Let’s make web3 industry more secure!
Community Whitehat (145)
Solidity smart contract security and auditing techniques
Move programming language secure development
[Tools] Identify a DeFi scam token
[Tools] Mev watcher & Real time threat alert
[Tools] Intro transaction debugging tools
[Course] Web3 security awareness course for users
1.Nine Common Web3 Hacks and Scams
3.[Quiz] User security awareness testing
4.Event spoofing - fake records on etherscan!
[Course] Web3 security course for devs
3.Unchecked return value 4.Data location - storage vs memory
5.Unchecked external call - call injection [REF]
6.Deflationary/fee-on-transfer tokens
7.Phantom function - Permit Function
10.Price manipulation - balanceOf
12.Oracle data feed is insufficiently validated
13.Precision Loss - Rounded down to zero
14.Slippage - Incorrect deadline & slippage amount
15.abi.encodePacked() Hash Collisions
20.Incorrect use of payable.transfer() or send()
21.Unauthorized NFT Transfer in custom ERC721 implementation
22.Missing check for Self-Transfer allows funds to be lost
23.Incorrect implementation of the recoverERC20()
24.Missing flash loan initiator check
27.Web3 DevSecOps is very important!
[中文] 大家來找碴
DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry.
DeFiVulnLabs: To learn common smart contract vulnerabilities using Foundry.
DeFiLabs: On-chain test DeFi using Foundry
Blockchain-ctfs: A curated list of blockchain security Capture the Flag (CTF) competitions
Web3-Security-Library: Information about web3 security and programming tutorials/tools
Building Secure Smart Contracts: guidelines and best practices to write secure smart contracts.
Defi-fork-bugs: Bugs in commonly forked DeFi protocols
Phalcon | Tx.viewer | Cruise | Ethtx | New-ethtx | Tenderly
ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | abi.ninja | miniscan | decode-calldata | calldata-decoder |abi-guesser | Codeslaw | ABI tools | ContractReader | upgradehub | cookbook | evm.storage | rollup.codes | eth-toolbox | smartsechub | evmdiff | contract-diff | abi-guesser-cli | evmole
Slowmist | Quillaudits | Defillama | Defiyield | Rekt | Cryptosec | BlockSec | LUMOS
Eigenphi | Metablock | Mevboost | Flashbots | Mevwatch
Forta | Peckshield | Beosin | Quillmonitor
tokensniffer | Rugradar | tokenscanner | Rugdoc | honeypot | bscheck |
detecthoneypot | defisafety | gopluslabs | Quillcheck