Let’s make web3 industry more secure!
Community Whitehat (145)
English version (400 Incidents)
Solidity smart contract security and auditing techniques
Move programming language secure development
[Tools] Identify a DeFi scam token
[Tools] Mev watcher & Real time threat alert
[Tools] Intro transaction debugging tools
[Course] Web3 security awareness course for users
1.Nine Common Web3 Hacks and Scams
3.[Quiz] User security awareness testing
4.Event spoofing - fake records on etherscan!
[Course] Web3 security course for devs
3.Unchecked return value 4.Data location - storage vs memory
5.Unchecked external call - call injection [REF]
6.Deflationary/fee-on-transfer tokens
7.Phantom function - Permit Function
10.Price manipulation - balanceOf
12.Oracle data feed is insufficiently validated
13.Precision Loss - Rounded down to zero
14.Slippage - Incorrect deadline & slippage amount
15.abi.encodePacked() Hash Collisions
20.Incorrect use of payable.transfer() or send()
21.Unauthorized NFT Transfer in custom ERC721 implementation
22.Missing check for Self-Transfer allows funds to be lost
23.Incorrect implementation of the recoverERC20()
24.Missing flash loan initiator check
27.Web3 DevSecOps is very important!
[中文] 大家來找碴
**DeFiHackLabs:** Reproduce DeFi hacked incidents using Foundry.
**DeFiVulnLabs:** To learn common smart contract vulnerabilities using Foundry.
**DeFiLabs:** On-chain test DeFi using Foundry
**Blockchain-ctfs:** A curated list of blockchain security Capture the Flag (CTF) competitions
**Web3-Security-Library:** Information about web3 security and programming tutorials/tools
Building Secure Smart Contracts: guidelines and best practices to write secure smart contracts.
Defi-fork-bugs: Bugs in commonly forked DeFi protocols
damn-vulnerable-defi-v4-solutions: CTF writeup
Phalcon | Tx.viewer | Cruise | Ethtx | New-ethtx | Tenderly
ABI to interface | Get ABI for unverified contracts | ETH Calldata Decoder | abi.ninja | miniscan | decode-calldata | calldata-decoder |abi-guesser | Codeslaw | ABI tools | ContractReader | upgradehub | cookbook | evm.storage | rollup.codes | eth-toolbox | smartsechub | evmdiff | contract-diff | abi-guesser-cli | evmole | Blockscan Multichain Explorer | Personal Security Checklist | masamune bug search | Solidity Bugs Version Database | evmole (view function selectors)
Slowmist | Quillaudits | Defillama | Defiyield | Rekt | Cryptosec | BlockSec | LUMOS
Eigenphi | Metablock | Mevboost | Flashbots | Mevwatch
Forta | Peckshield | Beosin | Quillmonitor
tokensniffer | Rugradar | Rugdoc | honeypot | bscheck |
detecthoneypot | defisafety | gopluslabs | Quillcheck
Web3sec.news | Blockchain Threat Intelligence | Fairyproof | Quillaudits | Secureum
samczsun's eth txn explorer and vscode extension
Vulnerabilities in DeFi by Daniel
Tenderly.co - Debug Transaction
solodit | web3sec audit report | theauditorbook | audit-collections | audit-hero