Divide before multiply

3.Unchecked return value 4.Data location - storage vs memory

5.Unchecked external call - call injection [REF]

6.Deflationary/fee-on-transfer tokens

7.Phantom function - Permit Function

8.Empty loop

9.First deposit bug

10.Price manipulation - balanceOf

  1. ecrecover returns address(0)

12.Oracle data feed is insufficiently validated

13.Precision Loss - Rounded down to zero

14.Slippage - Incorrect deadline & slippage amount

15.abi.encodePacked() Hash Collisions

16.Struct Deletion Oversight

17.Array Deletion Oversight

18.txGasPrice manipulation

19.Return vs break

20.Incorrect use of payable.transfer() or send()

21.Unauthorized NFT Transfer in custom ERC721 implementation

22.Missing check for Self-Transfer allows funds to be lost

23.Incorrect implementation of the recoverERC20()

24.Missing flash loan initiator check

25.Unsafe downcasting

26.Incorrect sanity checks

27.Web3 DevSecOps is very important!

[中文] 大家來找碴

Resources

Github

**DeFiHackLabs:** Reproduce DeFi hacked incidents using Foundry.

**DeFiVulnLabs:** To learn common smart contract vulnerabilities using Foundry.

**DeFiLabs:** On-chain test DeFi using Foundry

**Blockchain-ctfs:** A curated list of blockchain security Capture the Flag (CTF) competitions

**Web3-Security-Library:** Information about web3 security and programming tutorials/tools

Building Secure Smart Contracts: guidelines and best practices to write secure smart contracts.

Defi-fork-bugs: Bugs in commonly forked DeFi protocols

damn-vulnerable-defi-v4-solutions: CTF writeup

SunSec HackMD

Transaction debugging tools

Phalcon | Tx.viewer | Cruise | Ethtx | New-ethtx | Tenderly

Ethereum signature database

4byte | sig.eth | etherface

Useful tools

ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | abi.ninja | miniscan | decode-calldata | calldata-decoder |abi-guesser | Codeslaw | ABI tools | ContractReader | upgradehub | cookbook | evm.storage | rollup.codes | eth-toolbox | smartsechub | evmdiff | contract-diff | abi-guesser-cli | evmole | Blockscan Multichain Explorer | Personal Security Checklist | masamune bug search | Solidity Bugs Version Database

Hacks dashboard

Slowmist | Quillaudits | Defillama | Defiyield | Rekt | Cryptosec | BlockSec | LUMOS

MEV watcher

Eigenphi | Metablock | Mevboost | Flashbots | Mevwatch

Real time threat alert

Forta | Peckshield | Beosin | Quillmonitor

DeFi scam token check

tokensniffer | Rugradar | Rugdoc | honeypot | bscheck |

detecthoneypot | defisafety | gopluslabs | Quillcheck

Cross chain - Bridge explorer

Socketscan | LayerZeroScan

Blockchain Security News letter

Web3sec.news | Blockchain Threat Intelligence | Fairyproof | Quillaudits | Secureum

Transaction debugging videos

samczsun's eth txn explorer and vscode extension

Vulnerabilities in DeFi by Daniel

Tenderly 101 Tutorial

Tenderly.co - Debug Transaction

Audit report

solodit | web3sec audit report | theauditorbook | audit-collections | audit-hero

Blockchain security darkhandbook